Windows XP Home, SP2…IE 6…Avast Home 4.6, Version Database 0513-1 03/30/05
Last night I downloaded an .exe file to my desktop…(I was searching for a freeware sound recorder)…it was a small file, approx. 700 kb…once it was on my desktop, I right clicked on it & scanned it with Avast…Avast said the file was clean!
I then made a folder for it & began the install…the installation wizard was normal, asked all the right questions & as soon as I clicked Finish, Avast sprung into action with warning popups & audio warnings informing me I now had an infected computer…(I had run a virus scan 2 days previously & it was clean)
I closed everything down, ran a virus scan & Avast quarantined 6 files…I then uninstalled the new program, cleared the recycle bin, dumped my cookies & cleared out my temp files, both off & online…ran another virus scan & it came up clean…I have since deleted those files from the chest, ran another scan this morning & it too was clean…
I am wondering why Avast did not give a warning when I scanned the .exe file prior to installation?..or is it possible the infection was already on my computer & this program somehow activated it?..
This is the first time I’ve ever had anything like this happen & needless to say, I’m still in “meltdown” mode… :o
It doesn’t look like it…I’ve run 2 clean scans since…I’m just trying to understand what happened & why… :)…
Is there a way to set the Standard Shield to scan a self extracting archive?..I wasn’t aware that it didn’t & thought that I was safe by scanning everything that came off the net…
I think this is only available on Professional version.
On-access scanning of archives is limited on the Home version.
On-demand scanning of archives is the same both in Home and Pro versions.
If I’m wrong, I hope someone from Alwil correct me…
It’s quite normal tha install programs use custom packing methods. I.e. they are not ZIPed, they are not RARed, they’re simply created by a custom packer (doesn’t even necessarily compress, just pack).
So it’s not picked by any AV, of course…
BTW the right-click scan IS of course an on-demand scan, and scans with all unpackers enabled by default.
Im sure Avast can deal with self-extracting zip-files and others but I doubt it will be compatible with many unknown installation formats. You will never be able to check everything until it is unpacked. Like Avast can check 7Zip files, most other AVs cant. If you have Norton and a virus in 7Zip file you will notice when it gets unpacked, same here with Avast. Dont know about your exe-file but it will be true for many others. Shows the power of resident protection, if not you can be sure many would uninstall parts of AV and let download managers etc. deal with check. Need for resident protecton would drop dramatically if you could see through every format no matter protected/encrypted or whatever.
I see VLK have said what needs to be said but I post anyway cause now it is writen 8)
Thanks everyone for your input…I appreciate the help…
I’ve now had 3 clean scans with Avast…is it advisable to also run an online scan?..& if so, which one should I use, as I understand there are some issues with Panda & Avast…
TrendMicro’s Housecall
Bit Defender On-line Scanner
F-Secure On-line Scanner ActiveX required
These are just a few of the many on-line scanners out there, check out RejZor’s Website - Security Ops for more On-line Virus Scanners Security.Ops.tk