Author Topic: Malware not blocked by webshield  (Read 13519 times)

0 Members and 1 Guest are viewing this topic.

Offline phyniks

  • Jr. Member
  • **
  • Posts: 62
Malware not blocked by webshield
« on: February 26, 2012, 09:38:44 PM »
I m usin avast 7 and I think the version is a big improvement
I m receiving some trojan containing spam (yahoo mail) and every time I want to download the file(testing avast), the webshield warns me that the malware is blocked:

http://www.avast.com/lp-security-information-fp2?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_70_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ww%2Fvirus-alert-challenger2&p_vir=Win32:Ufraie-J&p_prc=&p_obj=&p_var=.%2Ffa%2Fen-ww%2Fvirus-alert-default2&p_pro=0&p_vep=7&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=369&p_lng=en&p_lid=en-ww&p_elm=7&p_vbd=1407

but it s been downloaded and the malware (zipped file) is in the "downloads" catagory of my MY DOCUMENTS
why does the malware get through after the waring and whydoes not  avast webshield  block it ?!!
is it a bug or I should change something in the setting?(it is set by default)
Win 7 home premium
browser:chrome
« Last Edit: February 26, 2012, 09:52:13 PM by phyniks »

Offline DarkRadience

  • Jr. Member
  • **
  • Posts: 52
Re: Malware not blocked by webshield
« Reply #1 on: February 27, 2012, 12:32:32 AM »
The question I have first is the malicious code still present in the zip?  You could upload it to virustotal.com for more info, and post the results.
Truly I don't have much of a clue here but can be thinking on it.

Offline phyniks

  • Jr. Member
  • **
  • Posts: 62
Re: Malware not blocked by webshield
« Reply #2 on: February 27, 2012, 04:38:02 AM »
yes
the virus containing zipped file is intact
scanning the file with avast shows the malware is there
just after chrome starts to download,avast warning comes up saying the malware is blocked by webshield
but no termination happens and the file is downloaded thoroughly!!!!
it is not harmfull because the file is in a zipped folder but avast webshield does not actually block the download process,it just warns!!!!

is there anyone who can explain why that happens?
i can send the trj containg mail to anyone who wants to see the bug
« Last Edit: February 27, 2012, 04:42:55 AM by phyniks »

Offline phyniks

  • Jr. Member
  • **
  • Posts: 62
Re: Malware not blocked by webshield
« Reply #3 on: February 27, 2012, 06:17:48 PM »
Update:
I downloaded the file 8 times(its size is 27.3kb)
5 times the webshield warned before the download process and it was blocked properly
3 times the webshield warned after the browser stated to download and the file got through and webshield just warned,no actual blocking!!!
I think this is the bug,I hope avst will fix it

Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 712
  • A Good Old Indian!
Re: Malware not blocked by webshield
« Reply #4 on: February 27, 2012, 06:19:44 PM »
extract the file and it will be caught in file shield  ;D

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9442
Re: Malware not blocked by webshield
« Reply #5 on: February 27, 2012, 06:22:21 PM »
extract the file and it will be caught in file shield  ;D

@true indian >>> STOP POSTING USELESS STUFF HERE !!! ... you already advised someone who solved his problem running the uninstall utility to >>> run the uninstall utility  ::) >>> now the problem here is why the web shield doesn't block malware off and on, not what happens if you extract an infected archive and the file shield interferes, is that clear for you now ???
w7 - ais7

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9442
Re: Malware not blocked by webshield
« Reply #6 on: February 27, 2012, 06:26:22 PM »
@the OP now: what are your web shield settings ... I don't like this issue .. did you upload that zip to Avast (from chest) ?
« Last Edit: February 27, 2012, 06:29:19 PM by logos »
w7 - ais7

Offline phyniks

  • Jr. Member
  • **
  • Posts: 62
Re: Malware not blocked by webshield
« Reply #7 on: February 27, 2012, 06:30:59 PM »
As I said every thing is set by default(avast free 7.0.1407 chrome 17)
I submitted and explained the case, but the file is KNOWN to avast database,the problem is the webshield unability to block the download process
I ve sent the issue to avast center and I hope there will be the fixation
https://support.avast.com/index.php?loginresult=1&group=eng&_m=tickets&_a=viewticket&ticketid=2654986

as I said I can forward the mail to anyone who wants to examin(it is not harmfull because it is zipped)
« Last Edit: February 27, 2012, 06:40:25 PM by phyniks »

Offline lukas.hasik

  • Avast team
  • Advanced Poster
  • *
  • Posts: 883
  • Product manager of Mac AV and Cleanup
Re: Malware not blocked by webshield
« Reply #8 on: February 27, 2012, 06:41:48 PM »
Could you attach the zip file to the ticket you've submitted?
Quality is also a feature.

Offline mag

  • Advanced Poster
  • **
  • Posts: 742
Re: Malware not blocked by webshield
« Reply #9 on: February 27, 2012, 07:06:23 PM »
I seem to recall vlk saying in a post (years ago) that not all browsers 'respect' the webshield block. Some just keep retrying - and depending on download speed response/reset times they may succeed.

(I also seem to recall him saying that IE does respect it). this was a long time ago though - I could easily be misremembering)

(and the more I think about that it doesn't seem to make sense - avastSvc should be in the way if it is being used as proxy)
« Last Edit: February 27, 2012, 07:22:01 PM by mag »

Offline phyniks

  • Jr. Member
  • **
  • Posts: 62
Re: Malware not blocked by webshield
« Reply #10 on: February 27, 2012, 07:15:13 PM »
Could you attach the zip file to the ticket you've submitted?
I ve just attached
then i download what I uploaded and unfortunately it makes no webshield blocking (no even warning)  :'(
what is the matter with the webshild?!!!!
everyone,just DL it and say what happens plz
« Last Edit: February 27, 2012, 07:17:53 PM by phyniks »

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Malware not blocked by webshield
« Reply #11 on: February 27, 2012, 07:18:47 PM »
Could you attach the zip file to the ticket you've submitted?
I ve just attached
then i download what I uploaded and unfortunately it makes no webshield blocking (no even warning)  :'(
what is the matter with the webshild?!!!!
everyone,just DL it and say what happens plz

support.avast.com runs HTTPS so there's no WebShield...
If at first you don't succeed, then skydiving's not for you.

Offline phyniks

  • Jr. Member
  • **
  • Posts: 62
Re: Malware not blocked by webshield
« Reply #12 on: February 27, 2012, 07:23:05 PM »
support.avast.com runs HTTPS so there's no WebShield...

what about the case in yahoo mail
why webshield cannot stop google chrome downloading the malware (it said it did)
« Last Edit: February 27, 2012, 08:32:26 PM by phyniks »

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9442
Re: Malware not blocked by webshield
« Reply #13 on: February 27, 2012, 11:25:07 PM »
please guys, Vlk and Lukas, let us know in this thread what happened, and if the issue can be reproduced and fixed.

 I've seen this happen very long ago, with V5, the web shield behaving strangely off and on, exactly like what the OP reported: downloading the same file (tested that with Eicar archive on plain http at the time with V5), warning and connection aborted as expected, or randomly warning, but the connection isn't aborted and of course the file is still downloaded. Thanks.
w7 - ais7

Offline phyniks

  • Jr. Member
  • **
  • Posts: 62
Re: Malware not blocked by webshield
« Reply #14 on: February 28, 2012, 03:33:26 PM »
I m re receiving that virus containing spam with different subjects such as
 "THIS PHOTO TELLS YOU ALL",
"THIS PHOTO TELL YOU WHAT",
"YOU GOTTA BE KIIDING ME",
"IS IT REALLY YOU IN THIS PICTURE"
and avast webshield is still missing every other one (one in one out)
and unfortunately here is avast support response by "Petr Bucek,2nd level Technical Support" who seeems not to read the issue carfully: :-\



Hello,

Thanks for the file, which is already being detected by avast! antivirus.

If I can be of any further assistance, please do not hesitate to contact me again.

With Kind Regards,


Petr Bucek
2nd level Technical Support

AVAST Software a. s.
Budějovická 1518/13A
140 00 Prague, Czech Republic
« Last Edit: February 28, 2012, 03:36:12 PM by phyniks »