Avast is untrustful and hardened mode does not work

Hello,

I use Avast about 2 years. I use free and paid vesrsion. But Avast behavior is strange last months.

Examples:

  1. I have this infected file. I have latest free Avast 2015, latest virus databases 141110-0. When I run manual scan or when I run the file, Avast on my PC sleep and sleep and sleep.
    When I scan same file on Virustotal - Avast says - it is viruses. Please have look at the attachment.

  2. The second problem is hardened mode. I use aggressive mode. But Avast allow run the infected files that Avast have not in his AV database. I am sure that Avast have not this file in his white or black list. Hardened aggressive mode must stop such file but for example 1 from 10 files is running and Avast sleep and sleep and sleep.

I solve these problem with Avast support and their answers are very derogatory.

I am sorry for me English but I hope you understand me.

Do you have similar problems?

thank you.

post link to VirusTotal scan result…

Ok, here is
https://www.virustotal.com/cs/file/5c69926c32ac6a1d7fc58d20b8981531b2d83cbcb3255bd5aadebb5571085fd7/analysis/1415615330/

have you tried to turn on PUP detection and then scan again?

Also why not try using boot-time scan option??

I have PUP ON.

It is unfit because for example I want only check the file downloaded from internet.

OK from what I am thinking and understand from your english is that you want to say that avast detects the file when executed but not when downloaded?? That is normal because some technologies in v2015 work like that.

send the file to virus@avast.com for analysis.

No, we do not understand each other. I said that my English is not good.

I want to say that Avast do not detected infected file X (I have this file on my PC) when I run the file and when I run manual scan this file. I do not solve webshield now. But Avast detect the same file on Virustotal as a virus.

The other problem is that this file cannot be in white or black list list of Avast and Avast could stop this file when I run it because I have hardened mode as aggressive. But Avast do not stop it and let the file run.

Thanks for posting again!

Then send the file to virus@avast.com with subject “Undetected Threat”

Zip and password protect the file with password “virus”

You can also send this file directly without zipping it to them via www.avast.com/contacts

I sent similar files for Avast support but their response was very slow and was not good. That is why I decided write my problem here - on English forum. I observe similar problem with Avast detection about one year. I had tenths such files. But I deleted almost all because I was annoyed on Avast support.
I have clean installation w8.1.

Hardened mode could stop this file without AV database.

quote Milos

Hello, because it is some very old detection, which is not in v9+ definitions. Only in cloud (should be detected on execute)

Milos

When I execute (run) this file (or similar file), Avast allow execute (AV does not detect it) and hardened mode does not work. I wrote this before.

First problem is that Avast has different result when the same file is scanned on my PC and on Virustotal. The second problem is that hardened mode does not stop this file. I use aggressive mode. If I read good it means only file on white list can be run (execute) - and it does not work too. It works for a lot of files but for some file it does not work and I am sure that such file are not on white or black list of Avast.

First problem is that Avast has different result when the same file is scanned on my PC and on Virustotal.
explained in the quote from Milos posted above .... Virus engine (and signatures) on VT and in your computer may not be the same, see info on VT website

Ok, if I accept your explanation there is another problem because hardened mode must stop it and hardened mode let run such files.

  1. Milos say
    because it is some very old detection, which is not in v9+ definitions

but Virustotal says this info

First submission 2014-08-30 17:20:31 UTC ( 2 měsíce, 1 týden ago ) so it can not be an old virus/file.

  1. Milos say - Only in cloud (should be detected on execute) - and the file is not detected by Avast clous even I run it.
First submission 2014-08-30 17:20:31 UTC ( 2 měsíce, 1 týden ago ) so it can not be an old virus/file.
it does not necessarily mean it is new, just the time it was first uploaded to VT

searching Symantect database for Dialer.MicroDialer as that is what they call it, give this info last updated in 2007…so indicate old
http://www.symantec.com/security_response/writeup.jsp?docid=2005-102713-5831-99&tabid=3

Milos is virus analyst at avast so he is the expert here and we have to trust what he say :wink:

where did you fin this file … in a online virus collection?

Did you have your internet connection up while executing the file?? If so then are you sure you dont have any 3rd-party firewall or software running alongside which is probably blocking avast cloud access??

Response removed owing to better information from others.

-Noel

Since you say the file is NOT detected locally on your computer and IS detected by Avast on VirusTotal, then I suspect you have a problem with your Avast installation.
It was explained in my quote post from Milos .....

@ NoelC
The avast Self-Defence Module is designed to protect avast - The Hardened Mode is something entirely different.