Hello!
Really knowing what I’m doing I downloaded via SeaMonkey two (older) KeyGens for (an older) Program X. No interference of Avast during this. I scanned both directly, declared clean by Avast.
I run one of them. No interference of Avast during this.
An inspection shows some new members in parts of what is called AutoStart; even in scheduled tasks. Note: TEMP is on an other drive.
I launched an other Win XP with the same Avast and scanned the one I abused. 6 hits. 2x EICAR file, 2x an own TXT file which is described as infected since about some 6 or 8 weeks by Avast (even old unused copys/versions of that file on CDs…), and 2 self compiled QBasic EXE-files, harmless for years. (And, forgotten, packed files of PhraseExpress…)
Nothing what might have been extracted and parked on that abused system.
To be curious, I launched the infected OS and did several internal scans; MSCONFIG (by eyes), HJT, SysInternals AutoRuns. Just the last one showed up son friends in scheduled tasks (yepp, all those tools are useless to that fact, there is no comparison before-after, nor any information of a date an element was added).
Trying to use time during scans, I tried to start a magazines DVD by it’s HTML-Interface but IE showed up some ActiveX problems (same DVD before test run without problems). A direct clue something is going on there.
Curious again, I took an other magazines DVD (current edition), described as an SOS-DVD holding a scanner of BitDefender. Booting this, nothing special was found [usage of tool is catastrophic; just got partial scans run…] except the second KeyGen since the 1st one erased itself after running. A file, Avast did not mention! Scanning TEMP especially, nothing was found - but a look via a file manager showed up some 6 or 7 files with time stamp to be added today who looks critical.
I deleted them and reinstalled the abused OS by an image.
In result. Avast let me run into an open knife, even I requested a scan of the dwonloaded files, even I scanned from a sure clean system not getting the infected container file noticed as dangerous.
How to trust Avast? How a layman may deal with this?
Greetings,
Eric