I was running some tests on Avast today again. So I purposely downloaded a few trojan-droppers on my test machine to infect it. Avast did reasonably well, missing a few things. However, one of the main things it missed was the actually dropper itself. While picking up the trojans it dropped at the time, it missed the vehicle, leaving the vehicle on the computer, and in ram to keep dropping.
However, when I went to send a sample of the dropper to Avast, the email plugin Heuristics picked it up and blocked it.
I did notice a wierd, apparently debugger related message when I tried to manually scan the file, it said "UnnamedStream_1" and failed to recognize the dropper within. Attached is the screenshot.
Comments? Anything going wrong here? I know exactly how to remove this trojan dropper, so removal isn't an issue. I just want Avast to be able to find protocols like this, and deal with them, because right now its not!