LIST OF MALWARE NOT DETECTED W/AVAST

My computer hadn’t been running properly, shortcuts stopped working, windows programs were disabled…and after multiple thorough scans Avast found nothing wrong. This is with a licensed version. Can someone tell me why?
Since running an alternate program, my computer is now functional.
Avast was up to date. It was eventually disabled by the malware, that was when I sought additional help.
I also ran ALWIL Virus/Worm Cleaner, and these files were “not able to be scanned”
If you are showing any of these program files in your system, I suggest you perform an alternate scan until Avast catches up.

ComboFix 09-11-05.01 - Mama 11/05/2009 16:43.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.233 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp1.tmp
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Uninstall Fun Web Products.dll
c:\recycler\S-1-5-21-1076938913-1788782439-1649114590-1006
c:\recycler\S-1-5-21-1335824712-230926726-149657146-500
c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
c:\recycler\S-1-5-21-2308430894-1623928607-1027514085-1006
c:\recycler\S-1-5-21-2320242337-1531394502-1403792422-1006
c:\recycler\S-1-5-21-3655382875-1176697792-341787293-1006
c:\recycler\S-1-5-21-4218230653-959414080-196939669-1006
c:\windows\9g2234wesdf3dfgjf23
c:\windows\instsp2.exe
c:\windows\ld08.exe
c:\windows\mqcd.dbt
c:\windows\pp06.exe
c:\windows\system32__c008B98.dat
c:\windows\system32\ajugonoy.ini
c:\windows\system32\akuyokav.ini
c:\windows\system32\aluzevar.ini
c:\windows\system32\ashl.nq
c:\windows\system32\azton.mt
c:\windows\system32\baborefe.dll
c:\windows\system32\bamukitu.dll
c:\windows\system32\bibegipe.dll
c:\windows\system32\Cache
c:\windows\system32\dolman.zt
c:\windows\system32\ebavirek.ini
c:\windows\system32\efafedin.ini
c:\windows\system32\eferobab.ini
c:\windows\system32\epigebib.ini
c:\windows\system32\eqxhpj.dll
c:\windows\system32\eworukap.ini
c:\windows\system32\fairy.an
c:\windows\system32\ferryl.cbv
c:\windows\system32\fidofepu.dll
c:\windows\system32\heribaye(2)(2).dll
c:\windows\system32\ikanohul.ini
c:\windows\system32\imewopen.ini
c:\windows\system32\imuwajev.ini
c:\windows\system32\inqby.sr
c:\windows\system32\isifewuj.ini
c:\windows\system32\jahomayo.dll
c:\windows\system32\jajulaze.dll
c:\windows\system32\jivavadu.dll
c:\windows\system32\jizimuzi.dll
c:\windows\system32\jkshfuiehi.dll
c:\windows\system32\juwefisi.dll
c:\windows\system32\kerivabe.dll
c:\windows\system32\kirasahi.dll
c:\windows\system32\kutipuni.exe
c:\windows\system32\lamofuku.dll
c:\windows\system32\lelehaku.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\luhonaki.dll
c:\windows\system32\luyudoya.dll
c:\windows\system32\midepoba.dll
c:\windows\system32\miziwiva.dll
c:\windows\system32\nageyefu.dll
c:\windows\system32\netutode.dll
c:\windows\system32\oliloliz.ini
c:\windows\system32\omodeyav.ini
c:\windows\system32\owotited.ini
c:\windows\system32\rivenape.dll
c:\windows\system32\rukakaja.dll
c:\windows\system32\sdra64.exe
c:\windows\system32\sizugomu.dll
c:\windows\system32\SYS32DLL.exe
c:\windows\system32\tabupulu.dll
c:\windows\system32\ulupubat.ini
c:\windows\system32\ulusitaw.ini
c:\windows\system32\vanituti.dll
c:\windows\system32\vekukedu.dll
c:\windows\system32\wetemawo.dll
c:\windows\system32\wetudave.dll
c:\windows\system32\wikipuha.dll
c:\windows\system32\wimavapa.dll
c:\windows\system32\wotitiha.dll
c:\windows\system32\yarajobi.dll
c:\windows\system32\yijeziye.dll
c:\windows\system32\yonesefe.dll
c:\windows\system32\zodatibo.dll
c:\windows\t55ft2692f44.dat
C:\xcrashdump.dat

----- BITS: Possible infected sites -----

hxxp://82.98.235.208
hxxp://82.98.235.205

this is awkward… how come these viruses wasn’t detected?
maybe, a certain virus disabled avast? :-\


Avast was up to date. It was [b]eventually[/b] disabled by the malware, that was when I sought additional help.
I added the above bold as I believe Eiredame meant to type [u]evidently[/u] instead of eventually. This would support your comment of avast being disabled.

@ Eiredame -

I suggest you run malwarebytes antimalware (MBAM) (free version) to see what it finds and post the log here. You can get MBAM at the link below.
Download it, install it, update it, and then run a quickscan.

http://www.malwarebytes.org/mbam.php


Hello everyone. I just registered here, because Im having some problems with Avast.
I have to agree with the poster, that Avast just can’t find the viruses in time, which is really sad.
I’ve been using Avast for over an year on my laptop, and Im about to change it.

Because…

  1. It cant find the viruses/other malwares as fast as other AV’s.
  2. Scanning takes forever, and still can’t find the threats.
  3. My friends always cracks up when they see Avast running on my computers… ::slight_smile:

The latest hit which forced me to come to this conslusion, is what happend yesterday.
Here’s what happend:

I had Avast 4.8 home at the HIGHEST secure level. I went to download a missing video codec, which I needed. I downloaded it and installed it. The codec still didnt work, so I started to suspect if it was malware instead the actual codec. I scanned it with Avast, and it told me that it’s clean. So I went to wxw.novirusthanks.org, ran the scans and found out that it was a trojan downloader. Well, that was a nice F* suprise.
So, because Avast failed to find it, I went and brought Windows Defender on, just in case. And woohooo! I got tons of warnings of unauthorized actions inside my computer. Because of the infected “codec” I downloaded, this msa.exe appeared to my windows folder and it was trying to access the network all the time, and change important registery files. And the funny thing is, that Avast still didnt notice anything unsual happening. So, I disabled Avast and installed AVG FREE EDITION, and ran scans with it. And suprise, suprise. It found two infected exes and a infected registery file. The exe files were: msa.exe in my windows folder. The other exe was b.exe which was in my temp folders. So I ran the cleaner with AVG and I had to restart the computer. So I did. When I got back to my desktop, I got the message from AVG that all threats has been removed. I was so happy. But… 10 secs later, I got the blue screen telling me, that Windows has occured a critcal error and it crashed. I rebooted my computer and same happend again. At that time, I was really worried, because I didnt know if I still had the recovery disc for Windows. But thank god, HP had the recoveries saved on D drive, so It was easy to repair windows from there. So after I repaired windows, it all went back alive as usual. But when I got back to my desktop, I found out that Avast had died during the battle. I tried to uinstall it, but it just gave me an error that I should contact support.

Well, now Im without any AV’s, but I quess it’s the same even if I’d use Avast, right?
So Im really dissapointed how bad Avast is.
Im just gonna boot in Safemode and get rid of this crap, while I still can.
Im also gonna uinstall Avast from my other laptops, notebook and PC’s.

PS: One of my PC’s have the PRO version of Avast installed.

@Teempla

No anti virus application is going to protect your system 100% of the time with the prolific malware creators being so active on today’s infection plagued Internet so a Layered Approach is necessary:

  • Keep an up to date anti virus application like avast! with resident protection enabled
  • Have an anti malware application like Malwarebytes’ Anti-Malware (MBAM) with resident protection enabled and updated
  • Use a HOSTS file to protect you from known malware sites
  • Use WinPatrol the system Security Monitor to watch over what is running on your system.

I chose to use hpHosts and MVPS HOSTS files managed by HostsMan and its browser speedup proxy HostsServer

MBAM:
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

WinPatrol:
http://www.winpatrol.com

msa.exe is not a new virus. It’s been there ever since the year 2008, but yet Avast cant find it? ???
It came with infected video codec. Im not even sure if you know what msa.exe does?

Well, here’s a text I found with google:

[i]"MS Antivirus, also known as MSAntivirus, or MS Antivirus 2008, is not from Microsoft. Please keep this in mind. MS Antivirus is a copy of Vista Antivirus 2008 or its variants. MS Antivirus is a counterfeit antispyware that devastates the computer world. MS Antivirus usually come up after you installed a video codec that come with Trojan, malware and virus. MS Antivirus normally generates fake and misleading system popup error messages so end-users will be tricked into purchase MS Antivirus.

It is very critical to remove MS Antivirus and all its components."[/i]

msa.exe comes with other exe’s aswell, such as: a.exe, b.exe and c.exe. I only got b.exe, as I managed to block them.
My point is, that if I’d have used other AV, I wouldn’t probably had this problem.
So yeah. Now that Avast has died, Im not going to reinstall it. Im sorry, but that’s just how it’s going to be.

A few years back, I had a PC, which only had AVG free and windows firewall (XP). I never had this kind of problems, just a few spywares here and there, but nothing serious. And Im still basicly doing the same stuff with my computers as I used to back then.

But thanks anyways. I’ll get a better security to this laptop soon.
Firefox + NoScript + Firewall has to be enough while I get the new AV installed. :stuck_out_tongue:

Nice decision though…

Thanks for using avast! for over, I think, a year or so…

If u still had that virus, try MBAM…

Good luck

-AnimeLover^^

You will find that MBAM detected and removed msa.exe, a.exe, b.exe and c.exe very shortly after they were released.

Use whatever protection you want but keep your facts correct.

@ Eiredame

Could you post your combofix log complete so we can get some leads on what avast needs to catch up. I presume you have edited the log complete, but I’m unsure of this. I haven’t run combofix myself because I run avast as resident antivirus so never come across the difficulties that you experience.

@ Teempla

if you go to your Windows event viewer you will be able to locate those events that relate to all the problems that you were having with your viruses, and also find error messages that will inform that the video codec did not work for you, and so on etc all the data that we will need to see how avast was unable to meet your defense standards.

Also I would like to know for my own learning how you were able to cleverly manipulate your d: drive such that HP could save the recoveries. So what drive do you now use for your CD or DVD player? See pic below for how my computer sets the d: drive to service my CD Rom player - XP does this by default (March 30 2005 is the name of the volume on compact disk I have inserted in the player).

Also, can you reply post the error message that your computer returns to your desktop screen when you try to uninstall avast. This is normal procedure. You use a software program to capture an image of the error message, save it as jpeg or gif file to your hard drive, and when you reply you can attach the file to your post using the Additional Options function that comes as part of the text editor that is provided for members of avast web forum. This also is normal procedure. We can then get a better picture of what is your problem.

Yeh, I will.
I have the following softwares installed to my other PC’s:

  1. SpyBot S&D
  2. MBAM
  3. COMODO firewall + Internet security.
  4. Avast 4.8 home/pro.

I think, I’ll go with the same combo with others (Not Avast.).

I just made a fast scan with MBAM and it gave me this:
“HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) → No action taken.”
Should I remove this?

Kenny, I know enough facts to know, that Avast is not the AV for me.
But thanks for your input, anyways…

Im gonna go have lunch now.

Probably…Remove it for precautions^^

-AnimeLover^^

Thank you all for this discussion. As a result, I have downloaded Hosts, updated MBAM.

I run W2K, Avast free ed., MBAM, Secunia PSI,

Questions:

  1. Does not WinPatrol serve the same function as Processes on Task Manager?

  2. After reading Teempla’s post on missed viruses, I wonder about upgrading to Pro.

  3. Considering upgrading to Pro & want to know of processing time is decreased over free edition. Some websites and programs take along time to process. I would like to get through these sooner. Of note, Facebook/Mafia Wars, a slow site anyway, but processing takes many seconds rather than one.

  4. Speedplexer seems to be an advertizing bank. Avast ID’d several files unable to open. Could do without, but wonder if I need to uninstall it.

It does show the active processes but it does much more:
http://www.winpatrol.com/features.html
Free vs PLUS comparison:
http://www.winpatrol.com/compare.html

2. After reading Teempla's post on missed viruses, I wonder about upgrading to Pro.
The Pro has the same scanning and detection engine but is adds Script blocking and Push virus definitions: http://www.avast.com/eng/avast-compare-home-professional.html
3. Considering upgrading to Pro & want to know of processing time is decreased over free edition. Some websites and programs take along time to process. I would like to get through these sooner. Of note, Facebook/Mafia Wars, a slow site anyway, but processing takes many seconds rather than one.
Its about the same.
4. Speedplexer seems to be an advertizing bank. Avast ID'd several files unable to open. Could do without, but wonder if I need to uninstall it.
Speedplexer looks like an Internet speed test and belongs to download.freeze.com and should be removed.

Has this list here in OP also been given to Malwarebytes?

Don’t worry about this type of incidents Teempla. Each antivirus/antimalware products detect “always” different malwares that others (antimalware) cant detect. When I used AVG 8.0 was bad enough, it detected many malwares that could never removed.

MBAM detect a lot of FP’s, and is slow, I don’t like MBAM

I prefer Advance System Protector (www.systweak.com) search for System Protector in the page

systweak is a bogus malware remover:
http://hosts-file.net/default.asp?s=www.systweak.com+ <==FSA - sites engaged in the selling or distribution of bogus or fraudulent applications

Ok, your right detect various FP’s. What about ASO 3, is good? or bad?

Never heard of ASO 3.

Google:
http://anthraxvaccine.blogspot.com/2009/10/aso3-and-aso4-adjuvants-my-error.html

pats YoKenny on back
:slight_smile: