Avast Doesn't Block XP Defender malware (ave.exe)
in [Anti-Virus]
|
From: Ant on 3 Apr 2010 20:26 "David Kaye" wrote: > "FromTheRafters" wrote: >>Were you running as administrator at the time of the "attack"? > > Running XP Pro with a default user with admin privileges. That's not very secure. >>It is possible, while browsing to a legitimate site, to get redirected >>to a site that launches several browser exploits aimed at executing a >>rogue application on your machine. > > Using OpenDNS as the DNS. Using Windows Firewall and Avast. They won't stop the exploit of a software vulnerability. > I checked > filedates in various directories and didn't see much other than ave.exe and > its entries in the registry. Once malware gets in it often changes date stamps to match one of the system files. > It was actually fairly simple to get rid of, > having dealt with it before on customer machines. Since you appear to do this for a living you ought to know about securing your machine. > What's eating me is that the program launched with a window that was clearly > detectable in Task Manager as ave.exe, So did you kill it from task manager? > and yet while Avast was running it simply didn't see the program. You can't rely on AV apps to protect a machine - they are a last ditch resort. None of them can detect everything because malware is re- packaged every day to avoid detection. The AV vendors are always trying to catch up. You didn't say which browser was involved. Is it up-to-date? What plugins and other applicatiuons are used as helpers to view embedded content and are they sercurely configured and up-to-date? Think about Java (not javascript), PDF and Flash viewers, ActiveX components and other media players. Do you allow them to run automatically?
From: FromTheRafters on 3 Apr 2010 20:32 "David Kaye" <sfdavidkaye2(a)yahoo.com> wrote in message news:hp8627$ua4$4(a)news.eternal-september.org... > "The Real Truth MVP" <trt(a)void.com> wrote: > >>Avast is an antivirus application not an antimalware application. That >>said >>the latest version is 5 do you have that version, mine detects it. > > Avast is an anti-malware app. It is extremely good otherwise at > detecting > problems. To say that it is solely anti-virus indicates that you > don't know > what a virus is. Avast! is an antivirus application. It has some antimalware/antispyware capabilities also.
From: Dustin Cook on 3 Apr 2010 22:25 ~BD~ <BoaterDave(a)hotmail.co.uk> wrote in news:kamdnSv9kbHoTSrWnZ2dnUVZ8lqdnZ2d(a)bt.com: > gufus wrote: >> Hello, David! >> >> You wrote on Sat, 03 Apr 2010 22:28:50 GMT: >> >> | For the record "the lastest version" means exactly that, 5.0.462. >> | I'm wondering what part of "latest version" people don't >> | understand. >> >> What version? >> > > Avast! > > TRT said "he also only posted the program version number not virus > definition version which is 100403-1" http://tekrider.net/usenet/pcbutts.php Anything to say? :) -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: Dustin Cook on 3 Apr 2010 22:29 "The Real Truth MVP" <trt(a)void.com> wrote in news:hp8tec$3pl$1(a)leythos.motzarella.org: > And 1 year later the logo's are still there. Like I said dipshit they > contacted my attorney and I gave them my real name. They confirmed it. > The Truth hurts you so bad you can't stand it. One word... Liar. :) They were never able to confirm anything; as you couldn't get the MVP award based on your performance and the fact you have to be nominated by your peers; and you have none.... lol. -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: David Kaye on 4 Apr 2010 00:37
~BD~ <BoaterDave(a)hotmail.co.uk> wrote: >The Real Truth MVP wrote: >> Yes, all kidding aside it could be a new variant and he also only posted >> the program version number not virus definition version which is 100403-1 >> >> > >Maybe he'll check if he reads my reply to you! I did and I checked and it's 100403-1. I let Avast automatically update both the program and the definition files. It looks like this may be a trend. I walked a customer through a registry rollback (luckily the malware didn't take over safe mode) and had her set it back 3 days. Again, like me, she has Avast on her computer, and likely has the current definition file. I know she has the same program version I do. Funny thing is that in quick scan mode, MBam didn't see anything at all. On my computer it saw ave.exe. Thank goodness it was merely a matter of rolling back the registry and not something more serious like boot sector injections, etc. Still, she still has the malware on her computer; it's just the registry doen't know about it. Next time I visit her I'll have to check and get rid of it. |