Just updating the forum on my on-going test of Avast! Pro v4.6:

As of today, i'm officially reinstalling NAV 2005 as my primary active virus shield, Avast! like many other anti-viruses has failed me, a lot of people will now be :eek:, but let me explain my reasons.

I've been trial testing Avast! Pro v4.5/4.6 for about a month now, because i want to find an anti-virus that will take up the least system resources possible.

Avast! certainly fills that bill, and is a nice program and has an excellent scanner, but that's all it has going for it in my opinion, last night, after finishing a game of doom, my computer kindly informed me i had 0mb left on my c:\ partition.

I knew this was wrong, so straight away, i feared a virus, i thought, "not again".

Anyway, looked about, checking file sizes of all folders and files, found a temp folder in the c:\ parent drive, with a program.exe i've never seen before, as soon as i opened the folder, Avast! kindly decided to tell me the file was a virus, wonderful, i knew that before the shield did!

Anyway, Avast! removed the file without fuss, but this did not solve the HD space problem, so i decided to run a full virus scan.

After about 5 seconds into the scan, the scanner froze, so i restarted the comptuer in safe mode and tried again, again, the scanner froze.

I checked to see what file/folder it was getting stuck on, and noticed it was the DR WATSON folder in Documents and settings.

My mind clicked, i had noticed that DR WATSON had been running on my pc numorus times in the last week, taking up to 80mb of ram, and i had no idea why, so i kept shutting it down, as far as i'm aware, DR WATSON is just a Microsoft diagnoistics program, so i just thought Windows was playing up like normal, so i thought nothing of it.

Anyway, to the point, i went into the DR WATSON folder, and clear as day, there was my problem, a DRWATSON.LOG, size 6.2gb.

So straight away i done the job Avast! was suppose to do, and deleted the file.

Well, the scanner worked now, and i left it scanning over night, the report found not one, but 3 trojans on my pc, i've took a screen shot of each one, but they are at home.

My installation of Windows still isn't fixed, it's f**ked now, i have to format and reinstall when i get home :(, what a load of bollocks.

Now the reason for this post except to vent some anger and frustration, are was losing the virus war?

Are no anti-viruses good enough to catch or stop most viruses/trojans anymore or is Avast! just crap?

It's just, every time i stray away from NAV, i always end up with a virus, isn't there any REAL competition out there to compete with NAV?

For now, i've de-actived the Avast! real time shield, and reinstalled NAV to replace it.

I still plan to keep Avast! as a scanner, since it does seem to do a very good job of catching the viruses when they are already on the system :rolleyes:

But it appears, i'm back to the drawing board again, stuck with NAV again, going to try Mcfee next, already tried AVG Home & NOD32, both of them failed to stop viruses/trojans getting onto my pc, maybe one day hopefully i'll find a AV that has the perfect balance of realibility and speed. :rolleyes:

so it sounds like the folder was being used to store the screen captures and keylogging from 1 of the trojans.

it is a great idea to format and do a fresh install

in addition to your virus scanner you should try trojan hunter
www.trojanhunter.com

it was able to detect and clean trojans running which my tested antivirus scanners never knew

Nice info eggman,

Is this program a REAL TIME SCANNER?

That's what i want, NAV is good at trojans, but no other AV seems to handle them well at all!

If real time trojan scanners are now available, is it now the case that in today's world we need a dedicated real time trojan scanner to work along side a virus scanner now?

It does appear to me that a awful lot more work is being put into trojans these days, and viruses are now yesterdays news.

I don't know, with anti-viruses concentrating on viruses, and now even spyware these days, it appears to me that they can't cope with the varied content being thrown at them.

Maybe it would be a good idea if they split up the work load instead of trying to offer an all-in-one solution, because it never works, having experts in every field is what we need, and not just an expert in viruses, but a learner in trojans, etc.

Anyway, to the point, i went into the DR WATSON folder, and clear as day, there was my problem, a DRWATSON.LOG, size 6.2gb.

So straight away i done the job Avast! was suppose to do, and deleted the file.
I fail to see where its Avast! job to delete a " DRWATSON.LOG" please explain...

Well, the scanner worked now, and i left it scanning over night, the report found not one, but 3 trojans on my pc, i've took a screen shot of each one, but they are at home.
So whats the problem ? Avast found the trojans and why do you tie the trojans in with the DocWatson problem ? Seems as though Avast! did its job and if you read the Avast! help files you would know about ways to set Avast to find virus/trojans way before you open a folder.

Are no anti-viruses good enough to catch or stop most viruses/trojans anymore or is Avast! just crap?
Depends on definitions, even though most AV's are constantly updating definitions for trojans they aren't trojan hunters. McAfee and Kaspersky have the most trojan definitions, yet even the high risk users still have dedicated trojan scanners.

Nice info eggman,

Is this program a REAL TIME SCANNER?



It will notify you and stop a trojan in it's tracks!

I rigged a test machine once and used online scanners and although some scanners found the trojan installer file they could not see the trojan running and I watched all this remotly:D

Trojan Hunter detected and removed some crazy stuff and it will also alert you to suspiciousopen ports.

use it in addition to your antivirus

free 30 day trial

I fail to see where its Avast! job to delete a " DRWATSON.LOG" please explain...

It was obviously part of the trojan's work code, isn't Avast! suppose to protect us from trojans?


So whats the problem ? Avast found the trojans and why do you tie the trojans in with the DocWatson problem ? Seems as though Avast! did its job and if you read the Avast! help files you would know about ways to set Avast to find virus/trojans way before you open a folder.

I answered this in my last quote, i will check the helps file though :)


Depends on definitions, even though most AV's are constantly updating definitions for trojans they aren't trojan hunters. McAfee and Kaspersky have the most trojan definitions, yet even the high risk users still have dedicated trojan scanners.

Thanks for the info! :D

It will notify you and stop a trojan in it's tracks!

I rigged a test machine once and used online scanners and although some scanners found the trojan installer file they could not see the trojan running and I watched all this remotly:D

Trojan Hunter detected and removed some crazy stuff and it will also alert you to suspiciousopen ports.

use it in addition to your antivirus

free 30 day trial

Thanks for the info, i'll install it straight away! :D

Great information Gimmie et all, I think peeps will appreciate this and help make better decisions...

Great information Gimmie et all, I think peeps will appreciate this and help make better decisions...

Thanks crash, i hope this information helps people to find a better grasp of what's needed, security wise today, installed on their modern pcs, i mean, i didn't have any idea trojan scanners have now become active scanners in their own right, the last time i downloaded a trojan scanner was 2 years ago as an experiment, and at the time, (i tried a few), none of them was active real time scanners.

And now they are, how things are advancing in a negitive way is simply amazing, it appears to me like i have already stated in a previous post, trojans seem to be the latest thing, getting more complex and deadly by the day, so much so, that i now believe it's time for the modern day pc to have an active trojan scanner, along side the now widely accepted home name "anti-virus", at least in my case, from now on i'm going to run a real time trojan scanner, to feel safe again.

It's a shame i come online to the forum to report negitive comments about a widely loved piece of software, but that's just me, i just tell it as it is, i'm certainly not the type of person that defends a piece of software blindly, simply because of it's hard earned work in other areas, so what, that Avast! has a simple resource friendly interface, with cool sound effects when updating?

If the software fails to do what i feel it's advertised to do, then i'll expose it's flaws, regardless of how much i appreciate it's fine work in other area's.

I'm someone who believes that if someone is charging money for their product, that we as the consumers shouldn't work for the product, the product should work for US and thus it is our duty, to present the facts, both negitive and positive to help in achieving the perfect product that everyone deserves.

I'm just as positive about software, as i am negitive, but it seems to me that people get far more emotional over negitive comments, and in most cases tend to think irrationally while posting their post, i refer to fastgame, unfortunately, in this case, avast simply failed to do it's job, and that job was to protect my pc from viruses/trojans, which i believe (correct me if i'm wrong), is what it is advertised for sale as it's purpose.

My avast! was fully updated, with the latest updates and virus definitions, i fully understand that no anti-virus can ever be 100% full proof, and on some occasions, viruses will simply have the better coding and defeat the anti product, and i agree, there is no one to blame but society in these cases.

But the fact that the trojan successfully haulted avasts! virus scanner in it's tracks every time, even in safe mode, is simply disturbing/unacceptable, not to mention that it wasn't just one security threat that got past avast! scanners, but three!

I really dispise people that blindly defend a product or blindly attack a product simple on the basis of it's reputation, which i see EVERYDAY all over the net by the way.

I understand if someone comes out of the blue with a badly worded, badly explained explaination, but this isn't the case, the facts i've put forward are facts and the whole case happened exactly how i explained it, facts are facts, and negitive facts, as well as positive facts, MUST be concidered, regardless of whether we have experienced them/not experienced them, like or approve of them or not. :cool:

On a brighter note, i will be sending an e-mail off to avast! regarding this matter, and i hope they update their wonderful software to improve it's service, because i really DO love the software, i'm keeping avast! as a virus scanner, but not as a resident shield, i'm really annoyed that i keep having to go back to my copy of Nortons AV every time i get a virus/trojan while trial testing another product, because i'm trial testing for a reason, i think it's important to note, that while trial testing all the previous anti-virus, each time they failed to product my pc, it was due to a TROJAN attack, and not a virus, thus fueling my theory on how well anti-viruses can be expected to deal with trojans in today's age.

I still want a better all round anti-virus/trojan which leaves a very small footprint and i hope i find this software one day, but now i'm starting to believe that to have this goal, is to simple have 2 dedicated products running at the same time, so maybe i'll do just that, run avast! and this new trojan scanner together and see how i go :D

I'm just as positive about software, as i am negitive, but it seems to me that people get far more emotional over negitive comments, and in most cases tend to think irrationally while posting their post, i refer to fastgame, unfortunately, in this case, avast simply failed to do it's job, and that job was to protect my pc from viruses/trojans, which i believe (correct me if i'm wrong), is what it is advertised for sale as it's purpose.

WoW where did this come from :confused: nowhere in my post did I use bold, CAPS or !!!! "think irrationally while posting their post" so it was irrational for me to ask how an AV that found trojans failled to do its job ? Was it irrational for me to state the FACT! that AV's aren't suppose to delete "DR WATSON" files even though you think they should. Was it irrational in suggesting "McAfee and Kaspersky and trojan scanner" and in doing so was it in "blindly defend a product" (Avast) to the end ?


It's a shame i come online to the forum to report negitive comments about a widely loved piece of software, but that's just me, i just tell it as it is, i'm certainly not the type of person that defends a piece of software blindly, simply because of it's hard earned work in other areas, so what, that Avast! has a simple resource friendly interface, with cool sound effects when updating?

If the software fails to do what i feel it's advertised to do, then i'll expose it's flaws, regardless of how much i appreciate it's fine work in other area's.

And just what is it you've exposed ? "already tried AVG Home & NOD32, both of them failed to stop viruses/trojans getting onto my pc" and now add Avast to the list....I suggest you go to one of the major security forums, places where people are far more experienced than any of us here @TZ(sans Curio) in security issues. Try to bash AVG, NOD32, Avast and see how far you get, I'm sure someone will question your computing habits.

I understand if someone comes out of the blue with a badly worded, badly explained explaination, but this isn't the case, the facts i've put forward are facts and the whole case happened exactly how i explained it, facts are facts, and negitive facts, as well as positive facts, MUST be concidered, regardless of whether we have experienced them/not experienced them, like or approve of them or not.

Where are the facts ? you still have yet to post the name of any virus/trojan/worm

A Google search (http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla:en-US:official&q=+%09+Dr+Watson+Postmortem+Debugger&spell=1) reveals many things that could be the problem. In most cases it's spyware/trojan/worm/virus related. In some of the cases the offender disables AV's and security software. In fact in that search there's cases where Nortons AV was disabled !

A person can have all the security software in the World, that doesn't in any way diminish the fact that safe computing doesn't need to be practiced.

It's up to each individual too adjust thing's accordingly with their risk factor. That includes understanding what their software does & doesnt do. Reading help files on any software goes along way in preventing problems.

IMO anyone who fails to adjust their security needs with their risk factor/habits doesnt need to look far for an answer to the problem, it's no further away than a quick glance in the mirror.

Now Mr Gimie lets get one fact straight ! I'm a beta tester for Avast not a security expert. All my testing is done on the user end of things. That means I live throught all the bugs, crashes and infestations in doing so and I sure don't go though this "blindly ". When I run accross problems they're turned in so they can be fixed. I don't quit, don't give up in the hopes that people like yourself might enjoy a decent product. Right from the start I wanted you to give me info so I could maybe get to the root of the problem, sorry that right from the start you thought I was irrational

I hope no one mistakes this post, I don't want any confusion. I think I've used bold, CAPS and !!! in all the appropriate places.

BYE!!

no av will catch 100% - 100% of the time, which is why I use more than one AV.

Ask not what your AV can do for you, but what you can do for your AV!
:D

no av will catch 100% - 100% of the time, which is why I use more than one AV.

Me as well. I use both Avast and Nod32 and have stayed infection free...

no av will catch 100% - 100% of the time, which is why I use more than one AV.
Perfect example today :) http://www.wilderssecurity.com/showthread.php?t=69915
Me as well. I use both Avast and Nod32 and have stayed infection free...
Looks like a nice combo ;)

I use Avast as main AV and Kaspersky as backup scanner, good thing Avast has definitions for the virus in the link, Kaspersky didn't :p

you guys are turning into viruses....


j/k

we love you guys!

Trojans and viruses are detected only by a sliver of code. This is only part of the actual virus,

Please be aware that I can spend $100 and buy a version of a trojan that no anti-virus or scanner can detect.

I would like the info on the names and how where they got in.

It all comes down to virii & trojans & spyware etc are forever changing, and they are changing faster than programs can detect let alone remove them or even protect... these are 3 totally different things... there may have been a program that could do all 3 but just wait till next wave of virii and it'll have no chance...

What this means for Power Users of PC and Internet, is that we cant sit back and use the web like we used to a couple of years ago let alone 3 weeks ago... we have to change and adapt too... so, if it means we have to use 2 virus scanners, plus spybot plus sweeper plus norton etc etc etc... so be it... we should be smart enough to handle that, and good enough to adapt to this new era...

It is a pain when infected, you feel violated, especially worse when the only recovery is a full format and install... but as IT nuts, we should accept it, learn from it, research mitigating factors.. rebuild and see how long till next time ;)

It's not antivirus (or maybe it is) but if you install and correctly configure Process Guard it will defeat all Virii, Adware and Trojans. Make sure you block Driver/Service installs and take a good read of the documentation, every new executable that tries to run on your system will be flagged giving you the oportunity to investigate it's purpose. You need to remember to turn it off once in a while - when installing apps or updates. This is a super host based IDS and is probably the best value for money bit of software there is, it doesn't need signatures like Anti-whatever software so you can block even undiscovered malwares.

I never gave up on the idea of running multiple anti-viruses, just never thought i would need to, annoyed at how much system resources one anti-virus program takes up today :rolleyes:

I haven't reinstalled my Windows on my infected pc yet, infact, i haven't swithced it on since, been too busy, but when i get home today, i'll reformat, reinstall, and i'll try a mixture of maybe NOD32 as my real time protection, and avast! as a scanner, also i'll install the trojan scanner as well.

Talk about triple layed durex! :D

Thanks for all the advice guys! ;)

Gimie, I think you should try Avast (since you have it) as the Resident scanner, it has real good layered protection with all the modules, Webshield is proving to be very good at preventing browser infections. Use NOD32 as the on demand backup scanner and take advantage of its Advanced Heuristics in case something gets through Avast.

BitDefender 7 Free works good as a backup scanner, if your interested there's a Free Kaspersky clone (eSan mwav.exe) that uses the Kaspersky X_base definitions.

Its not going to drain your PC using 2 AV's, no matter which way you go you have to stop (pause) Resident Shield of 1 AV when you use the other as a scanner to prevent a conflict between the two.

Your right, this spyware/trojan/worm/virus stuff is getting way out of hand :mad: 2 AV's, Anti-Spyware, Trojan scanner, Process Guard and Firewalls...man what the heck is this world comming to :(

It's not antivirus (or maybe it is) but if you install and correctly configure Process Guard it will defeat all Virii, Adware and Trojans.
I agree in theory but.....don't you think it would be quite a hassle for the average user to deal with Process Guard if things weren't filtered before hand ?

Just a question....your thoughts :)

I agree that it's unfortunate having to run multiple apps just to protect your system. But...it simply is the case these days.

That java classloader trojan I picked up even shut down processguard (full version).

That java classloader trojan I picked up even shut down processguard (full version).
Like I said you have to configure it correctly and use it accordingly. I am a techno weenie so I generally know how to do this (I read the documentation - I even understood some of it!). Security and ease of use are opposites - always have been and always will be, the more you lock something up the more you have to jump through hoops to go about your daily business. I find Avast to be very good antivirus and like many others here I often find when I take Norton off a system and install avast it finds lots of stuff Norton didn't. Yesterday I did just that on a user's PC and it found 20 or more adware and trojan components. Norton's real weaknesss has always been with exe-packed files which trojans often are and so makes Norton particularly bad as a trojan scanner, maybe it has improved but I haven't seen any evidence of it. I can't recommend Norton to my customers any more - it's too embarrassing having to go back two weeks later when they are virussed and adwared up to the hilt. I got fed up of being asked "Isn't norton supposed to stop that?".
for joe-average-user yes ProcessGuard is beyond their comprehension - way beyond it, but that doesn't mean it isn't a great host IDS - it is.

The issue is the fact that Process Guard lost the "start up race" and was disallowed start up (along with other apps)

I think PG should do its best to ensure that it survives the inevitable reboot. PG has greatly reduced the number of programs that can start before PG takes control, but until that hole is closed completely there may be room for improvement.It seems that there is malware that makes use of the race condition... so as expected its not just as easy as brushing off the attack vector as "a proof of concept" exploit

PG is not "way beyond my comprehension" joe-average-user is not as dumb as you think mr. techno weenie.

BTW, for those interested, here's a database for configuring PG: http://www.diamondcs.com.au/pgdb/index.php?showall=1

I think all work computers should switch to Mac. My home computer is used for fun. I have no antivirus and no spyware removers and my firewall is the built in xp.

I use firefox.

My email are all yahoo or hotmail

Formated & reinstalled yesterday, running Avast! as my main anti-virus, along side the trojan scanner egg suggested, let's see how things go!

I believe that even though my topic comment still stands, i now believe that many anti-viruses will fail to protect on trojans, i'm pretty sure there are a select few that don't, which are the ones that fastgame suggested already, but i no longer trust an anti-virus to deal with trojans and will now be running a dedicated program along side from now on.

Been stung by trojans too many times now, getting sick of it :p

I think all work computers should switch to Mac. My home computer is used for fun. I have no antivirus and no spyware removers and my firewall is the built in xp.

I use firefox.

My email are all yahoo or hotmail

Perhaps not all work computers - in some cases I must (grudingly) admit that a PC is the better tool for the job... The fact is that larger businesses have the resources (i.e. sysadmins) they need to keep the PCs in working order. Small businesses and home users, on the other hand...

For the regular, clueless home user, a Mac would be a considerably better choice than a PC. Most mom and pop PC users today doesn't have (and will never gain) the knowledge to keep their PC protected.

When one considers that nowadays, one needs several AV packages, several anti spyware packages, a firewall or two installed on most computers, and the look back to what was needed a couple of years ago, one can safely predict that in two or three years time, all one has left of CPU time to actually run the programs one needs - the equivalent of a Commodore 64 is all that's left :p

Johan-Kr

oooooo-errrr touched a nerve somewhere - I don't remember referring to you as an average user, I expect you are far from that. The race condition can only start if the other program has already been allowed to install, after all if it isn't on there how can it race with anything? You may have noticed the PG configuration database is woefully small at the moment, it does appear to be growing though when I looked a couple of weeks back there were only about 10 in there.

Allowed? There was no "allow" condition in the first place - other than: Just visiting the webpage with java (1.5 beta) enabled was enough.

An IDS detects unknown code running on your system and takes an action depending on how it is configured. If it doesn't flag the unknown code when it first attempts to run then it has allowed it by default either because it is not configured to trap it or it is not capable of trapping it. PG can be set to trap dll injection, program modification, driver/service installations etc... i'm sure you know all that -- I wish I could find this webpage I'd really like to see it, it's probably too late now though I noticed some dlls which looked a bit java-ish were changed by the FF1.1 install.

if these things go mainstream lookout!

very curious to know more info about what it is capable of doing...

you should do a rootkit scan on your computer.

try RootkitRevealer,

RootkitRevealer is an advanced patent-pending root kit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys)

fyi

my scan showed only the defaults,
$AttrDef
$BadClus
$BadClus:$Bad
$BitMap
$Boot
$LogFile
$Mft
$MftMirr
$Secure
$UpCase
$Volume
$Extend
$Extend\$Reparse
$Extend\$ObjId
$Extend\$UsnJrnl
$Extend\$UsnJrnl:$Max
$Extend\$Quota
http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml


please reply

http://invisiblethings.org/tools.html - cd c:\flister.exe

From Dmitry from Greatis software:

"Today we released UnHackMe 2.0 beta.
- Added detection and removal of AFX Rootkit and Vanquish Rootkit.
- UnHackMe monitor.
- Changed evaluation:
Now UnHackMe is 30 days evaluation version.
Evalution version is fully functional for 30 days.
After that it will work but it asks for registering.

Download:
http://www.greatis.com/unhackme.zip

UnHackMe 2 is free for registered users.
New registration codes we will send after final release.
You can install new version over previous.

Best wishes,
Dmitry" F-Secure BlackLight Rootkit Elimination Technology detects objects that are hidden from users and security tools and offers the user an option to remove them. The main purpose is to fight rootkits and all kinds of malware that use rootkits. The F-Secure BlackLight Rootkit Elimination Technology works by examining the system at a deep level. This enables BlackLight to detect objects that are hidden from the user and security software.


http://www.f-secure.com/blacklight/cure.shtml

CWS used to include the hackerdefender rootkit. Net start would show it up in the list of services because it didn't hook cmd prompt calls it was also very obvious because if you started spybot s&d it would close after 5 seconds. For a rootkit to start it still has to install which will be flagged by any IDS.
If they go mainstream - too late.

here is an interesting link http://www.theregister.co.uk/2005/03/11/alternative_slimeware/

Apparently the free version of Avast does not include a script blocker so any malicious scripts embeddeed in web pages are not checked. You only get that in the pro version - I don't know if that is really all that bad though. If the script does something which compromises your PC then that is obviously bad (like disabling the firewall) but if it attempts to start a malicious code download - that would then be detected.
It's a shame really.

Avast script blocker only works in IE, according to Avast Firefox/Mozilla handle scripts differently and its not such a threat. Avast doesnt want to include script blocking for other browsers because the code is always changing with all the update versions.

Peep's @Avast forum recommended the FREE program Script Sentry (http://www.jasons-toolbox.com/programs.asp?Program=Script%20Sentry). Old but still does its job with scripts :)

Yes there are a few freeware script blockers out there AnalogX ScriptDefender also comes to mind but I was liking Avast for it's simplicity and good GUI. A lot of end users still consider virii, trojans etc... to be Black Magic and have no desire to know anything about them. What they want is someone to tell them what program stops the bad stuff. I think it's why they buy Norton Internet Security they look at the name and think "That's what I want 'Internet Security' I'll buy that." they only later find out it's not what it says on the tin. Antivir can take all day to update (especially on dial-up) that leaves AVG which I do like but does have problems updating due to demand oustripping the bandwidth.

Ok I think we're getting script blocking confused with script detection. Avast! both Home & Pro detect viruses like LoveLetter or Melissa and other types of script virus. In Resident Shield under Scanner(Advanced) there's a setting "Always scan WSH script files".

Script blocker in Avast Pro is a dedicated module that blocks scripting in WSH (Windows Scripting Host)
The resident protection of the Professional Edition includes an additional module, not contained in the Home Edition - Script Blocker. This module watches all the scripts being executed in the operating system (so called WSH scripts - Windows Scripting Host). It also scans all the scripts run as a part of a web page within your web browser (Internet Explorer, Netscape Navigator and Mozilla).

Anyway there's got to be some difference between Home & Pro in order for them to sell the Pro AV.