Hello,
first I'll describe the scenario:
I'm using Windows 7 with SP1 and avast! Free 6.0.1091. The virus database is 110526-0.
All protection modules are activated exept the mail modul. I use "scan whole file" (don't know how you call this in engish. I've got the german version).
The file is a self-extracting rar file (.exe) and contains an other rar archive. The second one is password crypted and contains a (VisualBasic written) "Hello World",
with the Eicar Test Virus in the ADS. If I download the VB file directly, avast! will detect it.
The first archive contains also a .bat file, which encrypts the second one. At this point my avast! fails.
The datasystem monitoring module doesn't detect the written Eicar virus. I can execute the "Hello World" programme and nothing happens.
First if I do a manual scan, using avast!, I'll get the virus message.
You can take a look at the archive (they share this archive for tests)
https://www.evil-shit.de/rar/Username: Selbsttester
Password: 123456
And now my question: Why does avast! find this test virus just with a manual scan?
Greetings
Matthias
