Author Topic: Post-Download vastPro & Undetected Infections  (Read 2969 times)

0 Members and 1 Guest are viewing this topic.

Offline wisesaver

  • Newbie
  • *
  • Posts: 1
Post-Download vastPro & Undetected Infections
« on: September 25, 2009, 05:35:00 PM »
Hi AlWill Software.
I have been fixing people's computers on the side for free and wanted to set up a computer lab at an area resthome and have used avast for all this being impressed with the free results of the software. Recently I decided to place a 3-yr paid copy on my business computer thinking the protection was better than McAfee or Norton paid versions.
BUT a recent repair of an infected computer migrated to my network/ external desktop HDD has caused some problems with Internet Connection Sharing service on the winxp o/s and so I checked the computer with a full scan followed by a boot up scan which it reported as below this chat.
But I was still getting errors and my computer and external shared HDD was not sharing >:(.
So I went to pandasecurity.com's active scan after only 22% of the computer deep scanning has found 31 infections and 4 suspcious files. I will expose in the appropriate form all the infections to improve the product, but I am a bit disappointed after my slow approach to try Avast Pro 4.8.
I also use asquared-free for malware. Please advise me if I not running it like it should be run. I was surprised to see no default was set for a least a weekly deep scan.
Thanks for proving the free version of Avast. It works great!
Sincerely,
CPL

Errors AVastPro found:

File F:\DATA-STORED-Old-Comp\HPComp-Drv-C--Restore\HPcompac-Reloads\ATT_SST_Installer.exe\[Embedded_R#0001280]\%TEMP%\WebInstaller\\libeay32_1-1-0_DDR.dll Error 42146 {Installer archive is corrupted.}

File F:\DATA-STORED-Old-Comp\HPComp-drv-D--GLOR-DATA-backup\All Downloads\fath-love-letter\Fathers_Love_Letter_eng_video.zip\Fathers_Love_Letter.mp4 Error 42125 {ZIP archive is corrupted.}
File F:\DATA-STORED-Old-Comp\HPComp-drv-D--GLOR-DATA-backup\All Downloads\typing software\kp-type-ty.zip\game.exe Error 42125 {ZIP archive is corrupted.}
File F:\DATA-STORED-Old-Comp\HPComp-drv-D--GLOR-DATA-backup\All Downloads\WordPerfect-Updates\cd_1999\corel\setup\RegisterDll.EXE\%CURR_TLX_DEST%\regdll.WS4 Error 42146 {Installer archive is corrupted.}
File F:\DATA-STORED-Old-Comp\ntx-800-c\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1171486619jtun_sav10ennful25.m25\ESRDEF.BIN Error 42125 {ZIP archive is corrupted.}
File F:\DATA-STORED-Old-Comp\ntx-800-c\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1171572495jtun_sav10enncur25.m25\ESRDEF.999 Error 42125 {ZIP archive is corrupted.}
File F:\DATA-STORED-Old-Comp\ntx-800-c\PM805-arch\ESPANOL\BTMAGIC\SETUP\DOCUSER.CAB\PM8.PDF Error 42127 {CAB archive is corrupted.}
File F:\DATA-STORED-Old-Comp\ntx-800-c\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1569e1aaeddac1f1e503ffffd2a11114\BITF.tmp\ieapfltr.dll Error 42127 {CAB archive is corrupted.}
File F:\DATA-STORED-Old-Comp\ntx-800-d Drive D\~theexcellent\GAMES\arcade\mame32\roms\supbtime.zip\gc05.bin Error 42125 {ZIP archive is corrupted.}
File F:\DATA-STORED-Old-Comp\ntx733-d\Download\palm\bible4clie-poon\BibleConverter.1.0.release.4.zip\readme.txt Error 42125 {ZIP archive is corrupted.}
File F:\DATA-STORED-Old-Comp\ntx733-d\Program Files\Bible\install_olbupdate02.exe\COMMON.801 Error 42125 {ZIP archive is corrupted.}
File F:\Dav-ED Computer Repairs\Downloaded-Progs\Linux\linux-sources\g4u-unix-imitation-software\ghost-image4unix-2.3.iso.zip\g4u-2.3.iso Error 42125 {ZIP archive is corrupted.}
File F:\Dav-ED Computer Repairs\Downloaded-Progs\win98se-updates and media player\win98-SE\cdsample\sampler.exe\%SYS32%\CTL3D32.DLL Error 42146 {Installer archive is corrupted.}
File F:\Dav-ED Computer Repairs\Downloaded-Progs\win98se-updates and media player\win98-SE\cdsample\sampler.exe\%SYS%\STDOLE2.TLB Error 42146 {Installer archive is corrupted.}
File F:\Dav-ED Computer Repairs\Downloaded-Progs\win98se-updates and media player\win98-SE\cdsample\sampler.exe\%SYS%\FXLBL432.OCX Error 42146 {Installer archive is corrupted.}
File F:\Dav-ED Computer Repairs\Downloaded-Progs\win98se-updates and media player\win98-SE\cdsample\sampler.exe\%SYS%\FXVID432.OCX Error 42146 {Installer archive is corrupted.}
File F:\Dav-ED Computer Repairs\Downloaded-Progs\win98se-updates and media player\win98-SE\cdsample\sampler.exe\%SYS%\PICCLP32.OCX Error 42146 {Installer archive is corrupted.}
File F:\Dav-ED Computer Repairs\Info on Computers We've Setup\ksmith-computer-files\BrPat Things\Music N Videos\fath-love-letter\Fathers_Love_Letter_eng_video.zip\Fathers_Love_Letter.mp4 Error 42125 {ZIP archive is corrupted.}
File F:\Dav-ED Computer Repairs\media-n-codecs\VLCfree_8676.exe\resource.0000.pkg\ydetect-browser.exe Error 42125 {ZIP archive is corrupted.}
File F:\Dav-ED Computer Repairs\media-n-codecs\VLCfree_8676.exe\resource.0000.pkg\rkverify.exe Error 42125 {ZIP archive is corrupted.}
File F:\Dav-ED Computer Repairs\media-n-codecs\VLCfree_8676.exe\resource.0000.pkg\biglogo_embossed.ico Error 42125 {ZIP archive is corrupted.}
File F:\Dav-ED Computer Repairs\media-n-codecs\VLCfree_8676.exe\resource.0000.pkg\wzcsapi.dll Error 42125 {ZIP archive is corrupted.}
File F:\Dav-ED Computer Repairs\media-n-codecs\VLCfree_8676.exe\resource.0000.pkg\require_directx6.dat Error 42125 {ZIP archive is corrupted.}
File F:\Dav-ED Computer Repairs\media-n-codecs\VLCfree_8676.exe\resource.0000.pkg\trio_dxtest6.dat Error 42125 {ZIP archive is corrupted.}
File F:\Dav-ED Computer Repairs\media-n-codecs\VLCfree_8676.exe\resource.0000.pkg\dxtest.exe Error 42125 {ZIP archive is corrupted.}
File F:\Dav-ED Computer Repairs\media-n-codecs\VLCfree_8676.exe\resource.0000.pkg\require_directx9.dat Error 42125 {ZIP archive is corrupted.}
File F:\Dav-ED Computer Repairs\media-n-codecs\VLCfree_8676.exe\resource.0000.pkg\trio_dxtest9.dat Error 42125 {ZIP archive is corrupted.}
File F:\Dav-ED Computer Repairs\media-n-codecs\VLCfree_8676.exe\resource.0000.pkg\dxtest90.exe Error 42125 {ZIP archive is corrupted.}
File F:\Dav-ED Computer Repairs\media-n-codecs\VLCfree_8676.exe\resource.0000.pkg\require_winxp.dat Error 42125 {ZIP archive is corrupted.}
File F:\GCCS-BACKUP\full-tar-gz-backup\[private-editing]\boxtrapper\queue\1LnuCSpSkTSp4BbEPTPM1PvOZiGhwKrS.msg\UPS_NNR01.zip#954506190\UPS_NNR01.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File F:\GCCS-BACKUP\full-tar-gz-backup\full-backup-5[private-editing]\boxtrapper\queue\Tqd9cpqoyAvDaTqxAgoUw80Tw6YEgRcG.msg\UPS_NNR01.zip#954506190\UPS_NNR01.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File F:\GCCS-BACKUP\home-dir\backup-glo[private-editing]boxtrapper\queue\1LnuCSpSkTSp4BbEPTPM1PvOZiGhwKrS.msg\UPS_NNR01.zip#954506190\UPS_NNR01.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File F:\GCCS-BACKUP\home-dir\backup-g[private-editing]boxtrapper\queue\Tqd9cpqoyAvDaTqxAgoUw80Tw6YEgRcG.msg\UPS_NNR01.zip#954506190\UPS_NNR01.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
Number of searched folders: 35948
Number of tested files: 2121638
Number of infected files: 4

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 83574
  • No support PMs thanks
Re: Post-Download vastPro & Undetected Infections
« Reply #1 on: September 25, 2009, 05:57:40 PM »
What would be more appropriate is what Panda found, file name, location and malware name, as without that information no one can really comment.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner, by using a multi-engined scanner you are confirming the detection one way or another.

- Corrupted Archive file, this could simply mean that avast is unable to unpack it to scan the contents of the archive and assuming it is because it is corrupt. Even if it were corrupt there is nothing that a user can do to resolve any corruption, short of replacing the file. This I wouldn't recommend (especially if this is for archives in the \System Volume Information folder, part of the system restore function) unless you are getting problems relating to that file outside of the avast scan.

Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.

With resident protection the need for an on-demand scan is lessened IMHO.
Thorough is also by its design very thorough (it scans all files) and perhaps a little overkill for routine use, were a Standard scan without archives should be adequate. Archive (zip, rar, etc.) files are by their nature are inert, you need to extract the files and then you have to run them to be a threat. Long before that happens avast's Standard Shield should have scanned them and before an executable is run that is scanned.

I have only ever done a Through Scan with Archives once shortly after installation just to ensure a clean start state, but with XP for example avast will do a boot-time scan after installation if you select it, this I believe will be quicker and reasonably effective. Like everything in life things are a compromise.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline deepseathomas

  • Newbie
  • *
  • Posts: 1
Error 42125
« Reply #2 on: December 06, 2009, 07:45:22 AM »
I have found that when I ran avast, The error was in the temp internet file. I ran ccCleaner and it fixed it along with other junk that i had picked up as well. Thought I would respond to the post, it was very good. thomas















What would be more appropriate is what Panda found, file name, location and malware name, as without that information no one can really comment.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner, by using a multi-engined scanner you are confirming the detection one way or another.

- Corrupted Archive file, this could simply mean that avast is unable to unpack it to scan the contents of the archive and assuming it is because it is corrupt. Even if it were corrupt there is nothing that a user can do to resolve any corruption, short of replacing the file. This I wouldn't recommend (especially if this is for archives in the \System Volume Information folder, part of the system restore function) unless you are getting problems relating to that file outside of the avast scan.

Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.

With resident protection the need for an on-demand scan is lessened IMHO.
Thorough is also by its design very thorough (it scans all files) and perhaps a little overkill for routine use, were a Standard scan without archives should be adequate. Archive (zip, rar, etc.) files are by their nature are inert, you need to extract the files and then you have to run them to be a threat. Long before that happens avast's Standard Shield should have scanned them and before an executable is run that is scanned.

I have only ever done a Through Scan with Archives once shortly after installation just to ensure a clean start state, but with XP for example avast will do a boot-time scan after installation if you select it, this I believe will be quicker and reasonably effective. Like everything in life things are a compromise.