|
|
#1
January 24th, 2009, 08:44 AM
|
|||
|
|||
Avira missed this !
Hi there,
First of all I'd like to say that I've been a great supporter of Avira Free edition. Just like many of you, various independant tests convinced me about Avira high detection rates, quickness, lightness and so on. I've been using that AV for 2 years now. However, yesterday night Avira apparently missed some trojan. I had downloaded some suspicious file over p2p networks. Doubtful about the application, I had even scanned the file beforing executing it (as far as I know I was using the highest security settings under Avira, setting heuristics detection to high, scanning all files, etc) ; the file appeared to be clear. I executed that keygen, 10 seconds later Avira's tray icon was gone. Nothing happened so far but I could see that file in the running processes, using about 14k of memory. I knew something was going wrong and instantly used those online scanners, below you can see the results of the multi scanners analysis : {VT result links snipped, since they'll be quickly outdated, irrelevant, and don't add to the discussion - Blue} I've downloaded a couple of W32.Baggle fixes, including the free Dr Web application (CureIT if I recall...) which immediatly caught avgnt.exe (avira's guard process) infected by a trojan. So yes, that trojan successfully terminated Avira and infected it ... Sadly this is not the first time something similar happens. A friend of mine used to borrow me his USB stick. As soon as I plugged the flash drive, Avira detected some worm (can't remember the name) and deleted it. Thing is, when a few hours later I plugged that same USB stick on my friend's computer, his antivirus, Kaspersky, detected that same worm and cleaned it for good. So far these two bad experiences led me to uninstall Avira ; a product that I've praised for years, notably for its zero performance impact on my old rig. Last edited by BlueZannetti : January 24th, 2009 at 09:39 AM. Reason: VT links snipped |
|
#2
January 24th, 2009, 08:50 AM
|
||||
|
||||
Re: Avira missed this !
lol, CureIt and Drweb saves the day once again for a 99.8546% AV
just curious, did drweb cureit cure the infection leaving avira working on your machine, or delete it? if it deleted it, you may need to re-install your antivirus  |
|
#5
January 24th, 2009, 09:03 AM
|
|||
|
|||
|
Re: Avira missed this !
C.S.J : Actually Avira had been terminated, only leaving avgnt.exe running, so yes it was partly running. Cureit ran an express scan without notifying me and immediatly caught the trojan on avgnt.exe and couldn't do anything but removing it. I'm now giving Dr Web (full version, not cureit) a try although it warned me in the installation setup that I should disable/uninstall Avira, what I did on the spot ; I guess it had detected the installation files & folders as none of the avira processes were running.
pugmug : yeah, I never do that, I guess that experience taught me a lesson :-) My PC seems clean now anyway, still I've submitted the sample to AV developers. |
|
#6
January 24th, 2009, 09:09 AM
|
||||
|
||||
|
Re: Avira missed this !
Quote:
__________________
Windows 7 x32 Security: DefenseWall Personal Firewall v3 (βeta) + WinPatrol PLUS + ShadowProtect |
|
#7
January 24th, 2009, 09:17 AM
|
|||
|
|||
|
Re: Avira missed this !
Quote:
Yes, but as I'm a gamer I'm deliberately using an antivirus only. I *thought* this was enough, but obviously not. Maybe I had the bad luck to catch that single trojan on my path, which probably belongs to the 1% of suspicious files that Avira can't spot =) |
|
#8
January 24th, 2009, 09:23 AM
|
||||
|
||||
|
Re: Avira missed this !
Quote:
im a gamer too, and i run CIS + Avira Premium with no gaming impact (just gotta know how to handle the popups from CIS) but ye even ingame, CIS does not bother me.
__________________
Windows 7 32bit - Windows FW: Enabled - Windows Defender: Disabled - UAC: Disabled - DEP: Enabled Real-Time: Online Armor ++ / Zemana Antilogger / WinPatrol On-Demand: MBAM / Hitman Pro / Sandboxie |
|
#9
January 24th, 2009, 09:24 AM
|
||||
|
||||
|
Re: Avira missed this !
Quote:
Have you tried using a non-administrator account? The fastest way would be to created a limited (XP) or standard (Vista) user account. Strong, quick, and easy security for free. |
|
#10
January 24th, 2009, 09:29 AM
|
||||
|
||||
|
Re: Avira missed this !
Quote:
 )make sure you have un-installed Avira before trying Drweb however, do not have both installed. |
|
#13
January 24th, 2009, 09:31 AM
|
|||
|
|||
|
Re: Avira missed this !
Quote:
I'm kind of against the whole firewall marketing thingy. My point of view is, that with an effective antivirus, no suspicious outbound connection should be made. Eice : Yes, thanks for the tips. I've been considering doing this for a while I guess I needed a bad experience like this to actually do it  |
|
#14
January 24th, 2009, 09:32 AM
|
||||
|
||||
|
Re: Avira missed this !
Quote:
As a rogue hunter it's the first thing I do. It allows you to check detection whilst submitting to all AVs. You should also be sandboxing/VMing it. Free websites can do this for you too. |
|
#16
January 24th, 2009, 09:34 AM
|
||||
|
||||
|
Re: Avira missed this !
Quote:
A more layered defense, including a HIPS/Sandbox/Imaging software will offer you better protection for the future. |
|
#17
January 24th, 2009, 09:35 AM
|
|||
|
|||
|
Re: Avira missed this !
Quote:
I guess I was confident about Avira's protection (from my own experience + the many tests & reviews that I read so far + all those praises from this forum). Funny thing is that I never download those kind of stuffs hence I didn't think about multi scanning the file prior to executing it. |
|
#18
January 24th, 2009, 09:37 AM
|
|||
|
|||
|
Re: Avira missed this !
Quote:
Absolutely nothing useful is being developed or discussed here. Somewhere there's a piece of malicious software that gets around virtually any product. Thread closed. Blue |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
