i installed a vista icon pack and avast found nothing.i then checked the files in the pack on virus total and three of the files are by some a trojan and other’s as riskware.did i not set avast up rite or does it just not detect these kind of threats ???
The key word here would be riskware but without further information I don’t know why avast doesn’t detect them.
avast is a specialist anti-virus application and although it also detects some adware and spyware, which these probably come under, I would say you should also have a reasonable anti-spyware application to improve overall protection through a multi-application/level approach.
What is the malware name, the infected file name, where was it found e.g. (malware name, C:\windows\system32\infected-file-name.xxx) ?
There is nothing stopping you submitting the samples to avast.
Send the sample to virus@avast.com zipped and password protected with password in email body and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
Can’t you post the full VirusTotal report?
If you submit a file by email to VirusTotal you’ll receive the report back into your mailbox.
Hi CLEARICE01,
Riskware is not always riskware. We call riskware these programs that you did not install yourself and pose a risk to the security of your computer because of a possibility your computer can be compromised with it in the wrong hands, or info about your OS can get into the wrong hands. This can be a hacker cgi scanner, well various kind of tools, scanners, netcats. etc. Some of these tools are now illegal to use but on your own website or computer in some countries, and can be performed only in strict academic educational environment, e.g. some forms of resource-engineering. Some av scanners have good records of detecting riskware, like DrWeb’s and MacAfee’s.
I for one see it as a combined action of a firewall, intrusion detecting program or process scanner to alert you potential riskware could be there. Sometimes programs are flagged that do not pose a risk as you install them yourself, like Intellitamper for instance. Trust no program until proven to be good. And when in doubt ask us, we are here for that reason.
polonus
first off let me thank everyone that has replyed to this post.iam not at home now but i will rescan the files at virus total and pots the results here.the names of the files are.vipv3 process.exe.and vipv3\resources\process.exe.and icon patcher\tools\wepdisable.exe.and they are all located in c\windows\icon patcher.and c\windows\vipv3.i do understand that all wriskware are not harmfull but i would rather be informed that its there than notknowing about it.my second line of defense didn’t detect it eighther (superantispyware).when i get home ill also send the files to alwil…
No… it’s not this. They could be harmfull, just that the antivirus can’t decide by itself.
ok now iam home i sent the files too avast.and virus total.and here are the results from v.t.
Complete scanning result of “wfpdisable.exe”, processed in VirusTotal at
06/29/2007 23:24:19 (CET).
[ file data ]
- name: wfpdisable.exe
- size: 28672
- md5.: 3edfbe0ed74a35a6fffe15c37e5a3c24
- sha1: 9a61f9636e586261a79e4aa00d0985f7556f584f
[ scan result ]
AhnLab-V3 2007.6.30.0/20070629 found nothing
AntiVir 7.4.0.37/20070629 found nothing
Authentium 4.93.8/20070629 found [W32/Trojan.XXX]
Avast 4.7.997.0/20070629 found nothing
AVG 7.5.0.476/20070629 found nothing
BitDefender 7.2/20070629 found [Application.VirTool.Wfpdisable.A]
CAT-QuickHeal 9.00/20070629 found nothing
ClamAV devel-20070416/20070629 found nothing
DrWeb 4.33/20070629 found nothing
eSafe 7.0.15.0/20070628 found nothing
eTrust-Vet 30.8.3752/20070629 found nothing
Ewido 4.0/20070629 found nothing
F-Prot 4.3.2.48/20070628 found [W32/Trojan.XXX]
F-Secure 6.70.13030.0/20070629 found nothing
FileAdvisor 1/20070629 found nothing
Fortinet 2.91.0.0/20070629 found [W32/WFPDis.A!tr]
Ikarus T3.1.1.8/20070629 found [not-a-virus:RiskTool.Win32.WFPDisabler.a]
Kaspersky 4.0.2.24/20070629 found [not-a-virus:RiskTool.Win32.WFPDisabler.a]
McAfee 5064/20070629 found [potentially unwanted program WFPDisable]
Microsoft 1.2701/20070629 found nothing
NOD32v2 2364/20070629 found nothing
Norman 5.80.02/20070629 found nothing
Panda 9.0.0.4/20070629 found [Application/FileProtec.A]
Sophos 4.19.0/20070628 found [Troj/WFPDis-A]
Sunbelt 2.2.907.0/20070629 found [Trojan.Wfpdis.A]
Symantec 10/20070629 found nothing
TheHacker 6.1.6.140/20070628 found nothing
VBA32 3.12.0.2/20070629 found nothing
VirusBuster 4.3.23:9/20070629 found nothing
Webwasher-Gateway 6.0.1/20070629 found [Riskware.WFPDis.A]
Complete scanning result of “process.exe”, processed in VirusTotal at 06/29/2007
23:16:06 (CET).
[ file data ]
- name: process.exe
- size: 53248
- md5.: 763e90bc4388906e5ea3692841751d2b
- sha1: becf95ac1c5a0559064c6dda779bf26ee8b4ed22
[ scan result ]
AhnLab-V3 2007.6.30.0/20070629 found [Win-AppCare/PrcViewer.53248]
AntiVir 7.4.0.37/20070629 found [APPL/PrcView]
Authentium 4.93.8/20070629 found nothing
Avast 4.7.997.0/20070629 found nothing
AVG 7.5.0.476/20070629 found nothing
BitDefender 7.2/20070629 found nothing
CAT-QuickHeal 9.00/20070629 found nothing
ClamAV devel-20070416/20070629 found nothing
DrWeb 4.33/20070629 found nothing
eSafe 7.0.15.0/20070627 found nothing
eTrust-Vet 30.8.3752/20070629 found nothing
Ewido 4.0/20070629 found nothing
F-Prot 4.3.2.48/20070627 found nothing
F-Secure 6.70.13030.0/20070629 found nothing
FileAdvisor 1/20070629 found nothing
Fortinet 2.91.0.0/20070629 found [Misc/PrcViewer]
Ikarus T3.1.1.8/20070629 found nothing
Kaspersky 4.0.2.24/20070629 found nothing
McAfee 5064/20070629 found [potentially unwanted program PrcViewer]
Microsoft 1.2701/20070629 found nothing
NOD32v2 2364/20070629 found [Win32/PrcView]
Norman 5.80.02/20070629 found nothing
Panda 9.0.0.4/20070629 found [Application/Processor]
Sophos 4.19.0/20070624 found nothing
Sunbelt 2.2.907.0/20070629 found [VIPRE.Suspicious]
Symantec 10/20070629 found nothing
TheHacker 6.1.6.140/20070628 found nothing
VBA32 3.12.0.2/20070629 found nothing
VirusBuster 4.3.23:9/20070629 found nothing
Webwasher-Gateway 6.0.1/20070629 found [Riskware.PrcView]
[ notes ]
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that
are deemed suspicious through heuristics.
Complete scanning result of “Process.exe”, processed in VirusTotal at 06/29/2007
23:16:10 (CET).
[ file data ]
- name: Process.exe
- size: 53248
- md5.: 763e90bc4388906e5ea3692841751d2b
- sha1: becf95ac1c5a0559064c6dda779bf26ee8b4ed22
[ scan result ]
AhnLab-V3 2007.6.30.0/20070629 found [Win-AppCare/PrcViewer.53248]
AntiVir 7.4.0.37/20070629 found [APPL/PrcView]
Authentium 4.93.8/20070629 found nothing
Avast 4.7.997.0/20070629 found nothing
AVG 7.5.0.476/20070629 found nothing
BitDefender 7.2/20070629 found nothing
CAT-QuickHeal 9.00/20070629 found nothing
ClamAV devel-20070416/20070629 found nothing
DrWeb 4.33/20070629 found nothing
eSafe 7.0.15.0/20070627 found nothing
eTrust-Vet 30.8.3752/20070629 found nothing
Ewido 4.0/20070629 found nothing
F-Prot 4.3.2.48/20070628 found nothing
F-Secure 6.70.13030.0/20070629 found nothing
FileAdvisor 1/20070629 found nothing
Fortinet 2.91.0.0/20070629 found [Misc/PrcViewer]
Ikarus T3.1.1.8/20070629 found nothing
Kaspersky 4.0.2.24/20070629 found nothing
McAfee 5064/20070629 found [potentially unwanted program PrcViewer]
Microsoft 1.2701/20070629 found nothing
NOD32v2 2364/20070629 found [Win32/PrcView]
Norman 5.80.02/20070629 found nothing
Panda 9.0.0.4/20070629 found [Application/Processor]
Sophos 4.19.0/20070624 found nothing
Sunbelt 2.2.907.0/20070629 found [VIPRE.Suspicious]
Symantec 10/20070629 found nothing
TheHacker 6.1.6.140/20070628 found nothing
VBA32 3.12.0.2/20070629 found nothing
VirusBuster 4.3.23:9/20070629 found nothing
Webwasher-Gateway 6.0.1/20070629 found [Riskware.PrcView]
[ notes ]
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that
are deemed suspicious through heuristics.
Indeed it’s difficult to say… Kaspersky is one I trust more… but it’s inconclusive here. Definitively a riskware: if you want to keep it, go ahead, it’s up to you. But if you don’t have to use this software, consider let it pass away 8)
first i made a image of my c\drive and then i deleted the files.and the program still works without the files.
Better… and safer 8)
better and safer yes bu if t i didn’t scan the files with virus totoal i would of never know…
Sure… but we don’t trust in just one tool, we don’t put all the eggs in the same basket…
Layered defense is a way to go 8)