Author Topic: Why is Avast not blocking XP Antivirus 2010 trojan?  (Read 29875 times)

0 Members and 1 Guest are viewing this topic.

Riverviewfan

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #15 on: March 07, 2010, 05:15:13 AM »
In the 50 or so case I have removed the trigger files are always slightly different

AV's Used whilst being infected are :

Norton
Kaspersky
AVG
Avira
Nod32
Avast
et al

Basically no antivirus as of today, when I started the latest case has yet been able to stop it.   

There are some cases where the only way to kill it was through a PE environment

So you can complain and decide to use another av to block it - but which one ?

Precisely as I noted earlier in the thread, no other AV seems to be able to stop it getting on the machine in the first place. I've read reports that MBAM Pro can though.

But riddle me this Essexboy - WHY won't Avast REMOVE it now??  Malwarebytes has no problem with it, and apparently has been able to remove it for over a month now.

Did you pass the files to Avast for analysis and inclusion ?

No, the files have long been deleted.  I do have one of the infected URL's that I could pass on if someone would kindly let me know where to send it.  Then the Avast team can determine how to stop it.

Riverviewfan

Riverviewfan

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #16 on: March 07, 2010, 05:27:59 AM »
AND I didn't click on any window or pop up or anything.. it just loaded itself as soon as i visited a site.

  There was no "indiscriminate clicking" involved once I clicked on the URL.  Avast gave a warning that it blocked a Javascript attack, but then the trojan just came right on through. 

You both have an insecure web-facing application that is allowing a drive-by download.

Scan for out of date and insecure software and update.

Secunia Online Software Inspector (OSI)
Secunia Personal Software Inspector (PSI)

A good suggestion!  I updated a few things, but after checking the various release notes, the only security fixes were to Java, which I was only a couple of versions back on.  Was that the source of my problem?  I sort of doubt it, but it's possible.  In any event, I'm running MBAM Pro now with its real-time protection module (along with Avast), so we'll see if that keeps this trojan away for a while.

Riverviewfan

donbel

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #17 on: March 07, 2010, 05:44:12 AM »
Hi Riverviewfan,

What you have to remember that the users that are troubled by this have been installing this rogue av software themselves by clicking on everything indiscriminately.
If you are aware of the danger of the social engineering you won't fall for these scams.
If you use the proper in-browser protection like surfing Firefox with the additional extensions ABP Plus, NoScript, RequestPolicy, you will never even see the malicious pop-ups, because the malcode won't run and the rogue cannot be installed - not a rogue from the past, the present or the foreseeable future.
A resident av solution (and you only can have one!) cannot find all malware. That is why people use additional non-resident anti-spyware like MBAM and/or SAS and clean the crap from their machines using ATF Cleaner, also very impo5rtant to keep your third party software fully updated and patched using Secunia PSI to be protected against the exploits these malicious fake av programs use to try and get your attention and an eventual install that you will regret. As always malcreants speculate on the unawareness and fear of their potential victims,

polonus

donbel

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #18 on: March 07, 2010, 05:55:42 AM »
Hi Riverviewfan,

What you have to remember that the users that are troubled by this have been installing this rogue av software themselves by clicking on everything indiscriminately.
If you are aware of the danger of the social engineering you won't fall for these scams.
If you use the proper in-browser protection like surfing Firefox with the additional extensions ABP Plus, NoScript, RequestPolicy, you will never even see the malicious pop-ups, because the malcode won't run and the rogue cannot be installed - not a rogue from the past, the present or the foreseeable future.
A resident av solution (and you only can have one!) cannot find all malware. That is why people use additional non-resident anti-spyware like MBAM and/or SAS and clean the crap from their machines using ATF Cleaner, also very impo5rtant to keep your third party software fully updated and patched using Secunia PSI to be protected against the exploits these malicious fake av programs use to try and get your attention and an eventual install that you will regret. As always malcreants speculate on the unawareness and fear of their potential victims,

polonus

Offline Chim

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1151
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #19 on: March 07, 2010, 06:01:23 AM »
Secunia will not look for drivers, it looks for programs that is a security risk / out of date

Try the oline scan, very quick
Thanks, Pondus!  I guess I misunderstood someone on some previous occasion.  I thought Secunia checked out Programs AND Drivers.  In that case, well heck, I don't even have hardly any programs in my computer.
Dell Optiplex 780 / Core 2 Duo E8400 3.00 GHz / 4 Gig RAM / Windows XP Pro 32-Bit SP3 / Panda Dome  Free 18.07.00 / MBAM / SAS / NetZero Dial Up / Maxthon MX5 5.2.5.4000

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #20 on: March 07, 2010, 10:41:55 AM »
well, MBAM can detect rogues very well, but - can you even run it without killing the malicious process manually? i don't think so, regarding my experience with rogues (they block various processes - even cmd - from running, but they allow you tu enter safe mode and get rid of them).. moreover - MBAM seems to be a silver bullet, or is presented this way on various forums, but as Vlk already posted somewhere on our forums - MBAM doesn't have a full coverage of malware, there are lots of samples that we detect and MBAM does not.. sometimes i think MBAM's focus is only on rogue SW..

and why we don't detect the sample after a month? there's always a possibility that a sample doesn't arrive at our viruslab (or is shadowed by a lot of noise that sometimes comes from VT and similar services - it's usual to get tens of thousands samples per day), when it is such short-lived piece of malware...

Hermite15

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #21 on: March 07, 2010, 12:28:11 PM »
.... if Avast is going to sit on their ass for a few more weeks before updating their definition file to include it and it's behavior.

no, you're sitting on your ass expecting AV companies to solve your mouse and keyboard issues, and I agree 100% with Polonus.
« Last Edit: March 07, 2010, 01:12:07 PM by Logos »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #22 on: March 07, 2010, 01:03:07 PM »
Quote
sometimes i think MBAM's focus is only on rogue SW..
That is MBAM's main aim it is complimentary to an Antivirus.  However, there are times when even MBAM won't run and we have to use different methods to get the system back.  There is no silver bullet to kill all malware - unless you work outside of windows in a PE environment, but that is a 300MB download requiring a second system and CD burner

Offline sandy55

  • Sr. Member
  • ****
  • Posts: 213
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #23 on: March 08, 2010, 09:18:00 AM »
In the 50 or so case I have removed the trigger files are always slightly different

AV's Used whilst being infected are :

Norton
Kaspersky
AVG
Avira
Nod32
Avast
et al

Basically no antivirus as of today, when I started the latest case has yet been able to stop it.   

There are some cases where the only way to kill it was through a PE environment

So you can complain and decide to use another av to block it - but which one ?

Precisely as I noted earlier in the thread, no other AV seems to be able to stop it getting on the machine in the first place. I've read reports that MBAM Pro can though.

But riddle me this Essexboy - WHY won't Avast REMOVE it now??  Malwarebytes has no problem with it, and apparently has been able to remove it for over a month now.

Did you pass the files to Avast for analysis and inclusion ?

No, the files have long been deleted.  I do have one of the infected URL's that I could pass on if someone would kindly let me know where to send it.  Then the Avast team can determine how to stop it.


Riverviewfan
I will say up front I have no idea what I am doing or if what i have found is part of the problem talked of here.  I have a virus called security tool I hae found a few things in the ODBCMs drier Ms drivr*.dbf
excek *.xls
access data base I cannot see what I am typing here as every letter pops up and thn gone so my screen is flashing.   Hence this may be a mess sorry if it iis  This virus has stopped my Avast in its tracks there is a a white cirle with a bit of red over the avast icon and it has installed it s own icon in the tool tray.  If this is a different virus than the one you ar talking about here I could sure use some help iwth it.  I may not be able to bget back on my computer so will check back later from another computer.  thanks Sandy
win 8.1 (64) avast version 18.5.2342(build) 18.5.3931.0 apparently this is Premier version according to an internet search on that version number above.. tho it does not state this in about or any other place on my computer...

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37644
  • F-Secure user
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #24 on: March 08, 2010, 09:28:07 AM »
Quote
I will say up front I have no idea what I am doing or if what i have found is part of the problem talked of here.  I have a virus called security tool I hae found a few things in the ODBCMs drier Ms drivr*.dbf
excek *.xls
access data base I cannot see what I am typing here as every letter pops up and thn gone so my screen is flashing.   Hence this may be a mess sorry if it iis  This virus has stopped my Avast in its tracks there is a a white cirle with a bit of red over the avast icon and it has installed it s own icon in the tool tray.  If this is a different virus than the one you ar talking about here I could sure use some help iwth it.  I may not be able to bget back on my computer so will check back later from another computer.  thanks Sandy

You should have started your own topic when asking for help

Follow this 23 step removal guide.

i think this is the one you have?

Remove Security Tool and SecurityTool (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-security-tool

Riverviewfan

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #25 on: March 10, 2010, 01:01:53 AM »
well, MBAM can detect rogues very well, but - can you even run it without killing the malicious process manually? i don't think so, regarding my experience with rogues (they block various processes - even cmd - from running, but they allow you tu enter safe mode and get rid of them).. moreover - MBAM seems to be a silver bullet, or is presented this way on various forums, but as Vlk already posted somewhere on our forums - MBAM doesn't have a full coverage of malware, there are lots of samples that we detect and MBAM does not.. sometimes i think MBAM's focus is only on rogue SW..

and why we don't detect the sample after a month? there's always a possibility that a sample doesn't arrive at our viruslab (or is shadowed by a lot of noise that sometimes comes from VT and similar services - it's usual to get tens of thousands samples per day), when it is such short-lived piece of malware...

Yes, you can run MBAM while the AV.exe trojan is running, but you must do the registry edit to re-enable MBAM. 

And you get tens of thousands of virus/trojan samples a day, but somehow you haven't encountered this yet?  I find that very difficult to believe.   ::)

Riverviewfan

Riverviewfan

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #26 on: March 10, 2010, 01:16:33 AM »
.... if Avast is going to sit on their ass for a few more weeks before updating their definition file to include it and it's behavior.

no, you're sitting on your ass expecting AV companies to solve your mouse and keyboard issues, and I agree 100% with Polonus.

That's right, blame the users for Avast's shortcomings.  Real nice.

It will interesting to see which of the AV companies comes in second place in being able to detect and remove the trojan.  Last I checked, everybody is still posting registry fix files and then recommending MBAM.  Breaking news - Microsoft Security Essentials is now fixing it (according to the ESET forum).  Surprise, surprise...  I figured it would Symantec or Kaspersky.

Riverviewfan

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33995
  • malware fighter
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #27 on: March 10, 2010, 02:27:09 AM »
Hi Riverviewfan,

Well they all have these issues. Not all av vendors are so open and frank about it. Well that is also why they do not have a huge userbase like our solution. I am not defending avast in this respect, nor any other resident av solution for that matter. No av solution is able to get the full 100% of the constantly changing enormous amounts of malcode there is. I also think the scanner would be unworkable, so they have to make a choice. Best thing to do next is install layered defense combining av + non-resident scanners to get a better detection and closing the vulnerability window. Then use SafeHex and in-browser security like Fx with NoScript and RequestPolciy will give you almost full protection, apart from targeted specific artful hacks. Everyone can be compromised in the end, even through obscure backdoors. This said, it is also true that every major av solution needs some time from the appearance of a zero day to detection and then to removal. Malware is becoming more and more stealth and rootkitted and webdriven, so blaming a good and decent av solution is an easy task. Upload here, mail avast, come here to the help of the avast users and evangelists and help create an ever better product. We do wonderful things, here, the impossible takes somewhat longer to perform,

polonus (malware fighter)
« Last Edit: March 10, 2010, 02:29:47 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #28 on: March 10, 2010, 04:34:32 AM »
.... if Avast is going to sit on their ass for a few more weeks before updating their definition file to include it and it's behavior.

no, you're sitting on your ass expecting AV companies to solve your mouse and keyboard issues, and I agree 100% with Polonus.

That's right, blame the users for Avast's shortcomings.  Real nice.

It will interesting to see which of the AV companies comes in second place in being able to detect and remove the trojan.  Last I checked, everybody is still posting registry fix files and then recommending MBAM.  Breaking news - Microsoft Security Essentials is now fixing it (according to the ESET forum).  Surprise, surprise...  I figured it would Symantec or Kaspersky.

Riverviewfan


Yes MSE is detecting this FOR NOW. From My experience, as soon as this is detected by an A/V the creators change the code. So soon it will be back to square one.
« Last Edit: April 05, 2010, 07:06:50 AM by Marc57 »
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #29 on: March 10, 2010, 04:59:16 AM »
A little like blaming the pharmaceutical companies or health authorities for having not come up with an effective cure for the common cold. Or HIV. Or Ebola.
These things keep mutating.
A users layered protection strategy and common sense are the main things protecting their computer from a parasite-ridden webscape. (Funny how web imitates life, isn't it?)
The layers I use seem to work just fine.
Windows 10,Windows Firewall,Firefox w/Adblock.