I think the HIPS should be stronger.

After scanning unknow viruses, avast did not say there were some viruses.
Then I opened the virus files ,the HIPS always had no warnings.

I konw the technology is new and have to be improved a lot.
I expect it to be more stronger like Comodo HIPS ,Kaspersky fully automatic HIPS,etc.
I like this antivirus software ,I just want it to be more excellent so that I can recommend it to others,they are using 360,Kingsoft and so on.

Look forward to your reply.
Thanks.

If they are unknown, than you would not know if they are viruses or not.

After scanning unknow viruses, avast did not say there were some viruses.
Upload and test it at www.virustotal.com if tested before, click rescan for a fresh result

Post Link to scan result here

HIPS…

I need to talk about HIPS

I need to talk about HIPS
and we want to see a scan result from virustotal, as it may explain why avast did not detect?

The file
hxxp://att.kafan.cn/forum.php?mod=attachment&aid=MjcyMzE0NHxmZTMwNWU3MnwxNDQ4NzE1NTU5fDk1NjM0OHwxODY2MjI3

015/11/26 18:52:55,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:52:55,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:52:55,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:52:55,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:52:55,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,47,Allowed ;创建交换数据流 (C:\Users\NatsukiHanae\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier)
 2015/11/26 18:52:56,C:\Windows\System32\SearchIndexer.exe,53,Allowed ;执行应用程序 ("C:\WINDOWS\system32\SearchFilterHost.exe" 0 616 620 628 8192 624 )
 2015/11/26 18:52:58,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:52:58,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:52:58,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:52:58,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:52:58,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,47,Allowed ;创建交换数据流 (C:\Users\NatsukiHanae\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier)
 2015/11/26 18:53:04,C:\Windows\explorer.exe,53,Allowed ;执行应用程序 ("C:\Program Files\CCleaner\CCleaner64.exe" )
 2015/11/26 18:53:04,C:\Program Files\CCleaner\CCleaner64.exe,51,Allowed ;进程间通信 (TaskScheduler)
 2015/11/26 18:53:04,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Program Files\CCleaner\CCleaner.exe" /uac)
 2015/11/26 18:53:04,C:\Program Files\CCleaner\CCleaner.exe,53,Allowed ;执行应用程序 ("C:\Program Files\CCleaner\CCleaner.exe" /uac)
 2015/11/26 18:53:19,C:\Windows\System32\RuntimeBroker.exe,53,Allowed ;执行应用程序 ("C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe" SCODEF:8376 CREDAT:140555 EDGEHOST  /prefetch:6)
 2015/11/26 18:53:19,C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,20,Allowed ;记录键盘输入 
2015/11/26 18:53:20,C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,48,Allowed ;出站网络访问 
2015/11/26 18:53:20,C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,18,Allowed ;记录键盘输入 
2015/11/26 18:53:34,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 (C:\WINDOWS\system32\DllHost.exe /Processid:{7006698D-2974-4091-A424-85DD0B909E23})
 2015/11/26 18:53:44,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 (taskhostw.exe -RegisterUserDevice -NewAccount)
 2015/11/26 18:54:00,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 (consent.exe 360 468 000002427DB3E440)
 2015/11/26 18:54:00,C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe,53,Allowed ;执行应用程序 ("C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1)
 2015/11/26 18:54:01,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 (C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E})
 2015/11/26 18:54:01,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 (C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E})
 2015/11/26 18:54:01,C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe,53,Allowed ;执行应用程序 ("C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1)
 2015/11/26 18:54:38,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca)
 2015/11/26 18:54:38,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 (C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5})
 2015/11/26 18:54:38,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 (C:\WINDOWS\system32\browser_broker.exe -Embedding)
 2015/11/26 18:54:38,C:\Windows\System32\RuntimeBroker.exe,53,Allowed ;执行应用程序 ("C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe" SCODEF:9352 CREDAT:140545 EDGEHOST  /prefetch:6)
 2015/11/26 18:54:38,C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe,40,Allowed ;以修改权限打开进程或线程 (MicrosoftEdgeCP.exe(pid=9568))
 2015/11/26 18:54:38,C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,20,Allowed ;记录键盘输入 
2015/11/26 18:54:39,C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe,18,Allowed ;记录键盘输入 
2015/11/26 18:54:39,C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,48,Allowed ;出站网络访问 
2015/11/26 18:54:39,C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,18,Allowed ;记录键盘输入 
2015/11/26 18:54:39,C:\Windows\System32\services.exe,53,Allowed ;执行应用程序 (C:\WINDOWS\system32\SearchIndexer.exe /Embedding)
 2015/11/26 18:54:39,C:\Windows\System32\RuntimeBroker.exe,53,Allowed ;执行应用程序 ("C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe" SCODEF:9352 CREDAT:140546 EDGEHOST  /prefetch:6)
 2015/11/26 18:54:39,C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe,48,Allowed ;出站网络访问 
2015/11/26 18:54:39,C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,20,Allowed ;记录键盘输入 
2015/11/26 18:54:39,C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,48,Allowed ;出站网络访问 
2015/11/26 18:54:40,C:\Windows\System32\SearchIndexer.exe,53,Allowed ;执行应用程序 ("C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2533445751-2411481644-359974300-10011_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2533445751-2411481644-359974300-10011 1 -2147483646 "Software\Microsoft\Windows Search" ")
 2015/11/26 18:54:40,C:\Windows\System32\SearchIndexer.exe,53,Allowed ;执行应用程序 ("C:\WINDOWS\system32\SearchFilterHost.exe" 0 612 616 624 8192 620 )
 2015/11/26 18:54:41,C:\Windows\System32\SearchIndexer.exe,53,Allowed ;执行应用程序 ("C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microso)
 2015/11/26 18:54:41,C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:54:41,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:54:41,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:54:41,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:54:41,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:54:41,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,47,Allowed ;创建交换数据流 (C:\Users\NatsukiHanae\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier)
 2015/11/26 18:54:42,C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,18,Allowed ;记录键盘输入 
2015/11/26 18:54:46,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:54:46,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:54:46,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:54:46,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:54:46,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,47,Allowed ;创建交换数据流 (C:\Users\NatsukiHanae\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier)
 2015/11/26 18:54:51,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:54:51,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:54:51,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:54:51,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:54:51,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,47,Allowed ;创建交换数据流 (C:\Users\NatsukiHanae\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier)
 2015/11/26 18:55:08,C:\Windows\System32\browser_broker.exe,50,Allowed ;使用 DNS 解析服务访问网络 
2015/11/26 18:55:08,C:\Windows\System32\browser_broker.exe,48,Allowed ;出站网络访问 
2015/11/26 18:55:24,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:55:24,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:55:24,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:55:24,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:55:24,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,47,Allowed ;创建交换数据流 (C:\Users\NatsukiHanae\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier)
 2015/11/26 18:55:29,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:55:29,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:55:29,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:55:29,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:55:29,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,47,Allowed ;创建交换数据流 (C:\Users\NatsukiHanae\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier)
 2015/11/26 18:55:51,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:55:51,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:55:51,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:55:51,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:55:51,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,47,Allowed ;创建交换数据流 (C:\Users\NatsukiHanae\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier)
 2015/11/26 18:55:53,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 (C:\Windows\System32\DataExchangeHost.exe -Embedding)
 2015/11/26 18:55:57,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:55:57,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:55:57,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding)
 2015/11/26 18:55:57,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,55,Allowed ;正使用 DirectX 记录键盘输入 
2015/11/26 18:55:57,C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe,47,Allowed ;创建交换数据流 (C:\Users\NatsukiHanae\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier)
 2015/11/26 18:58:11,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 ("C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca)
 2015/11/26 18:58:11,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 (C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5})
 2015/11/26 18:58:11,C:\Windows\System32\SearchIndexer.exe,53,Allowed ;执行应用程序 ("C:\WINDOWS\system32\SearchFilterHost.exe" 0 612 616 624 8192 620 )

Other:
http ://bbs .kafan.cn/thread-1866622-1-1.html
http:// bbs.kafan.cn/thread-1866554-1-1.html
http:// bbs.kafan.cn/thread-1866510-1-1.html

and so on,I use the old virus database to test.

If you want to show a log, attach it.
Do not copy/paste it.

And make the links not clickable.
We do not want people to visit malicious websites or download malicious files.

Thanks.

It has been done.

By the way
http: //bbs.kafan.cn/thread-1866622-1-1.html
http ://bbs.kafan.cn/thread-1866554-1-1.html
htt p://bbs.kafan.cn/thread-1866510-1-1.html

It is just a BBS.

Hey Pondus here is the VT link:https://www.virustotal.com/en/url/53e47b305be26ad11a5aa10965e9fad7fd8d2c167d814b289ecb34bd065e9f3c/analysis/1448721622/ I rated as a Nagative on AOS :slight_smile: I report this URL to Viruslab.
Ticket ID is:#44624

Hey root1605 pls make all links not clickable.

Maybe you do not konw that the website is blocked in China. Now it seems more difficult to find a VPN to use.

I always use http:// virusscan.jotti.org/
http ://anubis. iseclab.org/
http ://camas .comodo.com/

I am very thankful for your reply!

you are welcome :slight_smile:

Ofcourse the website is blocked.
It is infected and malicious.

And again, make the links to it not clickable.

Done.
All the links… :slight_smile: