Over the past week I have had numerous issues with Malware and on every occasion Avast has failed to even notice these trojans infecting my computer. Every time I’ve ran malwarebytes anti-malware and the nasties have been identified and removed. This week several friends who also have avast installed have reported exactly the same issues. Is this a case of spy/mall ware being so new that avasts defininitions aren’t noticing them or should I be looking for an alternative antivirus solution?
No security program have 100% detection
What might be helpful is some information on what was detected.
Post the contents of the MBAM log.
Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org
Database version: 4069
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
05/05/2010 15:56:18
mbam-log-2010-05-05 (15-56-18).txt
Scan type: Quick scan
Objects scanned: 128321
Time elapsed: 3 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) → Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) → Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Mr Buggerlugz\AppData\Local\Temp\000027a1 (Rootkit.Dropper) → Delete on reboot.
C:\Users\Mr Buggerlugz\AppData\Local\Temp\13C7.tmp (Rootkit.Dropper) → Quarantined and deleted successfully.
C:\Users\Mr Buggerlugz\AppData\Local\Temp\IXP000.TMP\slyfinal.exe (Trojan.Agent) → Quarantined and deleted successfully.
C:\Windows\Tasks{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) → Quarantined and deleted successfully.
C:\Users\Mr Buggerlugz\AppData\Local\Temp\Ckj.exe (Trojan.FakeAlert) → Delete on reboot.
C:\Users\Mr (Trojan.FakeAlert) → Quarantined and deleted successfully.
Avast didn’t notice any of this happen or even notify me.
You could use Firefox with NoScript and AB+ for better protection…
asyn
I am already using them
Good! But from where did you get your infections…? USB stick??
Seems you are well prepared with Mbam as your on demand scanner…
asyn