in the last days I observed some strange things. I’m an IT-professional and therefore know my PC and the OS very well. However - I downloaded some files from let’s say dubious sources and I suspected them to contain viruses. I scanned them with the AVAST 4.6 home-edition right after manually running the iAVS-Update.
Nothing was found. I extracted the files from the archive and saw an executable file without icon, size ~ 60kb.
I scanned this file. Nothing found.
I run the file - nothing happend
fortunately I was watching it’s registry and file accesses so I knew it was a virus/worm since it created lots of files on my harddisk and changed the registry to load several of those newly created files.
I rescanned my entire harddisk - nothing found. I removed the registry entries by hand and mailed a copy of the virus to avast. Surprisingly my mail came back telling me that I did submit a virus so my mail could not be delivered. I ran a free online virus-scanner which found 8 P2P-Worms/Trojans.
So I wonder why avast doesn’t recognize a virus on my computer while the company seems to use a scanner that knows that kind of files.
And just two days ago a friend of mine also got badly infected with several worms he caught on a ‘free-serial-site’ that were not recognized by an up-to-date version of avast.
There is not antivirus that can detect all viruses of thw world. You can find virus that are detected by a antivirus and not for other. So, if you find a file you think is a virus and Avast dont detect, send it to virus@avast.com in a password protected zip file. Dont forget to tell the password in the email.
I must agree with calcu007 in that no av program is perfect and that you should have sent in those files in to avast.
Also, there is a fine line between what is a virus, what is a worm, and what is a trojan. While Avast does catch some trojans & worms (those close to the line), it is better to add to your malware arsenal a program that primarily goes after trojans and worms. Depending on your OS, there a several good programs for this such as ewido & a-squared.
It would have also been helpful if you had not given general information but instead would have given names for those 8 worms/trojans.
Being that you are, as you stated, “an IT-professional and therefore know my PC and the OS very well”, I would think you would know better than to download “some files from let’s say dubious sources.” Apparently, it was a P2P program that was not near the best of that type.
Of course I do not want to argue about the ethics behind using P2P-Software, although you can legally use it to transfer large files you couldn’t send by mail.
I also accept that no antivirus-program does recognize all viruses but the strange thing is that I did send it in for further inspection and got the mail back, so the recipient (Avast!) did detect the virus I was not able to detect with my version of the program.
I also know that there’s the thin line between worm/Trojan etc. but if an executable creates other executables on my harddisk in places you wouldn’t usually find them and then adds references to my registry to load those during startup I think this is something that should be detected.
I belive mail server intercepted it. Have you encrypted it inside ZIP, RAR or 7z archive with password “infected” or “virus”? It’s a smart thing to do so when submitting samples.
