Kav Found A Virus When I Ran An On Demand Scan

Discussion in 'other anti-virus software' started by Mr2cents, Jul 16, 2005.

Thread Status:
Not open for further replies.
  1. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    I'll be the first to admit that I don't run on demand scans very often. I'm currently running kav 5.0 and Boclean. I practice safe computing. Mostly hanging around various forums. Reading news websites..etc.

    I thought that if I was to get a virus that kavs resident would pick it up. Kav kept warning me that I needed to do an on demand scan. It had been 19 days since I had done one.

    I decided to do an on demand scan. I figured it wouldn't pick up anything...cause I've only had roughly 5 viruses since I've been on the internet starting in 2001. All those viruses were caught by the resident virus scanner at the time. Mcaffe caught 3 at resident. Norton caught one, when I ran norton, and avast caught one.

    So I do the virus scan. Kav finds a virus :eek: It's name was.. Exploit.VBS.Phel.i Kav recommended deleting it. So I let kav delete it. I couldn't find much info on this virus. Kav said it was a virus located in my temp files. A html document was infected. I guess the moral of the story is... Do an on demand virus scan at least once a week. At least that's what I'm going to do.

    This may seem like a silly question, but why didn't kavs resident protection pick this up?
     
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Most likely the RTM {realtime monitor} did not trigger on that file because it never became active -- a file has to be "touched" in some way {copied, moved, or attempt to run in memory} for the RTM to trigger on it. An on-demand scan detected the file but since the file never became active, or never attempted to become active, it just lay dormant on your system until the manual scan detected it. Hope that helps. :)
     
  3. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    Thanks for the info Randy. I'm still learning. ;)
     
  4. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    You can also use a tracks eraser like the free http://www.ccleaner.com/ regularly, it among other things has the option to delete windows temp + temporary internet files, which is often where an trojan-downloader is placed.

    You should use the schedulescan option in Kaspersky btw, schedule it for an weekly scan at a time when you not at pc, for example when you're having dinner or sleeping. :)
     
  5. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Dear Mr 2Cents,

    KAV did NOT find a virus on your system, it found an Exploit. Exploits are not viruses or trojans and are utterly harmless in themselves. They are carefully scripted pieces of code, embedded in a web site, and hence saved to your HD in your temp internet files, which will attempt to exploit vulnerabilities in a system to download a trojan, or redirect you to a site that will D/L a trojan or activate malware already on your system.

    It is the related trojan that causes the problem, but in your case there was none and the KAV Guard would have caught it if there was.

    If you use CCleaner daily you will never have these malicious bits of code festering in temp locations.

    I also have taken to doing demand scans much less frequently than I used to, but I feel this practice is quite safe (my last one being 22 days ago!).
     
  6. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    Hi Don. Good idea you have concerning using the schedulescan option in kav. I already have a program similiar to crapcleaner. It's called " ultraWincleaner 2002"

    I ran ultrawincleaner after kav found the exploit. I had almost 10 mb of temp files. :rolleyes: Look like I've really been a slackard lately concerning my computer. :rolleyes:
     

    Attached Files:

  7. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    Hi Topper. I agree with you it was an exploit. I only called it a virus because kav said it was a virus.
     
  8. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    I have found CCleaner to be just as good as the pay programs, and a whole lot less bloat. I have a schedule to run CCleaner at the start, and whenever I remember, which I may say is quite often, and I have yet to have a virus in my temp file areas that I didn't put there.
     
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Kav found the same exploit when I submitted the file: newexpl.php which is mime encoded trojan - so, do not install this file when prompted as it can affect IE. I use Firefox and have not noticed any problem, but then again when a trojan infects you your system is no longer yours.

    -- Tom
     
  10. tawd1992

    tawd1992 Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    43
    CCleaner is an excellent program. I just started using it a month or two ago & am really impressed. I'm amazed how quickly it cleans all your temp files. For this reason I use it on all the pc's I clean. It also has an option to clean out your Sun java cache which is where trojans will hide sometime.
     
  11. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Ditto CCleaner.

    Rich
     
  12. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    Real-time monitor should scan files on creating, too...
     
Loading...
Thread Status:
Not open for further replies.