Avira Epic Fail ?

I looked at a computer today which was reported to be running mega slow. Given that this was a computer I setup several months ago, I know it shouldn't be slow. When checking the Task Manager I noticed a large number of suspect processes running.. cmd.exe, net.exe, net1.exe. Each of these were running about 40 instances.

The computer was running...
Avira Premier Security Suite
Prevx Safe Online
Malware Bytes

I ran a scan with Avira, PrevX, and MalwareBytes but nothing came up. However, every few minutes Avira alerted me to a trojan VBKrypt. Even when selecting delete, the alerts continued every so often. There is nothing unusual listed in HiJackThis or msconfig. In Windows Safe Mode the computer was a lot faster and the unusual processes weren't running. However the three applications still didn't find anything malicious. Again, nothing in HiJackThis to suggest any problems.

So why could the three anti-malware applications not find any malware? Surely there was at least 1 malicious process running to cause the virus alerts. Could I be right in assuming these malicious processes are being hidden by a rookit? If so, what would you consider the next step in removing them?

For the record, I have already re-installed Windows but I would just like to know the processes involved.

 

Epic Fail? Really, please don't bring that kind of kiddy stuff to these forums

 

You could have tried to scan with a bootable AV CD to detect a possible rootkit or other stuff before windows loads. In the end if it was that infected you're better off wiping it and starting over (assuming there was no data to retrieve first).

 

Doco,
Not to sound like a broken record but you might want to start a search on the forum for rootkits. Other than that it sounds like you might need a different approach. Try running EAM, Dr Web or HItman pro. Sometimes even the highest rated AV's miss things. Run these in safe mode and make sure system restore is off. Don't want any of the nasties coming back. Also you might try kaspersky rescue disk. There are a number of rootkit options to choose from. Like I said try running a search and you'll find many an article on what rootkit scanner to use and how to use it. A few common ones are gmer and unhack me and sophos anti-rootkit.

 

Avira added protection for this on 4/13. here

It may not have been able to clean it effectively, as all are guilty of. But to label your thread Epic Fail, I mean come on, ~ Off Topic Comment Removed ~

If anything it is cool they detected it accurately before the others you have.

 

Its a shame Avira doesn't have Drive-By Download protection.

 

It does.

 

Perfect example of why we can not depend on antiviruses blocking zero
day threats. This computer would have been better off if SBIE or
DefenseWall had been on board instead of the team of applications
that it had.

Bo

 

It's interesting that OP has problems with more than one security program but highlights just one.

I feel the thread title should be modified to reflect all the "Epic Fail".

 

It is odd that 3 top performers didn't detect anything (actually Avira did detect something) but you choose to question Avira's performance.

Avira in the last AV Comparatives was not up to its usual standards, but I agree with bo elam this is a perfect case that shows the limitations of the AV defense, and the power of other tools.

 

vasa1, we must have been posting almost simultaneously the same feeling.

 

Also, why are you blaming Avira when it's the only one that actually detected something? (even though it couldn't remove it)

 

my advice is to begin from a clean image backup. full cleaning in your case is not guaranteed. you may have some system files or registry values changed.

 

IMO this thread belongs to a malware removal forum... and the title's inappropriate - more what I'd expect from a troll.

 

Yeah, indeed...

http://technet.microsoft.com/de-de/library/cc512587(en-us).aspx

P.S. +1 on the stupid trollish subject of the thread.

 

I will stay out of the childish 'epic fail'-discussion as it is my strong belief that those type of things don't belong at Wilders.

As to why Avira detects something every now and then; it could be a rootkit running in the background dropping malicious files which are detected by Aviras heuristics. After deletion of the dropped malicious file, the rootkit will eventually drop another.

Try running Norton Power Eraser, Hitman Pro or anything similar which is specialized in removing rootkits.

 

The trojan in question was dropped through IE8. So whatever drive-by download protection Avira offers, it was by-passed.

 

Can't agree more!

 

You should probably run GMER, and see what it finds. It is really great for rootkits!

 

yeah, it finds quite a bit if you are running Avast paid AV or suite.

 

All AV's have experienced not detecting a threat or two. All apps are not perfect but all strives to improve with user interaction/community help. What might be your settings for APSS/MBAM/Prevx..? Maybe some of the guys here can take a look and see what may be needed adjusted or something.

I have APSS and drive-by-downloads are detected especially when I am at a "hot site". Try adding SBIE or BufferZonePro in your set-up. If you can try posting at the Avira/MBAM/Prevx-Official forums so they will also know and extend help to you.

-- Had experienced that also when I was with AvastPro late 2010.

 

Good post. I have used AP on Malware Domain, which isnt the totally latest malware, but pretty close and it did well. Not publishing results because they really dont matter anymore. All the products he used are very good, but water will find a leak no matter what.

Please do not refer to him as a troll because his post may be exactly accurate. If you want to help him, then do it, but leave the hurt feelings behind. Hear that Jeff!

 

And if I needed proof on Aviras detection, it is the only product I have usded my 18 year old son has not beaten. And that includes some future beta products and others.

When he gets hit, I will move on, but their WebGuard has proven to me that no other product can touch it. As far as lightness, why some love this, I judge this by how long it takes my browser to open and retrieve pages. Avira is so far the fastest, WebGuard and all.

Try it folks while the discount lasts. It really is that darn good.


"No bad words"

 

Please do not refer to him as a troll because his post may be exactly accurate. If you want to help him, then do it, but leave the hurt feelings behind. Hear that Jeff![/QUOTE]

trjam,

Good call!

 

I bought Avira last week and great so far.