Author Topic: Explorer.exe - Open for Writing?  (Read 6358 times)

0 Members and 1 Guest are viewing this topic.

Offline softwareguy

  • Sr. Member
  • ****
  • Posts: 245
  • WARNING! Worm Found!
Explorer.exe - Open for Writing?
« on: June 12, 2004, 04:59:53 AM »
I have never seen this before.
Is it something new in the 412 build?
What is this suppose to mean?
Thanks! :)

Avast - Your Worms Extinguisher

Offline shgoh

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 977
Re:Explorer.exe - Open for Writing?
« Reply #1 on: June 12, 2004, 06:49:12 AM »
how did you get that??? ???
lIfE iS sAd...yOu NeVeR kNoW wHaT yOu GoNnA gEt... :'(

Offline softwareguy

  • Sr. Member
  • ****
  • Posts: 245
  • WARNING! Worm Found!
Re:Explorer.exe - Open for Writing?
« Reply #2 on: June 12, 2004, 07:13:05 AM »
It seems that this box was checked and weird dialogs (above) was popping out randomly...  :-\

Avast - Your Worms Extinguisher

Offline shgoh

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 977
Re:Explorer.exe - Open for Writing?
« Reply #3 on: June 12, 2004, 07:18:38 AM »
seems like avast is blocking some writing operation to that dll file?...i'm not sure though...please wait for more expertise advices..
lIfE iS sAd...yOu NeVeR kNoW wHaT yOu GoNnA gEt... :'(

Offline softwareguy

  • Sr. Member
  • ****
  • Posts: 245
  • WARNING! Worm Found!
Re:Explorer.exe - Open for Writing?
« Reply #4 on: June 12, 2004, 07:20:30 AM »
I don't think so...
I just performed a Windows Search and these dialogs appeared on my screen... The first screenshot is just one of them.
I thought the Blocker is what Avast use to block infected file? Confusing...  ???

Avast - Your Worms Extinguisher

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9387
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Explorer.exe - Open for Writing?
« Reply #5 on: June 12, 2004, 08:01:36 AM »
No,as it says behavior blocking. This is like very passive heuristic if you want to put it that way. I doubt that avast! selected this option by itself. This was never encountered by me or any other.

Just set it as on this picture below for maximal protection without any limitations in Windows usage.
Visit my webpage Angry Sheep Blog

Offline softwareguy

  • Sr. Member
  • ****
  • Posts: 245
  • WARNING! Worm Found!
Re:Explorer.exe - Open for Writing?
« Reply #6 on: June 12, 2004, 08:37:17 AM »
We certainly need more features on this blocker thing. ;)

Avast - Your Worms Extinguisher

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3349
  • Avast shall conquer the whole world
Re:Explorer.exe - Open for Writing?
« Reply #7 on: June 12, 2004, 08:50:09 AM »
No,as it says behavior blocking. This is like very passive heuristic if you want to put it that way. I doubt that avast! selected this option by itself. This was never encountered by me or any other.

Just set it as on this picture below for maximal protection without any limitations in Windows usage.

RejZoR,

Can you please explain what this block dialog box features thing, cause I cannot find any information enough to understand what this do.

Please advise.
ASUS G75VX-T4153H | Avast Premium v21.9.2493 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | W8.1 64bit | Firefox 64bit | Thunderbird 64bit | MBAM Premium | Adguard Premium | CryptoPrevent Premium | CCleaner Portable | MCShield | Macrium Reflect | 7-Zip

Offline softwareguy

  • Sr. Member
  • ****
  • Posts: 245
  • WARNING! Worm Found!
Re:Explorer.exe - Open for Writing?
« Reply #8 on: June 12, 2004, 09:18:50 AM »
With the things I know about Avast, I think that the Blocker prevents infectable files from doing the checked actions specified on this tab.
Avast will prompt you if the actions window if an infectable file tries to execute any of the actions checked.

"infectable" files means any files that could contain an malware. Click show on the default extension list and you will see what Avast defines as "infectable" file types.

Avast - Your Worms Extinguisher

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re:Explorer.exe - Open for Writing?
« Reply #9 on: June 13, 2004, 08:11:13 PM »
With the things I know about Avast, I think that the Blocker prevents infectable files from doing the checked actions specified on this tab.

No, as Rejzor said, it's a kind of heuristic against unknown viruses. The selected actions are prevented always, no matter if the file performing them is infected or not. That's why it's called behavior blocker - because it blocks suspicious behavior, not files.
In any case, it's quite an obsolete feature and I wouldn't recommend to use it much (as you found out yourself, many applications open files for writing even if they don't have to - I believe the Explorer in the first post opened the file for writing (+reading) just to access the file's properties).

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9387
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Explorer.exe - Open for Writing?
« Reply #10 on: June 13, 2004, 08:36:33 PM »
Yup,thats why you should select only to block Formatting. This is not something that you do on regular basis,but format is pretty common destruction method among viruses.

I'll check them all and test them for a while to see how does it work. I never used anything else then Block Format. Might be useful against nev parasites...
« Last Edit: June 13, 2004, 08:40:26 PM by RejZoR »
Visit my webpage Angry Sheep Blog

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9387
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Explorer.exe - Open for Writing?
« Reply #11 on: June 13, 2004, 08:47:58 PM »
Hm this looks interesting and could be very useful. I just wish a exclusion list so you can exclude applications that are legit,so you don't have to always click Allow. My avast! External Control is for example sensitive to Deleting file Blocker. If i could add it to exclusion it won't bother me anymore. But i think full file path would be required to exclude,because only filename could be spoofed. Or CRC32/MD4 check. Something like that.
Visit my webpage Angry Sheep Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re:Explorer.exe - Open for Writing?
« Reply #12 on: June 14, 2004, 05:01:07 AM »
No, as Rejzor said, it's a kind of heuristic against unknown viruses. The selected actions are prevented always, no matter if the file performing them is infected or not. That's why it's called behavior blocker - because it blocks suspicious behavior, not files.
In any case, it's quite an obsolete feature and I wouldn't recommend to use it much (as you found out yourself, many applications open files for writing even if they don't have to - I believe the Explorer in the first post opened the file for writing (+reading) just to access the file's properties).

With this explanation I would have to change my avast translations...
I have not understand deeply the behavior of the blocker...
Igor, can I do that?  ::)
The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re:Explorer.exe - Open for Writing?
« Reply #13 on: June 14, 2004, 10:02:38 AM »
Well, I'm not sure if I explained fully in those few lines I wrote... maybe I should extend the explanation a little :)
But of course, updates are possible... what particular do you want to change?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re:Explorer.exe - Open for Writing?
« Reply #14 on: June 14, 2004, 02:14:51 PM »
Well, I'm not sure if I explained fully in those few lines I wrote... maybe I should extend the explanation a little :)
But of course, updates are possible... what particular do you want to change?

I need the html file for the Blocker and the Passolo file for the it.
Do you remember when I asked you about the differences in translation due to this?

1. The module that block some suspicious activity behavior
2. The behavior of the module that block some suspicious activity

This is my trouble: 1 is different from the 2. In Portuguese translation of avast we can read the 2nd and, with your explanation, I think the right one is the 1st.  8)
The best things in life are free.