HDD Defragmenter...Avast! Pro 5 Totally ignored It

Well i am not sure if Avira or Avast detected that nasty but i am very much sure that DVD+R detected it very well. But he was unable to remove it that is why he took Avira's and Wilder's help.

 

Don't forget a cute retort for DVD+R

 

This can happen with any antivirus. You were very unlucky. You should consider using a full blown HIPS like Online armor or Malware defender . Flash drives are always a pain. I always scan them with Dr. Web cure it and kaspersky AVP tool. Both of them are on demand and generates excellent detection. The only problem is i have to download them every week.

And about Avast. . . unlike your case , it has saved me many times. Wish you have better luck next time.

 

Out of curiosity in the Avast settings did you have it set to alert on PUP's (Potentially unwanted programs)?

 

Comodo AV has HIPS, cloud scanning and Sandboxing so that could catch it.

 

Most AVs are poor at detecting and removing rogue apps. You need to be running a HIPS, sandbox or anti-executable program to stop rogues.

 

Sandbox your browser,like already mentioned,your life will be easier in the future!

 

Yes, System file shield and Web shield both set to PUP's

 

No, And I dont intend to purposely execute it just to find out it doesnt

 

having painstakingly reset my whold system overnight to ensure this thing is no longer dormantly lurking in the shadows someplace, I hope that pretty soon AV companies will complete an update that can in fact totally remove this, but then again if they do or not is entirely another matter

 

I had done that several times, but could never get some often used websites to fully load as sandboxing the browser prevented flash being enabled unless I disabled virtulization, which quite frankly became a pain in the ass. If Avast! 5.1 fixes that issue it would be a welcome bonus.

 

Sandboxie,Geswall,Bufferzone - Free version works perfect with flash.

 

Of course one wonders also about Heuristics sensitivity settings on File System Shield and Web Shield... I believe High is not default. I have those settings cranked to max on my avast! shields.

Glad to see you now have MBAM Pro onboard. I recommend updater scheduled to check every hour. Some days MBAM will update 6 or more times. Don't turn off the website blocking.

I am not familiar with your firewall (I of course know Outpost is a top drawer firewall), but I would recommend that you think about DropMyRights, or Run Safer, that is available inside Online Armor. With all internet-facing apps set to open under Run Safer, I'd be very curious to see how your invader was/wasn't able to perform in that sort of a reduced rights environment.

And finally, I am reliant upon OA's HIPS as a necessary layer. Did you respond as to why Outpost's HIPS didn't alert you?

FWIW, I find myself beginning to lean more towards joining the Sandboxie corps of satisfied users. It seems like the best protection against what you just faced down.

Good luck with what you decide to do differently.

 

Do so, you wont be dissapointed.

Bo

 

Avira or Avast,even MBAM do will miss something because they are based on database signature.

Every signature based anti-malware product or anti-virus product is always later then the Zero day threat happen.

But if you use Autoruns or other manual removal tool（even anti rootkit tool ）,you will do best to against all the malwares.

 

I will recommend a simple solution for threats from USB/Internet: DefenseWall Personal Firewall (3.09).
-Flash work flawlessly in all browsers irrespective of virtualization.
-Installation from USB is allowed in its own policy-based sandbox. Whenever dangerous actions are detected, it warns you and you can rollback (built-in feature) easily with few clicks. You can even use this feature for software testing.
-Due to policy-based sandbox and silent firewall, you are well protected against keyloggers, rootkits, spyware, adware, and other threats. It is just like set and forgets solution.

In all my personal tests against internet/0-day threats, DWPF always shines like star and easiest solution available to date.

 

Only 1 problem for me if I wished to try defensewall, I'm running win 7 64 and it only supports 32

 

DVD+R
i hope You sent the offending file/installer w/e to Avast team so they can 'learn'

 

If you were led to believe the file is safe, basically, your nephew convinced you to run a file you didn't need in the first place?

Problem if avast and others detect this, another 'new named' program will spring up a day later. You can lock your system down, until basically, it's functioning as if a virus were running full time.

A few simple methods with avast can work well. For example, Virus Total uploader on .exe files. All you do is right-click and send the file to be scanned at virus total. Install emsisoft free version, update it each day, and scan USB drives with avast and emsisoft for example.

Avast + MBAM pro should work well though.

 

Well, it's a bit harsh blaming Avast for not protecting you against this malware when perhaps the likes of avira etc might not even protect you against it.

So you've not done an on-demand scan with avira and the malware to see it if it detects it ?

I wasn't really meaning to run the malware on your main installation, thats why there is virtualbox and vmware etc to test these things outside your main installation.

 

DVD+R, trust me, Avast has issues. It will probaly get very good though in 2011. If they can deliver on what they stated.

 

i hope they do coz so many of us has got avast license now

 

i do removal all the time. probably every day from systems which use every av out there (just about except for some VERY small unknown ones) ALL the major players miss rouges at times. i have seen norton, mcafee, eset, avira, bitdefender, avg, dr web, etc etc etc my point is they all miss certain things. i use avast myself and it has saved me on numerous occasions. BUT i do prefer a av that uses more... like hips, cloud ratings etc.. the biggest problem is the common pc user has no idea what to answer to those types of questions.

my point is avira will miss things just like avast does... it sucks but it is the truth

 

Christ! ok cool off already, the problem has gone, lets not get into who has issues and who hasnt. just a few pointers to earlier replies,I dont get persuaded to run files, i do so of my own choce,and thanks to all the positive replies on what others found also on this particular malware. I wont be switching and changing every 2 minutes I've made a secondary choice to my first set of security apps, and they're staying put for sometime.

 

Go towards the light man,it's worth it!