I'll be the first to admit that I don't run on demand scans very often. I'm currently running kav 5.0 and Boclean. I practice safe computing. Mostly hanging around various forums. Reading news websites..etc.

I thought that if I was to get a virus that kavs resident would pick it up. Kav kept warning me that I needed to do an on demand scan. It had been 19 days since I had done one.

I decided to do an on demand scan. I figured it wouldn't pick up anything...cause I've only had roughly 5 viruses since I've been on the internet starting in 2001. All those viruses were caught by the resident virus scanner at the time. Mcaffe caught 3 at resident. Norton caught one, when I ran norton, and avast caught one.

So I do the virus scan. Kav finds a virus :o It's name was.. Exploit.VBS.Phel.i Kav recommended deleting it. So I let kav delete it. I couldn't find much info on this virus. Kav said it was a virus located in my temp files. A html document was infected. I guess the moral of the story is... Do an on demand virus scan at least once a week. At least that's what I'm going to do.

This may seem like a silly question, but why didn't kavs resident protection pick this up?

Most likely the RTM {realtime monitor} did not trigger on that file because it never became active -- a file has to be "touched" in some way {copied, moved, or attempt to run in memory} for the RTM to trigger on it. An on-demand scan detected the file but since the file never became active, or never attempted to become active, it just lay dormant on your system until the manual scan detected it. Hope that helps. :)

{QUOTE-> Most likely the RTM {realtime monitor} did not trigger on that file because it never became active -- a file has to be "touched" in some way {copied, moved, or attempt to run in memory} for the RTM to trigger on it. An on-demand scan detected the file but since the file never became active, or never attempted to become active, it just lay dormant on your system until the manual scan detected it. Hope that helps. :) <-QUOTE}
Thanks for the info Randy. I'm still learning. ;)

You can also use a tracks eraser like the free http://www.ccleaner.com/ regularly, it among other things has the option to delete windows temp + temporary internet files, which is often where an trojan-downloader is placed.

You should use the schedulescan option in Kaspersky btw, schedule it for an weekly scan at a time when you not at pc, for example when you're having dinner or sleeping. :)

Dear Mr 2Cents,

KAV did NOT find a virus on your system, it found an Exploit. Exploits are not viruses or trojans and are utterly harmless in themselves. They are carefully scripted pieces of code, embedded in a web site, and hence saved to your HD in your temp internet files, which will attempt to exploit vulnerabilities in a system to download a trojan, or redirect you to a site that will D/L a trojan or activate malware already on your system.

It is the related trojan that causes the problem, but in your case there was none and the KAV Guard would have caught it if there was.

If you use CCleaner daily you will never have these malicious bits of code festering in temp locations.

I also have taken to doing demand scans much less frequently than I used to, but I feel this practice is quite safe (my last one being 22 days ago!).

{QUOTE-> You can also use a tracks eraser like the free http://www.ccleaner.com/ regularly, it among other things has the option to delete windows temp + temporary internet files, which is often where an trojan-downloader is placed.

You should use the schedulescan option in Kaspersky btw, schedule it for an weekly scan at a time when you not at pc, for example when you're having dinner or sleeping. :) <-QUOTE}
Hi Don. Good idea you have concerning using the schedulescan option in kav. I already have a program similiar to crapcleaner. It's called " ultraWincleaner 2002"

I ran ultrawincleaner after kav found the exploit. I had almost 10 mb of temp files. ::) Look like I've really been a slackard lately concerning my computer. ::)

{QUOTE-> Dear Mr 2Cents,

KAV did NOT find a virus on your system, it found an Exploit. Exploits are not viruses or trojans and are utterly harmless in themselves. They are carefully scripted pieces of code, embedded in a web site, and hence saved to your HD in your temp internet files, which will attempt to exploit vulnerabilities in a system to download a trojan, or redirect you to a site that will D/L a trojan or activate malware already on your system. <-QUOTE}

Hi Topper. I agree with you it was an exploit. I only called it a virus because kav said it was a virus.

I have found CCleaner to be just as good as the pay programs, and a whole lot less bloat. I have a schedule to run CCleaner at the start, and whenever I remember, which I may say is quite often, and I have yet to have a virus in my temp file areas that I didn't put there.

{QUOTE-> I'll be the first to admit that I don't run on demand scans very often. I'm currently running kav 5.0 and Boclean. I practice safe computing. Mostly hanging around various forums. Reading news websites..etc.

I thought that if I was to get a virus that kavs resident would pick it up. Kav kept warning me that I needed to do an on demand scan. It had been 19 days since I had done one.

I decided to do an on demand scan. I figured it wouldn't pick up anything...cause I've only had roughly 5 viruses since I've been on the internet starting in 2001. All those viruses were caught by the resident virus scanner at the time. Mcaffe caught 3 at resident. Norton caught one, when I ran norton, and avast caught one.

So I do the virus scan. Kav finds a virus :o It's name was.. Exploit.VBS.Phel.i Kav recommended deleting it. So I let kav delete it. I couldn't find much info on this virus. Kav said it was a virus located in my temp files. A html document was infected. I guess the moral of the story is... Do an on demand virus scan at least once a week. At least that's what I'm going to do.

This may seem like a silly question, but why didn't kavs resident protection pick this up? <-QUOTE}

Kav found the same exploit when I submitted the file: newexpl.php which is mime encoded trojan - so, do not install this file when prompted as it can affect IE. I use Firefox and have not noticed any problem, but then again when a trojan infects you your system is no longer yours.

-- Tom

CCleaner is an excellent program. I just started using it a month or two ago & am really impressed. I'm amazed how quickly it cleans all your temp files. For this reason I use it on all the pc's I clean. It also has an option to clean out your Sun java cache which is where trojans will hide sometime.

Ditto CCleaner.

Rich

{QUOTE-> Most likely the RTM {realtime monitor} did not trigger on that file because it never became active -- a file has to be "touched" in some way {copied, moved, or attempt to run in memory} for the RTM to trigger on it. An on-demand scan detected the file but since the file never became active, or never attempted to become active, it just lay dormant on your system until the manual scan detected it. Hope that helps. :) <-QUOTE}

Real-time monitor should scan files on creating, too...