Author Topic: Right click avast scan  (Read 5830 times)

0 Members and 1 Guest are viewing this topic.

bassbag

  • Guest
Right click avast scan
« on: August 10, 2004, 10:24:13 PM »
Is there anyway that the right click ashquick.exe command can be more thorough?.For example i have .exe file that contains multi adware trojan droppers yet ashquick (which would be the command that download managers use) does not detect it.Executing the file does bring avast detection , but by then some damage is already done i.e newdot.net installation which can alter network settings etc.
tia
me

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Right click avast scan
« Reply #1 on: August 10, 2004, 10:26:44 PM »
So what if you scan the file in Simple User Interface (with all the settings set to high, archive scanning on)?
If at first you don't succeed, then skydiving's not for you.

bassbag

  • Guest
Re:Right click avast scan
« Reply #2 on: August 10, 2004, 10:35:44 PM »
A scan of the file with resident set to high or custom (all files) and scan archives set to thorough fails to detect the malware .On execution however it detects it.

Offline bob3160

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 48470
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:Right click avast scan
« Reply #3 on: August 10, 2004, 10:38:27 PM »
Vlk
Doesn't that then defeat the whole purpose of ashquick?
I thought ashquick checks all downloaded files?
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31081
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Right click avast scan
« Reply #4 on: August 10, 2004, 10:40:18 PM »
newdot.net is spy-/adware not a virus. I'm not sure if Avast detects this one but I am sure Vlk will tell you ;)

It is always a good thing if you do not only use av software, but also applications like Ad-Aware and Spybot S&D and ofcourse have a firewall. (best is a router with hardware firewall)

Since there is no application that detects all harmfull things, I advise to use the two mentioned applications along with Avast and also HijackThis.

bassbag

  • Guest
Re:Right click avast scan
« Reply #5 on: August 10, 2004, 10:46:48 PM »
Its not only newdot net.It drops about 4 or 5 malware including one malware rebooter.Also the resident shield DOES kick in after execution , though too late to stop it dropping all the scumware.I submitted files to tojan hunter and tds3 as they didnt detect it either , but have updated thier data base.As i say avast does detect it after execution but its a little late then.
me

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Right click avast scan
« Reply #6 on: August 10, 2004, 10:47:09 PM »
Quote
A scan of the file with resident set to high or custom (all files) and scan archives set to thorough fails to detect the malware .On execution however it detects it.


That only proves that the file is packed with some unknown method. It's self-extracting, though. Therefore, if you run it, it extracts its contents to some temp files -- and that triggers the on-access scanner...

No magic here...
If at first you don't succeed, then skydiving's not for you.

bassbag

  • Guest
Re:Right click avast scan
« Reply #7 on: August 10, 2004, 10:57:18 PM »
Thats true what you say but is it not possible for avast to detect it?Heres what boclean log records on execution of the file...
08/09/2004 18:33:21:  C:\WINDOWS\TEMP\STB1120.TMP
Trojan horse was found in above file
QUICKBAR TROJAN STOPPED by BOCLEAN!  
Above file copied to C:\evidence.boc for examination.
Active trojan horse was shut down. System now safe.
Trojan horse was removed, registry cleaned.

------------------------------
08/09/2004 18:33:26:  C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
Trojan horse was found in above file
NEWDOTNET2 TROJAN STOPPED by BOCLEAN!  
Above file copied to C:\evidence.boc for examination.
Active trojan horse was shut down. System now safe.
Trojan horse was removed, registry cleaned.

------------------------------
08/09/2004 18:33:32:  BUNDLE TROJAN VARIANT STOPPED!  
Trojan horse was found in memory.
C:\WINDOWS\TEMP\BUNDLE.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.

------------------------------
08/09/2004 18:34:52:  KEENVALUE TROJAN VARIANT STOPPED!  
Trojan horse was found in memory.
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.

------------------------------
08/09/2004 18:35:12:  C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
Trojan horse was found in above file
NEWDOTNET2 TROJAN STOPPED by BOCLEAN!  
Above file copied to C:\evidence.boc for examination.
Active trojan horse was shut down. System now safe.
Trojan horse was removed, registry cleaned.

------------------------------
08/09/2004 18:37:33:  EZULA/BOOT TROJAN STOPPED by BOCLEAN!  
Trojan horse was found in memory.
C:\WINDOWS\ILOOKUP\TTIL.EXE contained the trojan.
Active trojan horse WAS shut down. System now safe.
I have submitted the file a few days ago , so perhaps it hasnt been included yet.
Spybot and adware etc would be no good in this case as they would only detect the malware after execution of the file.
me

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Re:Right click avast scan
« Reply #8 on: August 11, 2004, 12:51:27 AM »
I don't have info on the trojan -- but keep in mind that newdot.net recently won a legal battle forcing Ad-Aware (and other anti-spyware tools) to remove them from "blacklists".
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

lee16

  • Guest
Re:Right click avast scan
« Reply #9 on: August 11, 2004, 12:29:27 PM »
Quote
I don't have info on the trojan -- but keep in mind that newdot.net recently won a legal battle forcing Ad-Aware (and other anti-spyware tools) to remove them from "blacklists".


I was wondering why newdot.net wasn't compleatly removed from my pc after spybot, ad-ware, bazooka spyware and spysweeper, removed parts of it, i had to uninstall it normally, run hijackthis and remoive them bits, restart, then deleat the folder.

--lee