Author Topic: Antivirus Pro 2010 not detected by Avast Home  (Read 51784 times)

0 Members and 1 Guest are viewing this topic.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #15 on: October 09, 2009, 11:10:36 AM »
1) These malware files are changed every few hours so nothing can detect them- I've sent samples to VirusTotal and seen zero detection, so it's not just avast.

2) The only reason you're getting infected is because you have insecure and out of date software installed, allowing a drive-by download.

Use Secunia Software Inspector to check and update everything that needs updating.

     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

YoKenny

  • Guest
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #16 on: October 09, 2009, 11:18:45 AM »
@FreewheelinFrank
I agree.

http://secunia.com/vulnerability_scanning/online

I run Secunia Personal Software Inspector (PSI) on my systems:
http://secunia.com/vulnerability_scanning/personal

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #17 on: October 09, 2009, 01:46:22 PM »
Hi YoKenny,

We here all know this. Indeed the malware is upgraded every time so it can get undetected under the radar of av and anti malware scanners. There are a couple of measures that can protect against these infections and they are all mentioned somewhere in this thread. Always keep your OS fully upgraded and fully patched, same with third party software and browser extensions (Secunia PSI), furthermore do not use full admin rights on your account when you are online except for the circumstances you cannot do without these (downloading critical updates for instance), use a more secure browser like Firefox with NoScript, Request Policy and CSP, use a good and valid malware blocklist (anti spyware blocking program), use programs that alert against malicious actions on the machine like Threatfire and RUBotted, have several on demand anti rootkit tools aboard (the newer rogue av tools have rootkit technology), use a program like Freefixer to check on unwanted toolbars, BHO, startups, CLSIDs etc. Use a decent two-way firewall, check connections and mem consuming processes with WWDC, use a combination of browser URL-checkers to check website link reputation - NoScript is full proof protection if active on the site, one has the additional protection of the avast shields, cleanse cookies and Super Cookies, block third party request on a website through Request Policy, check your log files and connection reports, do not click anything that cannot be trusted, and one could have a reasonable safe and secure Internet experience,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #18 on: October 09, 2009, 06:34:54 PM »
To date I have seen just about every AV allow one variant or the other of this through, no AV is perfect.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user

Meteora

  • Guest
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #20 on: October 09, 2009, 07:31:07 PM »
Hi YoKenny,

We here all know this. Indeed the malware is upgraded every time so it can get undetected under the radar of av and anti malware scanners. There are a couple of measures that can protect against these infections and they are all mentioned somewhere in this thread. Always keep your OS fully upgraded and fully patched, same with third party software and browser extensions (Secunia PSI), furthermore do not use full admin rights on your account when you are online except for the circumstances you cannot do without these (downloading critical updates for instance), use a more secure browser like Firefox with NoScript, Request Policy and CSP, use a good and valid malware blocklist (anti spyware blocking program), use programs that alert against malicious actions on the machine like Threatfire and RUBotted, have several on demand anti rootkit tools aboard (the newer rogue av tools have rootkit technology), use a program like Freefixer to check on unwanted toolbars, BHO, startups, CLSIDs etc. Use a decent two-way firewall, check connections and mem consuming processes with WWDC, use a combination of browser URL-checkers to check website link reputation - NoScript is full proof protection if active on the site, one has the additional protection of the avast shields, cleanse cookies and Super Cookies, block third party request on a website through Request Policy, check your log files and connection reports, do not click anything that cannot be trusted, and one could have a reasonable safe and secure Internet experience,

polonus

You realize that is a crapload of things to do right?

As for Avast Free not having anti-script or whatever it is called, I think this is also the reason I got infected with "Windows Smart Security" that apparently got made around the time of the infection since I couldn't find one google result complaining about it until the next morning after the infection took place.

Actually, I think I had Avast Professional and it still did not detect anything (and I think the virus was contracted via my browser) however I wonder if the fact it was saying "Avast will expire soon" has anything to do with this (and it did not expire). Also, can a browser of my choice have non scripting incorporated in it? Since I love to use AOL explorer more than anything...

As for paying for security programs, I mean, are they really that much better than free ones? Why can't the free ones just have as much features as the ones we pay for? To be perfectly honest anti-virus programs TODAY are just about as essential as freaking internet browsers. Windows users need them now more than anything. There is such high demand on it right now and it's ridiculous having people pay for security just because some homos out there like to make infecting malware.

Aren't the programs being payed for need to be constantly updated? Do the updates cost too?

Also what is the difference between non script in a program like Malwarebytes PRO and non script in a browser like Firefox with no script?  

« Last Edit: October 09, 2009, 07:36:38 PM by Meteora »

YoKenny

  • Guest
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #21 on: October 09, 2009, 08:22:44 PM »
Malwarebytes Anti-Malware (MBAM) Pro is a one time fee with updates provided on a regular basis with sometimes several updates per day:
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button <== click Download Now and you can get the Pro update with 20% discount

WinPatrol is Free with updates occuring infrequently. 
The PLUS update is a one time fee that provides access to its own repository of many applications.
Quote
Your $29.95 investment today is a one-time cost, good for each computer you personally own and use. No hidden fees, advertisements or unwanted toolbars.
http://www.winpatrol.com

Meteora

  • Guest
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #22 on: October 09, 2009, 08:53:21 PM »
Responding to YK with this:

To date I have seen just about every AV allow one variant or the other of this through, no AV is perfect.

I was going to ask, guessing this quote is saying that no AV program (free or otherwise) will prevent viruses/worms/etc. and protect against them 100%, what is the point of paying for anything? Don't these malware programs update themselves contantly along with the program you've payed for? At one point your computer will crash and the soon-to-be-infamous malware program will disable even your 40 dollar just-updated-two-days-ago-but-apparently-not-as-recently-as-some-homo's malware program. So now you won't be able to use the program you used your bucks for.

Correct me if I'm wrong but the only advantage of paying for antivirus programs is the scripting thing? What other advantages are there (that have to do with safety)?
« Last Edit: October 09, 2009, 08:55:38 PM by Meteora »

YoKenny

  • Guest
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #23 on: October 09, 2009, 09:16:43 PM »
Its not the script thing its Resident Protection:
http://dictionary.zdnet.com/definition/resident+protection.html

avast! has Resident Protection that is the first layer of defense that is free.

avast PRO has a second layer of defense that costs a bit more
Quote
Script Blocker
The resident protection of the Professional Edition includes an additional module, not contained in the Home Edition, called Script Blocker. This module watches all scripts being executed in the operating system (so-called WSH scripts - Windows Scripting Host), and scans all the scripts run as a part of a web page within your web browser (Internet Explorer, Netscape Navigator and Mozilla).
http://www.avast.com/eng/avast-4-professional-antivirus-antispyware.html#8

WinPatrol is a another layer of defense and is free
Quote
WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. WinPatrol was the pioneer in using a heuristic behavioral approach to detecting attacks and violations of your computing environment. It continues to be one of the most powerful system monitors while staying a single small programs.

As a robust SECURITY MONITOR , WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. As a MULTI PURPOSE SUPPORT UTILITY WinPatrol replaces multiple system utilities with its enhanced functionality. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol will alert you to dangerous new programs while others prepare to update their definition/signature virus data files.
http://www.winpatrol.com


Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #24 on: October 09, 2009, 09:23:45 PM »
Quote from: Meteora
You realize that is a crapload of things to do right?
It does appear that way. Some of the suggestions offered were "either-or", not everything is necessary.
The primary one is to make sure software is up to date. That will minimize any possible attack vector. www.secunia.org supplies (free for personal use) the PSI, which I find very useful. [edit] It would be interesting to see what it makes of your AOL browser.
Quote
As for Avast Free not having anti-script or whatever it is called, I think this is also the reason I got infected with "Windows Smart Security" that apparently got made around the time of the infection since I couldn't find one google result complaining about it until the next morning after the infection took place.
Probably vulnerable software was the reason. As you mention below, this was a new infection, not added to the database of most AV scanners. You were one of the lucky first to become infected with it. If you had been using a browser with no scripting, you would have been able to choose not to run the particular script that performed the drive by download (assuming that's what it was.Did you click on anything for the infection to occur? Or just visit the page hosting it?

Quote
Actually, I think I had Avast Professional and it still did not detect anything (and I think the virus was contracted via my browser) however I wonder if the fact it was saying "Avast will expire soon" has anything to do with this (and it did not expire). Also, can a browser of my choice have non scripting incorporated in it? Since I love to use AOL explorer more than anything...
See above. And if you want to use AOL software, and it doesn't have the option to at least prompt to run scripts, all bets are off. I don't know, I don't use their browser. (Nor anything else.)
As for "Avast will expire soon" that would have nothing to do with it. Those warnings start to happen several (~20 days, I think) days before updates are disabled. But if you had ignored it for that long, and it had stopped updating, then maybe.
Quote
As for paying for security programs, I mean, are they really that much better than free ones? Why can't the free ones just have as much features as the ones we pay for? To be perfectly honest anti-virus programs TODAY are just about as essential as freaking internet browsers. Windows users need them now more than anything. There is such high demand on it right now and it's ridiculous having people pay for security just because some homos out there like to make infecting malware.
There has been a 585% increase in rogue antimalware programs in the first 6 months of this year alone. These "homos" (you redneck, you) are often very qualified, prolific software writers, making very large sums of money, hired by organized crime syndicates. There is a lot of money involved.
Regarding AV manufacturers providing AV's for free - and yes, they are essential - who pays for their staff to eat? Feed their kids etc?
If the AV is a sideline of the main business, like, maybe, MSE by Microsoft, then they can afford to provide it (or a version of it) for free. If the company's main job is to provide security software, who is going to pay for development and updates if the software is free? The malware writers get paid darned well. The AV writers have to carry out R&D to try and keep up. It costs.

Quote
Aren't the programs being payed for need to be constantly updated? Do the updates cost too?
Yes. No.

Quote
Also what is the difference between non script in a program like Malwarebytes PRO and non script in a browser like Firefox with no script?
I don't know. Maybe one uses definitions, the other is user choice? But really, I don't know.
Problem with definitions-based software is that if you are unlucky enough to stumble upon a zero-day trojan (just released) only system hardening (Noscript, behavior blocker etc) will save you.

Would you begrudge paying a mechanic the fee for keeping your car serviced? The component of your air ticket that keeps the aircraft maintained? Health insurance?
Thing is, with security for computers, you have more free choices around than are available in other fields of possible day to day hazard.Good choices. You couldn't actually fly safely on a carrier that gave away free seats regularly, because the aeroplane was well built 20years ago, and they have decided to save on maintenance. (Actually, they can't do that. But if..) Who would willingly get on the thing?
« Last Edit: October 09, 2009, 09:27:01 PM by Tarq57 »
Windows 10,Windows Firewall,Firefox w/Adblock.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #25 on: October 09, 2009, 09:27:56 PM »
Have a look at the malware forum at G2G and you will see this nasty popping up all over and infecting all the big boys as well as the little ones - and that includes ESET McAfee Norton Avira Avg et al

Due to the nature of the Anti-malware community we tend to get a clearing result within a few days - there is a new one now that infects intel drivers - again no AV detects this, it is discovered by looking at a rootkit scan. And after three days we know how to kill it.  There is a greater interaction between the malware community than there is amongst AV companies, plus we get samples faster   

The only defence is to run IE8 in protected mode, on Vista enable UAC and watch what you click.  Never use the no or cancel button use the X on all popups on web sites 

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #26 on: October 09, 2009, 09:55:43 PM »
Hi essexboy,

The reason for the growth in numbers is what is known in technical terminology as ‘polymorphism', an old defence technique which involves changing the binary checksum of every copy (or download) of a piece of malware. This makes it much more difficult for antivirus programs to detect the programs.

"The primary reason for the creation of so many variants is to avoid signature-based detection by legitimate antivirus programs

Fake antivirus software can be hard to catch using heuristics because they are often willingly installed by users who think the programs to be genuine, bypassing systems such as Vista's User Account Control (UAC).

According to Luis Corrons of PandaLabs, the rogueware business is controlled by up to 200 gangs globally, but 78 percent of the business could be in the hands of a top ten criminal entities,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #27 on: October 09, 2009, 10:04:02 PM »
The only defence is to run IE8 in protected mode, on Vista enable UAC and watch what you click.  Never use the no or cancel button use the X on all popups on web sites 

Horseflop.

You're too much up your own paranoid rear.

Show me a site I can't safely browse in Firefox or Opera on XP and I'll take that back.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #28 on: October 09, 2009, 10:18:39 PM »
Hi FwF,

Whenever you have NoScript installed inside the Firefox or Flock browser I grant your bet one hundred procent. Or you must be willingly install a rogue av and after being warned against this one million times the person that does so is utterly stupid or should not be behind a computer keyboard.
And because the main problem here is PBKAC (problem between keyboard and computer) they still cash on this scheme grand scale, because people have no notice of what a safe browser is (millions don't even know what the simple term browser stands for) and then hordes click after everything they see under their cursor, one could right click, one could left click and one could click away - easy victims. And the reality is what I just described,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #29 on: October 10, 2009, 12:08:57 AM »
As I do not use Firefox or any other browser I do not feel qualified to comment on them, also my operating systems are now Vista and windows 7 

Bye