From: Ant on
"David Kaye" wrote:

> "FromTheRafters" wrote:
>>Were you running as administrator at the time of the "attack"?
>
> Running XP Pro with a default user with admin privileges.

That's not very secure.

>>It is possible, while browsing to a legitimate site, to get redirected
>>to a site that launches several browser exploits aimed at executing a
>>rogue application on your machine.
>
> Using OpenDNS as the DNS. Using Windows Firewall and Avast.

They won't stop the exploit of a software vulnerability.

> I checked
> filedates in various directories and didn't see much other than ave.exe and
> its entries in the registry.

Once malware gets in it often changes date stamps to match one of the
system files.

> It was actually fairly simple to get rid of,
> having dealt with it before on customer machines.

Since you appear to do this for a living you ought to know about
securing your machine.

> What's eating me is that the program launched with a window that was clearly
> detectable in Task Manager as ave.exe,

So did you kill it from task manager?

> and yet while Avast was running it simply didn't see the program.

You can't rely on AV apps to protect a machine - they are a last ditch
resort. None of them can detect everything because malware is re-
packaged every day to avoid detection. The AV vendors are always
trying to catch up.

You didn't say which browser was involved. Is it up-to-date? What
plugins and other applicatiuons are used as helpers to view embedded
content and are they sercurely configured and up-to-date? Think about
Java (not javascript), PDF and Flash viewers, ActiveX components and
other media players. Do you allow them to run automatically?


From: FromTheRafters on
"David Kaye" <sfdavidkaye2(a)yahoo.com> wrote in message
news:hp8627$ua4$4(a)news.eternal-september.org...
> "The Real Truth MVP" <trt(a)void.com> wrote:
>
>>Avast is an antivirus application not an antimalware application. That
>>said
>>the latest version is 5 do you have that version, mine detects it.
>
> Avast is an anti-malware app. It is extremely good otherwise at
> detecting
> problems. To say that it is solely anti-virus indicates that you
> don't know
> what a virus is.

Avast! is an antivirus application. It has some antimalware/antispyware
capabilities also.


From: Dustin Cook on
~BD~ <BoaterDave(a)hotmail.co.uk> wrote in
news:kamdnSv9kbHoTSrWnZ2dnUVZ8lqdnZ2d(a)bt.com:

> gufus wrote:
>> Hello, David!
>>
>> You wrote on Sat, 03 Apr 2010 22:28:50 GMT:
>>
>> | For the record "the lastest version" means exactly that, 5.0.462.
>> | I'm wondering what part of "latest version" people don't
>> | understand.
>>
>> What version?
>>
>
> Avast!
>
> TRT said "he also only posted the program version number not virus
> definition version which is 100403-1"

http://tekrider.net/usenet/pcbutts.php

Anything to say? :)



--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior

From: Dustin Cook on
"The Real Truth MVP" <trt(a)void.com> wrote in
news:hp8tec$3pl$1(a)leythos.motzarella.org:

> And 1 year later the logo's are still there. Like I said dipshit they
> contacted my attorney and I gave them my real name. They confirmed it.
> The Truth hurts you so bad you can't stand it.

One word... Liar. :) They were never able to confirm anything; as you
couldn't get the MVP award based on your performance and the fact you have
to be nominated by your peers; and you have none.... lol.


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior

From: David Kaye on
~BD~ <BoaterDave(a)hotmail.co.uk> wrote:
>The Real Truth MVP wrote:
>> Yes, all kidding aside it could be a new variant and he also only posted
>> the program version number not virus definition version which is 100403-1
>>
>>
>
>Maybe he'll check if he reads my reply to you!

I did and I checked and it's 100403-1. I let Avast automatically update both
the program and the definition files.

It looks like this may be a trend. I walked a customer through a registry
rollback (luckily the malware didn't take over safe mode) and had her set it
back 3 days. Again, like me, she has Avast on her computer, and likely has
the current definition file. I know she has the same program version I do.

Funny thing is that in quick scan mode, MBam didn't see anything at all. On
my computer it saw ave.exe.

Thank goodness it was merely a matter of rolling back the registry and not
something more serious like boot sector injections, etc. Still, she still has
the malware on her computer; it's just the registry doen't know about it.
Next time I visit her I'll have to check and get rid of it.