I generally feel secure with Avast Free anti-virus, but now I have experienced downloading a zip-file (with Firefox 15 and 16 on Windows 7 Home Premium 64-bit) where the Firefox download-window indicates that the file is being virus-scanned and found clean, and I can unpack the zip-file without any messages. But if I ask Avast to scan the zip-file, it results in Threat Found: PHP:WebShell-A [Trj]. Why isn’t this threat found before - when I download or move or unpack the zip-file?
BTW: On virustotal.com 6 out of 35 scanners declares it a virus.
But… I have attached screen shots showing that Firefox is telling me that it is virus scanning the file, and that it has finished doing so. On my stop-watch the virus scanning takes about 8 seconds. (I have a one year old ASUS K53E laptop with Win 7 64-bit)
Can’t you do that yourself?
It doesn’t tell me much.
This file is not publicly available, that’s why it hasn’t been scanned before by Virustotal.com. The file is part of a private communication between me and a company that worked for me. I DON’T use that firm anymore…!!
I am a little confused - and worried - here!
You say: “You manually scan the .zip file” and “Avast! FileShield will step in when you double-click the file.”
But my experience is that Avast does NOT see the virus, neither when I download the zip file nor when I unpack the zip-file. That doesn’t seem like a good protection strategy to me!
And this particular file was never intended to be run on my machine. It was supposed to be put on my website’s Linux web-server.
And you say: “Same is true when you download an attachment from your email box.”
Yes. Even when I save an attachment with virus to my hard disk, Avast doesn’t see the virus. I DON’T think that is optimal!
And 2 days ago when Avast gave me a strange warning and an error message, I did a 3-hours boot scan, and there I discovered a virus that I must have received in January via a USB-stick. Also, NOT very trust-inspiring!
So all in all I would very much like Avast to be more proactive!!
And 2 days ago when Avast gave me a strange warning and an error message, I did a 3-hours boot scan, and there I discovered a virus that I must have received in January via a USB-stick. Also, NOT very trust-inspiring!
you may have gotten it before avast had a signature for it...
where was it located?
if it was in a area where it was dormant....it would have been detected by the file shield as soon as it was run
The zip file contains a ‘half baked’ WordPress blog website.
The infected file is called “thumbs.php” and is situated in a directory called wp-content/plugins.
I am not going to use it, because I have chosen a new contractor that uses Drupal.
It was either in Pictures or in Videos. I don’t remember. In a sub-directory.