Avast Doesn't Block XP Defender malware (ave.exe)
in [Spyware]
|
From: The Central Scrutinizer on 4 Apr 2010 02:24 "~BD~" <BoaterDave(a)hotmail.co.uk> wrote in message news:zo6dnYu9Mff2MCrWnZ2dnUVZ8o2dnZ2d(a)bt.com... > David Kaye is (I believe) one of life's 'good guys' and has a vast amount > of computer experience. Perhaps he wasn't concentrating and Let's say what you mention here is true. If that is the case, why would he not know that users running as local admin is for sure asking for problems? He said he is running that way as all of his clients do as well! WHAT!!!! > missed your question. > > Maybe he will confirm that he *is* using Version 5 in due course. > > Btw, at the link you posted it *does* say about the Free version of Avast! > > Antivirus and anti-spyware > Secures e-mail and chats > > > I had a look at the web site of the other person commenting on your Blog > about Malwarebytes. http://gopcfix.com/ John Warnken seems to be quite > genuine - maybe you should invite him to this thread?!! > > -- > Dave
From: The Central Scrutinizer on 4 Apr 2010 02:27 I would focus more on getting your customers to not run with local admin privs as a normal user. "David Kaye" <sfdavidkaye2(a)yahoo.com> wrote in message news:hp8bui$il8$1(a)news.eternal-september.org... > sfdavidkaye2(a)yahoo.com (David Kaye) wrote: > >> I rolled back the registry and eliminated it, but I'm rather pissed that >>the latest Avast did not see it at all. > > For the record "the lastest version" means exactly that, 5.0.462. I'm > wondering what part of "latest version" people don't understand. > > Anyhow, back to our story...MB found it, Avast didn't. The ave.exe > malware > program has been out there for some time. I first saw it almost a year > ago. I'm really surprised and disappointed that Avast didn't see it, and > I'm > inclined to rethink whether I should encourage my customers to use it. >
From: ~BD~ on 4 Apr 2010 02:47 David Kaye wrote: > ~BD~<BoaterDave(a)hotmail.co.uk> wrote: >> The Real Truth MVP wrote: >>> Yes, all kidding aside it could be a new variant and he also only posted >>> the program version number not virus definition version which is 100403-1 >>> >>> >> >> Maybe he'll check if he reads my reply to you! > > I did and I checked and it's 100403-1. I let Avast automatically update both > the program and the definition files. > > It looks like this may be a trend. I walked a customer through a registry > rollback (luckily the malware didn't take over safe mode) and had her set it > back 3 days. Again, like me, she has Avast on her computer, and likely has > the current definition file. I know she has the same program version I do. > > Funny thing is that in quick scan mode, MBam didn't see anything at all. On > my computer it saw ave.exe. > > Thank goodness it was merely a matter of rolling back the registry and not > something more serious like boot sector injections, etc. Still, she still has > the malware on her computer; it's just the registry doen't know about it. > Next time I visit her I'll have to check and get rid of it. > Perhaps try Microsoft Security Essentials! http://www.microsoft.com/security_essentials/?mkt=en-us I'm using it on two machines and it seems to work just fine! You have obviously found this experience somewhat disconcerting, David, and I can just feel your frustration. For me, though, it has been most interesting, especially your posting times being ahead of others who are also using Eternal-September. Might you approach Ray Banana about this? I've found him very helpful. I wish you a very Happy Easter. Dave BD An afterthought! Assume you had a pristine machine (new or with a new hard disk) - not connected to the Internet - upon which you had loaded Malwarebytes from a memory stick. If you ran a full scan it should of course report no infections. With all the skill you have acquired, would you be able to tell if changes had been made to your machine by MBAM which might, perhaps, enable remote access to it when connected to the Internet?
From: David Kaye on 4 Apr 2010 05:25 "The Central Scrutinizer" <gcisko(a)hotmail.com> wrote: >Let's say what you mention here is true. If that is the case, why would he >not >know that users running as local admin is for sure asking for problems? He >said he is running that way as all of his clients do as well! WHAT!!!! I have been fixing malware problems fulltime since 2002. That's 8 years. When I remove malware, turn off unnecessary services, remove unneeded startups, and put in a rudimentary anti-malware program (Avast lately), I seldom get repeat calls from my customers for malware problems. When they do call me back it's to fix something unrelated or to refer a new customer. So, I feel fairly confident that XP is just fine in the default user mode, which has admin privileges. Oh, I suppose I could set them up with limited accounts but do you know how sloppy that is? Some programs simply won't work, while others get flaky. Quickbooks is a perfect example. It will not run properly (and sometimes not at all) on a limited account.
From: FromTheRafters on 4 Apr 2010 07:05
"David Kaye" <sfdavidkaye2(a)yahoo.com> wrote in message news:hp95j8$ekl$6(a)news.eternal-september.org... [...] > This is where heuristic scanning comes in and why MBam can catch > nearly > everything. I had the impression, reading from Avast's documentation > and > various postings from people that Avast also had similar heuristic > scanning. > Apparently not. [...] From my reading, Avast! only uses its heuristic's for its e-mail scanner. |