Avast didn't detect Bagle(Beagle)

I have been running avast for a while now. Everything seems to be working fine until I actually got a virus.

I downloaded an executable file from the internet. Just in case, I scanned it with avast, and didn’t find any virus. With confidence while Avast shields on, I doubled clicked the file. My system start to act abnormally, and restarted automatically. The registries are being modified. When I am back to Windows, I am sure the system is infected because the registry for starting up any antivirus is gone. The CPU was also running 100% all the time while no processes in task manager was occupying the CPU. I had to use other computer and other antivirus on another computer to kill the virus.

Bagle was the cause of the problem and was not detected with either manual scan or the shield. This is actually the second time similar things had happened. I think I had to switch to another antivirus now, unfortunately.

Do you know how to access event viewer?

  • either in Avast - rightclick ‘a’ icon in the tray bottom righthand of screen and choose avast! Log Viewer.

  • or Windows - Control Panel > Administrative Tools > Event Viewer > Antivirus

Look through your logs for warnings and errors to get a better indication of what, when and where things have happened on your computer. You can reply post details here.

I suggest a full computer on-line scanning:
BitDefender
ESET NOD32
F-Secure

Also you can try DrWeb CureIT! which seems to be good to detect Bagle(Beagle) installations.

Maybe you should install avast from the scratch after you get clean.

Avast is malfunctional after the bagle attack. The .exe files for avast are all infected and become non-executable. Safe mode also broke and I was not able to get in. Therefore no way to open the log. Plus I know when it happened, as I said, after I opened that exe file I downloaded from the web. My problem is that avast didn’t detect anything to prevent the attack neither by the shield or the manual scan. I am trying to make a comment on th ineffectivenesss of avast, and with avast turned on, my system was not under very good protection.

Thanks for suggestion to use Other antivirus. That is exactly what I did to fix the problem.
I used comboFix, good program for any problems. And also, why is installing avast back on even suggested when my system is not protected by avast while it was installed? Non-sense!!

Safe Mode also broke?

But you booted okay into Windows to comboFix?

Or did you use rescue CD?

Yes Safe Mode is broken.

And as I mentioned after the virus attack, I was able to boot back to windows, with avast, firewall disabled, and 100% CPU occupied with no process usage in task manager, and internet is also not working. I had to change comboFix from .exe to .com before running it tho. That’s all I did to fix it. No rescue CD used. (well I did try to boot into my linux partition and do a scan from there, but problem exists still until combofix.

Maybe you should install avast from the scratch after you get clean.

It is rare that beagle bypassed the Avast auto-protection feature. Do you have it disabled?

No it was not disabled. As mentioned, the shields were all on, and i did a manual scan before I ran the problematic exe file.

Other antivirus have their own weakness with other infections.
Not a software is perfect.
It’s not non sense, but common sense.

There are some variants of beagle that can disable avast (and many other AVs) and other security software, firewalls, anti-spyware, etc.

The common error being the file isn’t a valid win32 file or words to that effect. is that what you are getting when you run some exe files ?

Whilst it is possible to reset the safe boot option (it could promptly be disabled again), so you could try another DrWeb tool a live CD version to run outside of windows.

DrWeb Live CD if you are unable to get into your system see, http://www.freedrweb.com/livecd/?lng=en, documentation ftp://ftp.drweb.com/pub/drweb/livecd/LiveCD-en.pdf

I am not talking about the shields, I mean the auto-defense that has Avast to avoid virus it disable avast. You can check it if you right-click in avast icon, avast setting, troubleshooting, check if “disable auto-defense module” is checked.

The auto-defense module was supposed to avoid that. So if the virus bypassed the protection that it has a hole.

I downloaded an executable file from the internet.

You ran sufficient checks on the problematic .exe file, so you must remember or have some record of the file. Could you tell us the name of the file, where you found it, and what you had expected of it. This is partly why I asked you to check your logs. It would save everyone time and effort if they knew what they were dealing with. These few extra details would run nicely with DavidR’s post on this matter. Some progress could be concerning the malicious nature of the infection.

While I am not aware of the auto-protection disable function, it is probably hinted that I didn’t touch that button, and it is enabled by default. So I guess the auto-protection failed.

Yes DavidR, that is the problem I experienced earlier. I was just frustrated that avast didn’t detect it. And exactly that is what I ended up doing – seeking other tools to get rid of the problem.

Mkis, I wouldn’t mind helping out if I still have a record. But because it is a strong virus and a lot of things were corrupted, it would be logical for me to remove anything that is troublesome, wouldn’t it? And after spending a few days dealing with the virus while numerous files were infected, I lost track of where the source file of the virus is.

Tech, I know nothing is perfect and I hope avast can be better. I was saying non-sense because I have become not confident with Avast and afraid future and similar problem would happen before anyone telling me the problem has been fixed. I now think the problem that leads to all this is the ineffectiveness of the auto-protection function after learnt that from calcu007. I hope it can get improved better. At least to the point that similar thing won’t happen to the same virus. It’s only until then I will consider using avast again. (i.e. it doesn’t make sense to me to reinstall avast, knowing if same problem happened, my system would be corrupted again.)

You know what supposed did, nothing in life is 100% and the avast self-defence module is no different and there are beagle variants that can, fortunately that isn’t widespread, though happening once is enough if its your system.

@ tienalan
These variants of beagle take out other supposedly protected AVs and firewalls, so avast isn’t alone in this and there are some AVs that don’t even have any self-defence. This is an arms rach and we are the ones doing the catching up.

To the best of my knowledge, as limited as it is, beagle doesn’t actually corrupt the file but the intercept, like when avast intercepts /exe files to scan it can do the same and that alert is the consequence, but getting rid of them (presumably you mean delete) is a mistake as you could potentially be doing even more harm.

That is why I suggested the Live CD scan as that if a file is simply infected it may be able to repair it and that should be your first course of action.

For sure it does not happen for detectable samples… maybe new ones. It’s a difficult solution. Self-defense module can’t be so thigh that complicates computing and other programs working. Can’t be so loose, that miss the malware action… I know their trying to find a balance between protection and side-effects. If you can send the file for analysis, they will update the virus database.

Anyway, this is not an excuse for bad avast protection.