Avira missed this !

Discussion in 'other anti-virus software' started by Bls441, Jan 24, 2009.

Thread Status:
Not open for further replies.
  1. Bls441

    Bls441 Registered Member

    Joined:
    Jan 24, 2009
    Posts:
    5
    Hi there,

    First of all I'd like to say that I've been a great supporter of Avira Free edition. Just like many of you, various independant tests convinced me about Avira high detection rates, quickness, lightness and so on.
    I've been using that AV for 2 years now. However, yesterday night Avira apparently missed some trojan. I had downloaded some suspicious file over p2p networks. Doubtful about the application, I had even scanned the file beforing executing it (as far as I know I was using the highest security settings under Avira, setting heuristics detection to high, scanning all files, etc) ; the file appeared to be clear. I executed that keygen, 10 seconds later Avira's tray icon was gone. Nothing happened so far but I could see that file in the running processes, using about 14k of memory. I knew something was going wrong and instantly used those online scanners, below you can see the results of the multi scanners analysis :

    {VT result links snipped, since they'll be quickly outdated, irrelevant, and don't add to the discussion - Blue}

    I've downloaded a couple of W32.Baggle fixes, including the free Dr Web application (CureIT if I recall...) which immediatly caught avgnt.exe (avira's guard process) infected by a trojan.
    So yes, that trojan successfully terminated Avira and infected it ...

    Sadly this is not the first time something similar happens. A friend of mine used to borrow me his USB stick. As soon as I plugged the flash drive, Avira detected some worm (can't remember the name) and deleted it. Thing is, when a few hours later I plugged that same USB stick on my friend's computer, his antivirus, Kaspersky, detected that same worm and cleaned it for good.

    So far these two bad experiences led me to uninstall Avira ; a product that I've praised for years, notably for its zero performance impact on my old rig.
     
    Last edited by a moderator: Jan 24, 2009
  2. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    lol, CureIt and Drweb saves the day once again for a 99.8546% AV

    just curious, did drweb cureit cure the infection leaving avira working on your machine, or delete it?

    if it deleted it, you may need to re-install your antivirus :)
     
  3. pugmug

    pugmug Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    413
    No a/v will catch everything.It is good to read that you got what you deserved downloading keygen's p2p.Lol,keep up your good computer practice's.
     
  4. progress

    progress Guest

    No good idea ... :thumbd:
     
  5. Bls441

    Bls441 Registered Member

    Joined:
    Jan 24, 2009
    Posts:
    5
    C.S.J : Actually Avira had been terminated, only leaving avgnt.exe running, so yes it was partly running. Cureit ran an express scan without notifying me and immediatly caught the trojan on avgnt.exe and couldn't do anything but removing it. I'm now giving Dr Web (full version, not cureit) a try although it warned me in the installation setup that I should disable/uninstall Avira, what I did on the spot ; I guess it had detected the installation files & folders as none of the avira processes were running.

    pugmug : yeah, I never do that, I guess that experience taught me a lesson :)

    My PC seems clean now anyway, still I've submitted the sample to AV developers.
     
  6. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Yes thats why is better to have few layer protection than only one.
     
  7. Bls441

    Bls441 Registered Member

    Joined:
    Jan 24, 2009
    Posts:
    5
    Yes, but as I'm a gamer I'm deliberately using an antivirus only. I *thought* this was enough, but obviously not. Maybe I had the bad luck to catch that single trojan on my path, which probably belongs to the 1% of suspicious files that Avira can't spot =)
     
  8. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    im a gamer too, and i run CIS + Avira Premium with no gaming impact (just gotta know how to handle the popups from CIS) but ye even ingame, CIS does not bother me.
     
  9. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Have you tried using a non-administrator account?

    The fastest way would be to created a limited (XP) or standard (Vista) user account. Strong, quick, and easy security for free.
     
  10. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    if it was caught during the initial scan, without you choosing 'express' or 'complete' then it was caught in ram / running processes. (which is obvious of course ;) )

    make sure you have un-installed Avira before trying Drweb however, do not have both installed.
     
  11. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Here's a question. Why didn't you upload the file to VT before you executed it like every other person? :rolleyes:
     
  12. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    like everyone else?

    ive never ever done this.
     
  13. Bls441

    Bls441 Registered Member

    Joined:
    Jan 24, 2009
    Posts:
    5
    I'm kind of against the whole firewall marketing thingy. My point of view is, that with an effective antivirus, no suspicious outbound connection should be made.

    Eice : Yes, thanks for the tips. I've been considering doing this for a while I guess I needed a bad experience like this to actually do it :p
     
  14. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    As a rogue hunter it's the first thing I do. It allows you to check detection whilst submitting to all AVs. You should also be sandboxing/VMing it. Free websites can do this for you too.
     
  15. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    A router firewall is more than sufficient.
     
  16. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    I am surprised that you have not been infected before with these surfing habits. Even the best AVs cannot catch everything!

    A more layered defense, including a HIPS/Sandbox/Imaging software will offer you better protection for the future.
     
  17. Bls441

    Bls441 Registered Member

    Joined:
    Jan 24, 2009
    Posts:
    5
    I guess I was confident about Avira's protection (from my own experience + the many tests & reviews that I read so far + all those praises from this forum).

    Funny thing is that I never download those kind of stuffs hence I didn't think about multi scanning the file prior to executing it.
     
  18. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Enough said.

    Absolutely nothing useful is being developed or discussed here. Somewhere there's a piece of malicious software that gets around virtually any product.

    Thread closed.

    Blue
     
Loading...
Thread Status:
Not open for further replies.