Avast didn't catch "normal viruses" (lol avast)

[malko]

Hi

I hope you can understand I am very angry. I was running Avast 5 on a system. I was infected with:

Packed.Win32.TDSS.z
Trojan-Ransom.Win32.Digitala.amx
+ A rogueware.

And Avast caught none. I ran Avast during normal conditions and the boot time scan (which took 4 hours)
Instead I had to bring Kaspersky. I submitted the files to their online scanner and bang they found them.

I want to know if I did something wrong..... or is Avast just wrong? Damn, I should of put them on Virustotal. I paniced instead and thought everything was messed up.

This is not a hate thread. I just want to know, because I am very angry and sad.

[Lisandro]

Hmmm... avast should detect that one, but not a software is perfect.
Hope they improve detection of this one.
TDSS family could give priority on avast imho.

[JerryM]

Hi malko,

I am interested in knowing what other security applications you were running. From experiences of several friends I am persuaded that it is necessary to run an anti-malware application such as Malwarebytes alongside of the AV.

Rogues seem to bypass some good AVs, and the additional layer of MBAM or something similar adds to the security.

I always have MBAM running in real time. My normal security is an AV suite, MBAM, and Win Patrol.
Recently I ran Avast 5 Pro with Online Armor free.

Tests show that Avast is a top tier AV, but none is 100%. That is not much consolation when one is infected, however.

Regards,
Jerry

[malko]

Hi mate.

I was not running any other security applications. It was just Avast. However Malwarebytes found all these things, that even Avast couldn't find. When Malwarebytes found them, I was like hmmmm! Then I decided to submit the files it found (it didn't even find everything, I had to use Spybot to find others too) to Kaspersky and they detected ALL of it.

It's just a little sad that such "regular" viruses can not be detected and found, especially TDSS family that Kaspersky has devoted removal tools for.

What makes me even sad that I was atleast hoping the boot time scan to catch the most annoying viruses but if it can't catch this I have lost a lot of trust in Avast after being a long time user Which is sad because I was comfortable with it.

[ardvark]

Hi...

Unfortunately, any security program available is not going to be able to protect 100% of the time with every threat out there. The "anti" in antivirus means in opposition to, not guaranteed.

A layered approach is always best. I would definately add SpywareBlaster to your list and if it will fit within your budget, Zemana AntiLogger is a good program. There is a free antilogger, SpyShelter, although since I've never tried it, I cannot vouch for it. If your system is 64 bit, you will need to pay for the premium version.

Regards...

[GloobyGoob]

Hi...

Unfortunately, any security program available is not going to be able to protect !00% of the time with every threat out there. The "anti" in antivirus means opposition to, not guaranteed.

Regards...

+1 No AV can provide 100% detection, not possible

[JerryM]

But one can lose confidence in the one he is using. I think the AV Comparatives Dynamic tests are the most real world of all tests. There is certainly a spread in the ability to block malware.
http://www.av-comparatives.org/

Unfortunately sometimes the best application does not run well on a particular system.

Thanks for the information.

Regards,
Jerry

[Lisandro]

Unfortunately sometimes the best application does not run well on a particular system.

And more often, the "best" application is not always the same

[bo.elam]

Malko, sorry about the infection. No anti virus application that I have ever
used could be depended to do a very good job against this kind of threats.
I found other means to do that, you can do the same.
Bo

[Dch48]

The problem is that if the rogue is brand new, you can bet that it's authors have tested it against all of the major AV products and made sure that it does not get detected. No (signature based) program, even Malwarebytes, can defend against brand new threats 100% of the time. The best only manage about 60% through heuristics and behavior analysis. You were just unlucky to encounter it before there was a signature in Avast! to detect it. It is a bit disappointing to know that the heuristics and behavior shield didn't pick up on it though.

[firzen771]

my question is, what the hell do u classify as a "normal virus" lol...

[malko]

Thanks all for your replies.

I do not care about the rogueware as that I can kind of understand that one. But I see TDSS and Digitala as "normal viruses" because they have been in the "business" for a very long time and are kind of "popular" and it's kinda sad that they can not be detected by Avast.

I do not ask for a 100 % dediction, but TDSS for example that is a famous rootkit? How can that not be detected? How can heurestics and behavior fail when applications get access to cmd.... even UAC notified me that these apps are trying to access system files - but Avast did nothing.

And as you said Dch48; It's very sad that not even heurestics nor behavior detected anything even though I had them on high.
It makes me lose trust and confidence in Avast now because this is the second time it is failing on me

Bo.elam: Kaspersky has and have always had protection against these two threats. In fact they even have two dedicated removal tools for it. I do not know about others.

[Shiw Liang]

Rogue Malware are the most annoying and complicated to detect

[EntitY]

Excellent point there malko! I would be using MSE if it played better with my XP-Machine...

[Dch48]

Excellent point there malko! I would be using MSE if it played better with my XP-Machine...

MSE just had a fiasco with their upgrade to the new version. For thousands of users (including me) the upgrade process resulted in the old version being deactivated (but not fully uninstalled) and the new version not installing, leaving no active virus protection. It also made the uninstall process in add/remove programs non functional even though the entry was still there. The only fix provided was a convoluted process of running the uninstaller through a DOS prompt box (even then the program folders were not fully removed) and then trying to install the new version after downloading the installer. This was the second time the same thing happened with a program update and it caused me to dump MSE and install Avast! on the second machine here.