Avast Doesn't Block XP Defender malware (ave.exe)
in [Spyware]
|
From: Beauregard T. Shagnasty on 3 Apr 2010 20:09 ~BD~ wrote: > TRT said Stop calling him "TRT". He is the exact opposite of the real truth. Have you bothered to do this? http://www.google.com/search?q=pcbutts1+software+thief <quote> From: "Intellectual Property and Licensing Group" <[cut]@microsoft.com> To: "'pcbutts1'" Sent: Monday, March 09, 2009 9:05 PM Subject: RE: Logo use Please provide us your name to verify in our system. </quote> -- The Real Truth: http://www.google.com/search?q=pcbutts1+software+thief *WARNING* Do NOT follow any advice given by the people listed below. They do NOT have the expertise or knowledge to fix your issue. Do not waste your time. PCButtface1, The Not-Real Truth Not-an-MVP, fake-ms-mvp.org
From: David H. Lipman on 3 Apr 2010 20:12 From: "FromTheRafters" <erratic(a)nomail.afraid.org> | "~BD~" <BoaterDave(a)hotmail.co.uk> wrote in message | news:kamdnSv9kbHoTSrWnZ2dnUVZ8lqdnZ2d(a)bt.com... >> Maybe David Kaye has not used the very latest virus *update*. I don't >> know, but something is odd if TRT's Avast! does catch the rogue file >> yet David's doesn't! | It is possible for a trojan to drop a file named ave.exe that is for all | practical purposes unique to that system. The filename means nothing. | The thing that should be detected is the dropper itself - if you don't | install it, you don't have to identify and remove it. Yes. In fact a web site can offer up different MD5 valued files for something as different as the User-Agent. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Ant on 3 Apr 2010 20:26 "David Kaye" wrote: > "FromTheRafters" wrote: >>Were you running as administrator at the time of the "attack"? > > Running XP Pro with a default user with admin privileges. That's not very secure. >>It is possible, while browsing to a legitimate site, to get redirected >>to a site that launches several browser exploits aimed at executing a >>rogue application on your machine. > > Using OpenDNS as the DNS. Using Windows Firewall and Avast. They won't stop the exploit of a software vulnerability. > I checked > filedates in various directories and didn't see much other than ave.exe and > its entries in the registry. Once malware gets in it often changes date stamps to match one of the system files. > It was actually fairly simple to get rid of, > having dealt with it before on customer machines. Since you appear to do this for a living you ought to know about securing your machine. > What's eating me is that the program launched with a window that was clearly > detectable in Task Manager as ave.exe, So did you kill it from task manager? > and yet while Avast was running it simply didn't see the program. You can't rely on AV apps to protect a machine - they are a last ditch resort. None of them can detect everything because malware is re- packaged every day to avoid detection. The AV vendors are always trying to catch up. You didn't say which browser was involved. Is it up-to-date? What plugins and other applicatiuons are used as helpers to view embedded content and are they sercurely configured and up-to-date? Think about Java (not javascript), PDF and Flash viewers, ActiveX components and other media players. Do you allow them to run automatically?
From: FromTheRafters on 3 Apr 2010 20:32 "David Kaye" <sfdavidkaye2(a)yahoo.com> wrote in message news:hp8627$ua4$4(a)news.eternal-september.org... > "The Real Truth MVP" <trt(a)void.com> wrote: > >>Avast is an antivirus application not an antimalware application. That >>said >>the latest version is 5 do you have that version, mine detects it. > > Avast is an anti-malware app. It is extremely good otherwise at > detecting > problems. To say that it is solely anti-virus indicates that you > don't know > what a virus is. Avast! is an antivirus application. It has some antimalware/antispyware capabilities also.
From: Dustin Cook on 3 Apr 2010 22:25
~BD~ <BoaterDave(a)hotmail.co.uk> wrote in news:kamdnSv9kbHoTSrWnZ2dnUVZ8lqdnZ2d(a)bt.com: > gufus wrote: >> Hello, David! >> >> You wrote on Sat, 03 Apr 2010 22:28:50 GMT: >> >> | For the record "the lastest version" means exactly that, 5.0.462. >> | I'm wondering what part of "latest version" people don't >> | understand. >> >> What version? >> > > Avast! > > TRT said "he also only posted the program version number not virus > definition version which is 100403-1" http://tekrider.net/usenet/pcbutts.php Anything to say? :) -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior |