Avast can not disinfect virus file like Microsoft Security Essentials

I only want to contribute my idea to make Avast better.
my company have many computer (installed Norton Antivirus) get infected virus.
I tried use free Avast to scan some computer infected virus, result: Avast can not disinfect files, so I must choose: move to chest
Those computers can not log on windows (cause by Avast deteled infected system files)
I decided not to install avast on remain infect virus computer
I tried to use Microsoft Security Essentials
The result: Microsoft Security Essentials can disinfect virus system file, many type virus disinfected
(Avast can not) Windows is clean!

we have one computer infected many virus. I tried install avast, but can not install (when I double click on free avast setup file, computer get restart immediately, virus make computer restart if double click on file exe relate system file I think, virus make computer can not restart in safe mode) But I could install Microsoft Security Essentials on this computer, disinfect virus
After remove virus, I remove Microsoft Security Essentials and install free Avast version ;D

I want avast can disinfect file like Microsoft Security Essentials!

What was the name of the infection? Virut? Sality? Something else?

today I will try to find save log of Microsoft Security Essentials and post here!
Microsoft Security Essentials remove hooked virus: this virus can hook system files (userinit.exe …), antivirus must disinfect file, if delete file: system will halt, can not log on windows

I tried avast in this topic: http://forum.avast.com/index.php?topic=56888.0
(I chose disinfect file but Avas can not disinfect, so I choose: move to chest, and result: avast deleted system file in windows folder, computer can not start)

this is log of 3 type virus I said above:

Category Worm: Win32/Mofk.sys.A
Category: VirusWin32/Sality.AM
Category: Worm.Win32/Conficker.C

This is log of Microsoft Security Essentials

=======================================================
Category: Worm
Win32/Mofk.sys.A
Description: This program is dangerous and self-propagates over a network connection.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the ‘Allow’ action and click ‘Apply actions’. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:C:\WINDOWS0\SVCHOST.EXE
file:C:\WINDOWS0\System32\WgaTray.exe
file:C:\WINDOWS0\Tasks\At1.job
firewallokfile:HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST\c:\windows0\svchost.exe
process:pid:1940
regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\Svchost
regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Svchost
regkey:HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST\c:\windows0\svchost.exe
runkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Svchost
runonce:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\Svchost
taskscheduler:C:\WINDOWS0\Tasks\At1.job

Category: Virus
Win32/Sality.AM

Description: This program is dangerous and replicates by infecting other files.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the ‘Allow’ action and click ‘Apply actions’. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:c:\windows0\system32\explorer.exe
firewallokfile:HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST\c:\windows0\system32\explorer.exe
process:pid:1828
regkey:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Explorer
regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Explorer
regkey:HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST\c:\windows0\system32\explorer.exe
runkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Explorer
runonce:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Explorer
winlogonshell:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: c:\windows0\system32\explorer.exe

Category: Worm.Win32/Conficker.C

Description: This program is dangerous and self-propagates over a network connection.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the ‘Allow’ action and click ‘Apply actions’. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:C:\WINDOWS0\System32\gnbpbgl.dll
service:ezawxql
service:fnayuf
service:hxbsl

Well, the Sality is problematic and cannot be cured most of the time. Conficker should pose no special problems, but Mofk.sys will probably be cleanable but only with avast! 5.x. avast! 4.8 doesn’t have any such capability.

No, this is log of Microsoft Security Essentials
Microsoft Security Essentials remove and disinfected 3 type virus (avira, kis can not disinfect virus too)

I feel sad when I see this test, Rank of Avast is 11
http://www.av-comparatives.org/index.php?option=com_content&view=article&id=144&Itemid=152

But I still like Avast, so I post my idea in this forum in order to make Avast better!

meigyoku,
I might be missing something here, but I don’t see anything that says that Microsoft Security Essentials has repaired or disinfected anything. What makes you think it has removed the problems?

The thing is, some antiviruses say “Disinfect” and then they just delete the file automatically because desinfiction failed in the first step.

Repair/Disinfect, IF FAILS, move to quarantine, IF FAILS, Delete/Deny access

That’s how most of antiviruses work.

RejZor,
If Meigyoku selected Allow and “apply actions”, it has done nothing at all, it has not disinfected, it has not deleted, it has not repaired, it has not moved to quarantine and most importantly it will not deny access.

If Meigyoku didn’t use the allow option, then on face value it appears to leave an access denied situation.

What it doesn’t appear to have done is what Meigyoku apparently thinks it has done, and I quote “Microsoft Security Essentials can disinfect virus system file, many type virus disinfected
(Avast can not) Windows is clean!”

I tried use Avast scan this virus but Avast can not repair when I choose repair.
Microsoft Security Essentials repair sucessfully (I see result of status)

  1. Sality is not supported for cleaning, read our blog and comments

  2. some malware families (supported) must be cleaned from boot-time scan

  3. generally - we don’t want to claim a lot and do nothing, so we offer a cure only for those cases where we really can succeed