Ok I have tried and tried full scans. It only finds a single file infected but online scan at panda found over 20 references to actual infected files. I have lost my faith in this antivirus software that can’t remove such a major trojan.

Hmmm … you give us very little information to work with or to respond to.

I just ran a free Panda online scan of my system.

It told me I have 28 spywares and 2 viruses.

The 29 spywares were references to cookies on my system. Yes, I clear them every so often … not one of the biggest frighteners around and 27 more than I get from my weekly Adaware & Spybot scans … who to believe?

The viruses … apparently Sober variants in a couple of my old Thunderbird archives … that I never access and probably should delete … never reported by avast, Ewido or Bit Defender in multiple scans … who to believe?

I am not suggesting that you should not believe Panda … but if, like me, you ran their free scan … do do realize that their whole intent is to scare you into paying for their main product?

I am not trying to portray avast as the better product … I think that you need to choose your antivirus product according to your needs. If you are a really adventurous spirit in your web surfing and downloads it may well be that you need the absolute best in antivirus software that can cope with your risk taking. That probably is best provided by a top rated paid for solution.

If your surfing and download habits are not quite so adventurous then very many- like me - have have found that avast has provided for us a very safe and virus free environment.

Your choice - and we will be happy to welcome back to this forum when you decide avast is the best choice for you too.

If I counted correctly avast! has 22 (+/-) detections for different variants of sality

http://www.avast.com/eng/vps-content-2006.html

It would be surprising if it missed that much.

Sorry it is Sality and it does find it, but it can not remove it properly at all… can not remove or disinfect it. It just kept comming back I end up having to download trial version of panda antivirus to get rid of it after many attempts.

Molitar,

Have a look at the attached link for more information about sality and removal http://www.2-spyware.com/remove-sality.html

Cheers,

Thorny

Having read this thread, I thought I give that panda a go, yet ironically enough avast detected it as a virus!?

panda asked me to download an activeX component, 8 MB, is that correct? I aborted the download anyway.

Anyone know of this issue. At the moment, I trust avast more than panda, but I would like a 2nd opinion.

thanks

Yes, it does download the 8Mb of components (and more). While running the Panda scan I (temporarily) disabled avast scanning.

Panda’s virus definitions are not encrypted therefore avast will detect them as virii. Panda’s fault really. No worries though.

I stopped using Panda due to the number of FP. If I want to use an on-line AV scanner I use Kaspersky, and Bit Defender.

Jerry

Sorry it is Sality and it does find it, but it can not remove it properly at all.. can not remove or disinfect it. It just kept comming back

Why can’t it be removed, etc. what errors/warnings are you getting.

Files in use or in system folders (even malware) is protected by windows. If you have XP you can schedule a boot-time scan from within avast (not available in Panda as far as I’m aware). Or if win9x/ME boot into safe mode and run an avast scan from there.

Where was it originally detected, file name and location ?
Where does it keep coming back to, file name and location ?
What avast provider detected it, what were you doing, browsing, downloading, running an on-demand scan, etc. ?

It could be that there is another element that is restoring that virus, but we have little information to go on.

“Sality” is more spyware than it is a virus, since it includes
a keylogger . Best to use Ewido and/or an antiSPYWARE
program .

   "Thorny"s link has info that Spysweeper can remove it
    and they offer a FREE "Trial"; many Experts on 
    antiSPYWARE forums recommend this "trial" when
    appropiate .

Spysweeper could delete avast entries although…
If so, use the restore/recover or whatever it may be called to restore the deleted registry entry and update your definitions file for spysweeper. It reports incorrectly (false positive) the avast ashDisp.exe which is the icon you see on your system tray.

Lost faith in avast because it could not remove the infection?
What was the error message?
Can’t you schedule a boot time scanning?

Tech,

The link I posted also has information on the manual deletion of sality, which might be a better option?

The 2-Spyware.com site also contains the following advice "Sality infects local executable files, deletes files associated with installed security-related software including various antiviruses and firewalls." Could this be the reason why Avast can detect and not remove this spyware?

Cheers,

Thorny

I’m not sure… someone from Alwil should come here to explain.
Anyway, avast can only clean CERTAIN infections to executable files, not all of them :-[

My worry is once it had infected executables… like my dynsite.exe that I use for dynamic ip than Avast didn’t even find it at all. So it could not remove the dll file for it but would allow me to quarantine it. But it found no other infections I even did a reboot in safe mode and did the scan. But Avast reported nothing else found. Yet when I rebooted the computer and it came back up again a warning from avast about the dll it was reinstalled. Tried again but to no avail so I decided to try some online scanners like panda, kaspersky, and bitdefender it found over 40+ files that it had infected. Now that is scary since this installs key loggers which can get critically sensitive data.

Are you saying all three (panda, kaspersky, and bitdefender) found >40 infected files, or just panda?

Can you provide this information?

Also, are you using a firewall?

I wish to offer a public apology to Panda for a post I made earlier in this thread.

Certain reports in this forum have caused me to further research the complete inadequacy of avast scanning to be able to properly deal with the mail folders of the Thunderbird mail client.

In an earlier post I suggested that the finding by Panda of a Sober variant in a Thunderbird mail folder was a false positive. This was my error, the finding by Panda was absolutely correct.

This virus, that has existed on my system in the mail folder for more than a year has never been reported by avast in my weekly (ashquick.exe) scans of my mail folders or by thorough (including archive) scans by the on demand scanner.

It’s not that suprising, considering that avast! doesn’t really scan the content of Thunderbird mailboxes… (in the on-demand scan, I mean).

Well Panda can!

You are also, I’m afraid, misrepresenting the truth here.

My research in the last few hours shows avast does scan them, avast does modify them and I believe does, sometimes, destroy them.

Should I post further findings to someone in the team or publicly?

As I explained in the other post yesterday, avast! scans only the first message in the mailbox, as it looks like an ordinary EML file. So, if this one contains a malware, then it is detected and the subsequent action may confuse Thunderbird. The rest of the messages are not scanned (well, in special cases a malware may be found in the full scan of the file if the infected object is stored in plaintext there - but I believe it’s quite rare).