Author Topic: Right click avast scan (Read 5902 times)

bassbag · « **on:** August 10, 2004, 10:24:13 PM »

Is there anyway that the right click ashquick.exe command can be more thorough?.For example i have .exe file that contains multi adware trojan droppers yet ashquick (which would be the command that download managers use) does not detect it.Executing the file does bring avast detection , but by then some damage is already done i.e newdot.net installation which can alter network settings etc.
tia
me

Vlk · « **Reply #1 on:** August 10, 2004, 10:26:44 PM »

So what if you scan the file in Simple User Interface (with all the settings set to high, archive scanning on)?

bassbag · « **Reply #2 on:** August 10, 2004, 10:35:44 PM »

A scan of the file with resident set to high or custom (all files) and scan archives set to thorough fails to detect the malware .On execution however it detects it.

bob3160 · « **Reply #3 on:** August 10, 2004, 10:38:27 PM »

Vlk
Doesn't that then defeat the whole purpose of ashquick?
I thought ashquick checks all downloaded files?

Eddy · « **Reply #4 on:** August 10, 2004, 10:40:18 PM »

newdot.net is spy-/adware not a virus. I'm not sure if Avast detects this one but I am sure Vlk will tell you

It is always a good thing if you do not only use av software, but also applications like Ad-Aware and Spybot S&D and ofcourse have a firewall. (best is a router with hardware firewall)

Since there is no application that detects all harmfull things, I advise to use the two mentioned applications along with Avast and also HijackThis.

bassbag · « **Reply #5 on:** August 10, 2004, 10:46:48 PM »

Its not only newdot net.It drops about 4 or 5 malware including one malware rebooter.Also the resident shield DOES kick in after execution , though too late to stop it dropping all the scumware.I submitted files to tojan hunter and tds3 as they didnt detect it either , but have updated thier data base.As i say avast does detect it after execution but its a little late then.
me

Vlk · « **Reply #6 on:** August 10, 2004, 10:47:09 PM »

Quote

A scan of the file with resident set to high or custom (all files) and scan archives set to thorough fails to detect the malware .On execution however it detects it.

That only proves that the file is packed with some unknown method. It's self-extracting, though. Therefore, if you run it, it extracts its contents to some temp files -- and that triggers the on-access scanner...

No magic here...

bassbag · « **Reply #7 on:** August 10, 2004, 10:57:18 PM »

Thats true what you say but is it not possible for avast to detect it?Heres what boclean log records on execution of the file...
08/09/2004 18:33:21: C:\WINDOWS\TEMP\STB1120.TMP
Trojan horse was found in above file
QUICKBAR TROJAN STOPPED by BOCLEAN!
Above file copied to C:\evidence.boc for examination.
Active trojan horse was shut down. System now safe.
Trojan horse was removed, registry cleaned.

------------------------------
08/09/2004 18:33:26: C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
Trojan horse was found in above file
NEWDOTNET2 TROJAN STOPPED by BOCLEAN!
Above file copied to C:\evidence.boc for examination.
Active trojan horse was shut down. System now safe.
Trojan horse was removed, registry cleaned.

------------------------------
08/09/2004 18:33:32: BUNDLE TROJAN VARIANT STOPPED!
Trojan horse was found in memory.
C:\WINDOWS\TEMP\BUNDLE.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.

------------------------------
08/09/2004 18:34:52: KEENVALUE TROJAN VARIANT STOPPED!
Trojan horse was found in memory.
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.

------------------------------
08/09/2004 18:35:12: C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
Trojan horse was found in above file
NEWDOTNET2 TROJAN STOPPED by BOCLEAN!
Above file copied to C:\evidence.boc for examination.
Active trojan horse was shut down. System now safe.
Trojan horse was removed, registry cleaned.

------------------------------
08/09/2004 18:37:33: EZULA/BOOT TROJAN STOPPED by BOCLEAN!
Trojan horse was found in memory.
C:\WINDOWS\ILOOKUP\TTIL.EXE contained the trojan.
Active trojan horse WAS shut down. System now safe.
I have submitted the file a few days ago , so perhaps it hasnt been included yet.
Spybot and adware etc would be no good in this case as they would only detect the malware after execution of the file.
me

MikeBCda · « **Reply #8 on:** August 11, 2004, 12:51:27 AM »

I don't have info on the trojan -- but keep in mind that newdot.net recently won a legal battle forcing Ad-Aware (and other anti-spyware tools) to remove them from "blacklists".

lee16 · « **Reply #9 on:** August 11, 2004, 12:29:27 PM »

Quote

I don't have info on the trojan -- but keep in mind that newdot.net recently won a legal battle forcing Ad-Aware (and other anti-spyware tools) to remove them from "blacklists".

I was wondering why newdot.net wasn't compleatly removed from my pc after spybot, ad-ware, bazooka spyware and spysweeper, removed parts of it, i had to uninstall it normally, run hijackthis and remoive them bits, restart, then deleat the folder.

--lee

Author Topic: Right click avast scan (Read 5902 times)

bassbag

Right click avast scan

Vlk

Re:Right click avast scan

bassbag

Re:Right click avast scan

bob3160

Re:Right click avast scan

Eddy

Re:Right click avast scan

bassbag

Re:Right click avast scan

Vlk

Re:Right click avast scan

bassbag

Re:Right click avast scan

MikeBCda

Re:Right click avast scan

lee16

Re:Right click avast scan