Author Topic: Question about avasts resident scanner  (Read 4884 times)

0 Members and 1 Guest are viewing this topic.

Negeltu

  • Guest
Question about avasts resident scanner
« on: August 01, 2004, 09:06:15 AM »
I have the Standard Shield set to scan ALL files...  Well, I let someone use my computer today...  and at the end of the day I went to clear out all my temp files and my internet cache... and avast found a Beagle variant....  My question is this... If avast is set to scan ALL files... then why was it only found when I went to empty the cache?  Shouldn't it have found the file on d/l?  Just a curiousity of mine.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Question about avasts resident scanner
« Reply #1 on: August 01, 2004, 09:13:49 AM »
What is the filename?
Where is it located?
Did the person that used your comp just ignored the Avast warning?
Was the file orignialy "zipped"?
Does it have a extension?

I think nr3, is in order here. But you probably never know. I doubt someone will say, "yes I got a virus warning but just ignored it"

Negeltu

  • Guest
Re:Question about avasts resident scanner
« Reply #2 on: August 01, 2004, 12:47:32 PM »
No virus warning.  The virus was in the temp internet files.  I believe it came over through an asf file...as they were looking at funny animation movies. And I noticed that some of them were .asf ext.  I was there... I didn't even suspect.  I didn't worry much about because I figured avast would pick most things up when d/l to the cache... :-\  

I have spywareblaster installed and updated... Spybot S&D resident protection installed...all updated... avast all current updates...  Windows xp all patches installed...  Spywareguard....running...  Sygate....  It is interesting to me that this would get by avast.  Browser is FireFox 0.9.2

here is where it was found
Application Data\Mozilla\Firefox\Profiles\default.cyf\Cache.Trash\Trash\Cache\8F77EAC4d01"
« Last Edit: August 02, 2004, 02:53:40 AM by Negeltu »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Question about avasts resident scanner
« Reply #3 on: August 02, 2004, 10:02:46 AM »
What is your exaxt settings of the Standard Shield?

Negeltu

  • Guest
Re:Question about avasts resident scanner
« Reply #4 on: August 02, 2004, 10:48:21 AM »
Scanner (Basic):
All settings are checked.

Scanner (Advanced)
Scan Files on Open is checked.
Always scan WSH-script files is checked.
Scan created/modified files is checked.
Radio button "All Files" is selected.

ALL Providers are running :-\

Another interesting thing.  I ran Spybot S&D and it said it found SC-Keylog on my upstairs pc and my downstairs pc.  This is really odd.  And AdAware's icon target on BOTH systems was changed to it's install log..and the icon was renamed UNWISE.exe.  

Cleaned everything off the pc's that I can find.  Many many scans... Everything is updated.  I have never had a problem before.  My friend did NOT use the downstairs system.  The two are connected to a router, but sharing is NOT enabled.  The SC-Keylog was found on BOTH systems...  :-\  I just don't understand it.  

I don't look at Porn sites....  I don't look at Warez Sites...  I don't open odd email attachments... all my email is scanned by avast...  I feel so....... violated :(  Both systems are running perfectly though...  I guess all is well now.
« Last Edit: August 02, 2004, 10:53:24 AM by Negeltu »

Negeltu

  • Guest
Re:Question about avasts resident scanner
« Reply #5 on: August 02, 2004, 12:50:00 PM »
Could it have been a false alarm?  It is listed in the log as Win32:Beagle-gen [Mail]

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Question about avasts resident scanner
« Reply #6 on: August 02, 2004, 01:42:32 PM »
I never seen SC-Keylog installed automaticly, not saying it isn't possible, but I think that someone has deliberatly put that on your systems. See if you can find the log file it creates, most likely it is not in the same folder the application is in but somewhere in the windows or system(32) folder. Since it is possible for the application to send the log it creates to a e-mail address, also check your mailer prog to see if it has send something you where not aware off. Let's see if this tells us something more.

Negeltu

  • Guest
Re:Question about avasts resident scanner
« Reply #7 on: August 02, 2004, 04:58:38 PM »
Artras,

I can find no log file.  I believe SC-Keylog is a false positive.  I was thinking...what files have I transferred between the two systems... or what commonality is there...since this SC-Keylog showed up.  I've pinned it down to one thing that was done to the two systems.  I d/l the Beta detections for SpyBot S&D.  I believe that is what caused the SC-Kelog false positive.  I still can't figure out how Beagle got on my system without avast catching it immediately.  Really appreciate the help ;)
« Last Edit: August 02, 2004, 04:58:52 PM by Negeltu »