Author Topic: Avast File Shield unable to detect risk  (Read 4135 times)

0 Members and 1 Guest are viewing this topic.

Offline Stran05

  • Jr. Member
  • **
  • Posts: 99
Avast File Shield unable to detect risk
« on: February 20, 2010, 12:36:57 PM »
Today I checked Norton's site for dirtiest website. I decided to check how the Avast Web Shield worked and entered a chinese site which was reported with 243 risks. However, Avast Real Time shields could not detect any, so I downloaded a malicious image(.jpg) from that site, the file shield still could'nt detect it, but when I manually scanned it, a threat was detected. I thought that the file shield was not working, so I tested the eicar test file and a few other malware samples and it caught them! Later on I scanned with Malwarebytes and it found 12 infections in my registry! What's going on?
Intel Core 2 Duo 2.93Mhz, 2GB RAM, Kaspersky Internet Security 2011.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Avast File Shield unable to detect risk
« Reply #1 on: February 20, 2010, 07:14:17 PM »
Do you still have the jpg file?
Can you submit it to www.virustotal.com ?
Which is that particular chinese website (post hxxp and not http link).
The best things in life are free.

Offline Stran05

  • Jr. Member
  • **
  • Posts: 99
Re: Avast File Shield unable to detect risk
« Reply #2 on: February 20, 2010, 07:27:42 PM »
The website is stock88.cn, Norton says it has more than 2493 viruses and unwanted programs. Again, I today checked the avast website and found a link to a malware site which when I visited, the Network Shield popped up saying that it has blocked a Backdoor, but takes no further step.

Uploading to VirusTotal, please reply.
Intel Core 2 Duo 2.93Mhz, 2GB RAM, Kaspersky Internet Security 2011.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Avast File Shield unable to detect risk
« Reply #3 on: February 20, 2010, 07:38:10 PM »
the Network Shield popped up saying that it has blocked a Backdoor, but takes no further step.
So, it was blocked... or is it displayed in the browser window?
I've asked for virus analysts help here.
The best things in life are free.

Offline Stran05

  • Jr. Member
  • **
  • Posts: 99
Re: Avast File Shield unable to detect risk
« Reply #4 on: February 20, 2010, 07:40:28 PM »
Virus Total: 19/41 scanners detected the infection including Avast!, Avira and Norton. I know Avast has the best detection rates and has detected this when many well known antivirus programs(Kaspersky, CounterSpy) have missed it, but why did'nt the File Shield pick it up. Does'nt the File Shield scan .jpeg extensions. Many don't.

Link to the VirusTotal Result: http://www.virustotal.com/analisis/ee20067d9fca72eefa5a8dcc7364fdde245fc39fc5825c7abae91a15907e9f2b-1266690608
Intel Core 2 Duo 2.93Mhz, 2GB RAM, Kaspersky Internet Security 2011.

Offline nuz

  • Newbie
  • *
  • Posts: 11
Re: Avast File Shield unable to detect risk
« Reply #5 on: February 20, 2010, 09:31:55 PM »
Not to butt in here, but in Web Shield Expert Settings, is the Web Scanning tab set to scan all files? If set to selected file types only and none are selected it's useless.

Offline Stran05

  • Jr. Member
  • **
  • Posts: 99
Re: Avast File Shield unable to detect risk
« Reply #6 on: February 21, 2010, 11:19:27 AM »
Both of File Shield and Web Shield are set to scan all files. The Web Shield scans contents of each and every content of the sites while the File Shield scans every file on-access. There is no problem with that. But the File Shield is not able to particularly pick up that file only. It has been the best against all the malware salples I have tested it against.
Intel Core 2 Duo 2.93Mhz, 2GB RAM, Kaspersky Internet Security 2011.