Hello. I’m a new avast! forum member, from Portugal. I was downloading Panda ActiveX control in pandasoftware.com, when suddenly, avast interrupted the download with a virus detection warning- it found Win32:CTX in the download, so i didn’t finish it. This was totally unexpected. I can’t believe that Panda ActiveX required to use Panda ActiveScan is infected, but at thet same time, i’m not sure if i want to download it anymore, as avast keeps detecting a virus in it! Does Panda ActiveX really have a virus, or has it not ?
I wish to use at least one good online virus/spyware scanner to complement my avast antivirus, especially when i have any new suspicious file or archive that i want to double check. I know there are some in the web. Which is the one you think has the best detection rate ? Thank you.
Side note: Let me know if my avatar picture is visible to anyone or if it appears blank with a red “x” in the corner, because i uploaded it directly from a folder in my PC, instead of linking to a image in a website, procedure not allowed in another web forum where i’m a member.
The problem is Panda don’t encrypt their signature files and avast is able to se the signature and alerts on it. Personally I wouldn’t use Panda not just because of the unencrypted signatures but also because it dumps all that junk in the system32 (depending on OS) folder making it difficult to remove as system restore makes a copy and avast finds the copy made by system restore. All in all a pain in the rear.
Uau(don’t remember how to spell this in english)! I got a reply at a new time record!
So, Panda install more junk files in the system folder besides the required ActiveX control ?
I think i have to install an ActiveX for every online scanner that i want to use. But, is it easy to uninstall it later if i want to, removing also all the files copied to my PC when i use such scanners ?
Yeah, but which one do you think has the best detection rate ? Which one do you recommend ?
I sometimes use the multi-engine VirusTotal, which i like, but it has some important drawbacks (the same as any multi-engine scanner that i know): to use it, i have to submit only one file at a time, and then, wait a significant amount of time until the scan is finished (sometimes it also takes a while to start, depending on the size of the file submitted, its position in queue, etc.). Even worse than that, the file submitted has to be relatively small (i think the size limit is 10 MB). On the good side, it gives a greater sense of security and reliability as it uses multiple (currently 32) antivirus scan engines, and i think it doesn’t dump any clutter in my PC, and i don’t have to install any ActiveX control in order to use it.
Some of them does not use ActiveX as a scanning technology as far I know… maybe I’m wrong.
The activex control could remain in the disk and could remain in registry keys.
You’ll need a registry cleaner and a file junk remover.
Kasperky and TrendMicro. If you need to remove an infection, BidDefender. Kaspersky (very good detection rates) ESET NOD32 Trendmicro housecall AVGas (does not necessary if you have AVG antispyware installed) F-Secure BitDefender (free removal of the malware) HitmanPro (multiply scanners)
But it’s not a full computer scanning, just a file scanner.
You can send the file by email (faster to submit as depend on your email sending speed).
Virus Total is the best, in our opinion because:
It uses the Windows version of the AVs so avast has more unpackers for windows and that is the version most are using.
There are 32 different scanning engines greater than the others.
It also has an email submission option for periods when they are busy and you get a reply.
It can cue the submission and you can carry on browsing and you will eventually (not to long) get your result displayed.
@ Port_H
I haven’t used an on-line scanner in a very long time and that was mainly down to the fact that most of them used activeX and for that you needed to use IE and I avoid IE like the plague. So I would tend to go with one of the JAVA ones which I can connect to using firefox my browser of choice. That would limit you to TrendMicro’s HouseCall if you don’t want to use activeX. If you aren’t that concerned about using activeX based scanners then any of the ones Tech listed would be fine.
Multi-engined scanners are really only used to check a single file for confirmation of a suspicious/infected file, so the need to scan multiple files I would tend to use one of the single engine on-line scanners. The size restriction of 10 or 15 MB VT or Jotti I don’t think is unreasonable. I certainly wouldn’t want to be uploading anything even close using dial-up.
One thing Tech didn’t mention about VT, there is nothing to stop you opening another browser Tab or Window and uploading another file whilst waiting for the other to finish. So as Tech said you don’t have to wait around, just carry on browsing and go back later and check the results.
Sorry, i didn’t get this. Can you rephrase it ?(in portuguese, preferably)
You don’t have to wait too long, if the file submitted is small. Even so, it takes a while until the results are displayed for all the AV engines. I like to use it when there’s only one small file that i need to be scanned. Today i submitted a large program installer archive, and waited VERY, VERY LONG (more than 1 hour, i even thought that IE stopped responding- i had time to take a bath, then returned and browse the web, etc.) just to finally see, at last, a blank screen with a message saying the file exceeded the size limit allowed. But at the time i submitted it, i didn’t see anywhere in the page a warning informing what the size limit was! I was a bit disappointed, i can’t deny :-\
The windows version of avast is able to open more different types of archive (zip files, etc.) these archive types are also called packers as they pack large files into smaller archives. VirusTotal uses the windows version of avast so supports more different archive types (packers).
If a file is likely to take a long time to upload to be able to be scanned by VT, then perhaps it might be quicker to do a scan of that specific file using some of the better online scanners mentioned by Tech, whilst this might be less scanners you wouldn’t have to be uploading the very large file.
Yes, i agree. I’ll try Kaspersky online scan. I saw it also has a online tool in the same webpage -Kaspersky File Scanner- i intend to try. One minor correction, to Tech: the right link to Kaspersky online scan is Kaspersky, not Kaspersky.
Virus total has no information in its main page on file size limit for the submitted files. Only if you click the link on “Email/Uploader” it is explained in the section ‘Enviando arquivos por email’ (‘Sending files by email’) that the file to be scanned, that you should attach to the mail, must not exceed 10 MB in size. From that, i supposed that the files submitted directly in the main page also had to be 10 MB maximum, but i had no confirmation on this. It’d be good if this information was visible next to the upload file box, or at least, if some message informing that, appeared immediately after trying to submit a file larger than the size limit. Just my opinion.
OK, i think i got it: so, avast for Windows is able to unpack and scan inside more different types of archive than other avast versions.
Why is email more reliable than browser upload ?
I don’t use Firefox. If i wanted, i could download instead the VirusTotal uploader It “enables you to directly send files from your system using the context menu.”
@ Port_H
They used to have the max file size on the web page, but that seems to have gone since the new revised web site, so I don’t know if that 10MB size restriction for email also applies to uploads.
There used to be a difference between VT and Jotti on the max file size you could upload one was 15MB and the other 10MB and Jotti still indicates 10MB max on its web page. So there is some confusion as to the max upload file size, I have emailed info and asked for confirmation.
Yes, now i have a new problem. Sometimes it seems one problem never comes alone. If you can’t help me in this thread, please suggest me other site or forum where i can seek for help.
Trend Micro Housecall detected the following vulnerability in my system - See the image attached to this post.
The link More information about this vulnerability and its elimination points to the Microsoft Security Bulletin MS06-023, published in June 13, 2006. It describes the Microsoft security update ‘Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)’. Under Affected components, the one that corresponds to my OS is ‘Microsoft JScript 5.6 on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2’. In Windows Control Panel>Add and remove programs, i searched through all of my Windows updates installed and didn’t found KB917344. I also went to Microsoft Update Website and it doesn’t detect any priority update missing in my system. I don’t know if i should install this update, alone or with ‘Cumulative Security Update for Internet Explorer (916281)’ -see Caveats in Microsoft Security Bulletin MS06-023. Question is, since these updates were published on June 2006, how do i know if i have a more recent Windows update which replace these, and are they really necessary? Will they conflict with an already installed update? Why aren’t they detected as priority updates to download in the Microsoft Update website?
Well you can download Belarc Advisor (http://www.belarc.com/), download, install and run that it will tell you what security updates you have and also list those you don’t have. Check and ensure you have the update.
Now the problem you are probably wondering about is the word Cumulative or at least I am as I would have thought later Cumulative updates should also have covered this but possibly not. So I would tend to suggest you do the cumulative update for IE (916281), if you haven’t already kept your OS up to date belarc may advise you of other missing updates and you may have to reinstall the latest October “MS07-057 Cumulative Security Update for Internet Explorer (939653)”
OK. I downloaded and installed Belarc Advisor. It seems to be a useful application. Two things on its report caught my attention:
The first:
Missing Microsoft Security Hotfixes
KB939653-IE7 - Critical url=http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q939653[/url] These required security hotfixes (using the 10/09/2007 Microsoft Security Bulletin Summary) were not found installed. Note: CIS benchmarks require that Critical and Important severity security hotfixes must be installed.
APPLIES TO
• Microsoft Internet Explorer 6.0 Service Pack 1
• Microsoft Internet Explorer 6.0 Service Pack 1
• Microsoft Internet Explorer 6.0 Service Pack 1
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0
Strange, isn’t it ? And IE7 -the browser i’m using- does not appear in the list. Do you think i should install this ?
About the second, i followed the link url=http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q917344[/url]. It points to a Microsoft page titled MS06-023: Vulnerability in Microsoft JScript could allow remote code execution. There, the link to be followed by Home users -http://www.microsoft.com/athome/security/update/bulletins/200606.mspx- directed me to a useless page: they tell that to get the update, i should go to Windows Update, or to Microsoft Update, which is useless, as a explained before. So, i followed the link for IT professionals (which i’m not) -http://www.microsoft.com/technet/security/bulletin/ms06-023.mspx- and saw a familiar page. There, under Affected components, clicked the link corresponding to my OS -Download the update. First, under Quick Details, changed language to Portuguese, then if i click on the link to Download files below, i have to choose from a list of files to download: see the attached file. Since i use the portuguese version of Windoxs XP Home, i guess i should download one of this two: WindowsXP-KB917344-x86-PTB.exe or WindowsXP-KB917344-x86-PTG.exe. Which one, i’m not sure. Perhaps the PTG ? (yeah, this sounds like a DUMMY/DUMB question)
Any advices on both of the two Hotfixes i mentioned -the first and the second ?
I took approx. 3 hours writing this post…
If you are only being notified of two updates by belarc, your system is reasonably up to date so you may be better just visiting the windowsupdate site and let it determine what updates you require.
Since housecall and belarc both see the JS vulnerability and the more recent one MS07-057 was only released recently so might not have been included in the housecall check.
I’m probably more in the dark on PTB or PTG but I would have thought PTG
This hasn’t changed. I just went to Microsoft Update site, and the only new priority update it detected was a new Definition Update for Windows Defender. I also checked the Optional (non priority) updates available, but none of them matches the ones detected by Belarc Advisor/Housecall.
My system may be “reasonably up to date”, but it also may be “reasonably at risk” if it is missing “only” two critical and important updates…What do you think ?
