This virus is only detected by the following command:
“C:\Arquivos de programas\Avast\ashQuick.exe” “*MEMORY” “*MEMORY-SHORT” “*STARTUP”
It’s not detected by the splash screen scan, neither by avast itself (even at High Sentivity, scanning archives and so on…)
What the hell is this?:
I am getting very worry too and I am getting the same problem, and this is my first time catching a virus on HD which I never had a virus for 4 years straight. SHIT!.
When I run the Avast 4 Home and I do a full thorough scan with the archive file tick turn on scanning both drives C and D, no virus has been found.
Suddenly I went to Windows Explorer and do a manual quick scan high lighting the C drive, suddenly the quick scan had pickup a Blood virus the same problem as Technical.
Question how come the manual quick scan from Windows Explorer has pickup a virus, and the Avast 4 Home Anti-Virus software running a full thorough scan didn’t pick it up.
Otherwise I am smelling a bug under my very own nose using the latest version, please advise.
I have set all my protection setting to High using Avast 4 Home, instend I don’t have the Pro version for Script Blocking.
Hm,i went to Virus List page (you can find it on my page) and i got this result for Blood-418:
http://www.viruslist.com/eng/viruslist.html?id=316
I think this is the point on which Alwil guys should help…
Thanks RejZor:
Blood.418
It is a not memory resident not dangerous virus. The .COM-files of current directory gets infection when the virus starts. The virus from time to time types: “File infected by BLOOD VIRUS version 1.20”.
But in my case I have a ‘memory block’ infected… I cannot map which file is related (infected) by it… Besides this, there is what SpeedyPC said
Hi,
I also get this with the above ashquick-options…
My guess is that this is a false alarm … maybe avast stumbles over it’s own Sigs in Memory ?
But alwil team should comment on this or better, rectify it
Hi,
I also get this with the above ashquick-options…
My guess is that this is a false alarm … maybe avast stumbles over it’s own Sigs in Memory ?
But alwil team should comment on this or better, rectify it
Thanks for posting whocares…
I read your thread (http://forum.avast.com/index.php?board=2;action=display;threadid=4679 ) but I cannot see a solution for the deactivation of avast
igor0
May 24, 2004, 8:03am
8
avast! certainly doesn’t find its signatures in memory because the decrypted signatures are never present there (you can check what this process 552 is in Task Manager).
Anyway, it’s probably just a false alarm. We’ll try to do something about it.
Igor, thinking better, the process is:
BDSS.EXE
2024 (not more 552)
C:\Program files\Common files\Softwin\BitDefender Scan Server\bdss.exe
So, it’s BitDefender (backup scanner) :-\
igor0
May 24, 2004, 11:56am
10
Oh… in that case, maybe avast! found BitDefender’s virus signatures in memory?
Maybe, how can I be sure?
On-line scanning (trendmicro), on-demand and on-access scanning of avast do not detect it… :
Igor, does this help?
Process: BDSS.EXE Pid: 2024
Type Name
Desktop \Default
Directory \Windows
Directory \BaseNamedObjects
Directory \KnownDlls
File C:\WINDOWS\Temp\tmp00000802\tmp00000000
File \Device\NamedPipe\net\NtControlPipe20
File \Device\NamedPipe\svcctl
File C:\WINDOWS\system32
Key HKLM
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0013
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0014
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0015
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0016
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0017
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0018
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0019
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0020
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0021
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0022
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0023
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0024
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0025
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0026
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0027
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0028
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0029
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0030
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0031
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0032
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0033
Mutant \BaseNamedObjects\XCOMM_ANONYMOUS_COUNT
Mutant \BaseNamedObjects\XCOMM_CONNECTION_MUTEX_00065536
Mutant \BaseNamedObjects\AVXSS-CSEC
Mutant \BaseNamedObjects\AVXSS-CSEC3
Mutant \BaseNamedObjects\AVXSS-CSEC2
Mutant \BaseNamedObjects\AVXSS-CSEC1
Mutant \BaseNamedObjects\AVXSS-CSEC0
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0000
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0001
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0002
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0003
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0004
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0005
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0006
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0007
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0008
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0009
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0010
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0011
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0012
Section \BaseNamedObjects\AVXCommunicator
Semaphore \BaseNamedObjects\XCOMM_EMPTY_QUEUE_SEM_0012
…
Semaphore \BaseNamedObjects\XCOMM_EMPTY_QUEUE_SEM_0033
Semaphore \BaseNamedObjects\XCOMM_FULL_QUEUE_SEM_0033
Semaphore \BaseNamedObjects\AVXSS-GETSEM
Semaphore \BaseNamedObjects\AVXSS-PUTSEM
Semaphore \BaseNamedObjects\XCOMM_EMPTY_QUEUE_SEM_0000
…
Semaphore \BaseNamedObjects\XCOMM_FULL_QUEUE_SEM_0011
Thread BDSS.EXE(2024): 444
Thread BDSS.EXE(2024): 436
Thread BDSS.EXE(2024): 456
Thread BDSS.EXE(2024): 496
Thread BDSS.EXE(2024): 2028
Thread BDSS.EXE(2024): 152
WindowStation \Windows\WindowStations\Service-0x0-3e7$
WindowStation \Windows\WindowStations\Service-0x0-3e7$
igor0
May 24, 2004, 12:06pm
13
I am afraid it doesn’t.
We would simply have to know what is inside the memory block where avast! detects the virus.
Can you test it, installing BidDefender 7.0 Free?
Is there any way to search into the memory blocks and see what is there at that time?