Troian.AutoIt (as it’s detected by ClamAV) appeared today in our corporation.
I read in this forum that this is a long story and we’re all still waiting for an updated netclient edition.
The virus is detected by the Home/Professional version but not from the NetClient.
Both of them have VPS updated to 03/02/2010.
I JUST BOUGHT A 3-YEARS subscription, guys! (I mean AVAST guys)
I feel so stupid; next time I’ll install Home (and free) edition through the whole corporation.
Or better I’ll choose another serious product.
The funniest thing is that home edition is more updated than a corporate one… What?
How could you mantain two (or more) versions of your scanning engine?
Can’t wonder why you share it only between Professional/Home, excluding NetClient.
We are paying for it!
We don’t need an update just to have fun, we have a security threat open (3 months ago) and I want it be closed RIGHT NOW!
Please give an answer NOW, or my legal department will quickly give you a call .
I feel your pain. I just insisted a great deal of my client base change from trend to Avast and started deploying last week.
Yesterday the financial controllers workstation got nailed on a newly deployed (completed) site - Avast NetClient 4.8 (fully up to date) saw the virus :-
avast! [MLDH141]: File “C:\WINDOWS\system32\drivers\4DW4R3.sys” is infected by “Win32:Agent-AJDG [Rtk]” virus.
“Resident protection (Standard Shield)” task used Version of current VPS file is 100203-1, 03/02/2010
Avast then proceded to allow ALL of the following files to infect the workstation :-
04/02/2010 11:33 AM 0 18467.exe
04/02/2010 11:13 AM 0 41.exe
04/02/2010 11:13 AM 50,688 helper32.dll
04/02/2010 11:11 AM 22,528 qtru.lfo
04/02/2010 11:13 AM 54,272 smss32.exe
04/02/2010 11:13 AM 2,931 warning.html
04/02/2010 11:13 AM 54,272 winlogon32.exe
04/02/2010 11:13 AM 1,487,872 IS2010.exe
I zipped them all up in a password protected zip, and submitted it using virus chest from another machine… Avast is still not detecting these… how long does it take Avast techs to react - seriously ??
I have 10 sites in the past 10 day purchased this and about 20 more sites to go -around $50K income to Avast - then this happens making me look like a fool.
I used PSList and PSKill from another uninfected machine to kill the running malware on this machine due to the malware disabling task manager. The desktop appeared to be ok but after rebooting it never came back. I had to reimage/redploy the machine. Much time lost. It was this type of thing on sites that forced me to dump Trend.
That all said, I DO NOT regret my decision to purchase/deploy… I am just questioning the reaction time for new attacks - when submitted using the Avast preferred method.
I think your 3 year investment is a good one - and I would stick with it to be honest.
The AutoIt files (compiled using AutoIt) are frequently misdetected (as script kids use it) so I would say you should confirm the detection at virus total, etc.
As I said in my first post, the virus is detected both by Avast Professional (engine 4.8.1351.0) and Avast Home but NOT by Avast NetClient which has the old 4.8.1038 engine.
The three AVs are fully updated (VPS+engine) at today: 09/Feb/2010.
I agree, this is completely unacceptable. We are evaluating the ADNM/NetClient software right now, and while Avast Pro is my favorite AV by far, I don’t think I can recommend that we go through with a purchase on the Standard Suite given the inattention it has received.
If this is why “C:\WINDOWS\system32\drivers\4DW4R3.sys” trashed a machine that in turn required a reformat/reimage, then please count this as my vote also for attention required to the NetClient.
Am I now expected to now deploy the Professional Product instead of the NetClient on 250+ desktops over 10+ sites ?
I still do not regret buying or recommending, but my eyes are opening up a little regarding the corporate product and its lack of updates/support
Does anyone from Avast read the forum (I do really appreciate all of the comments/assistance/help in other posts from Avast Evangelists btw)
I would even be prepared to test a Beta of V5 NetClient on one of my sites ngiven the comments around the v4.8 client currently
I think they don’t read emails too.
I sent my requests (together with a virus sample) to both support@avast.com and sales@avast.com a week ago, but they didn’t reply.
They got the money and disappeared!
Hello, anyone? We’re talking about a security threat, and you already have an in-house solution (Professional and Home versions)
I’m just going to start a legal action to get my money back (3 years, what a stupid!)…
All I can suggest is reporting it as undetected malware and make it clear that it is undetected in NetClient version number, but is detected in avast 4.8 (the version used by VT), etc.
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help (also the VT results URL) and undetected malware in NetClient version number, in the subject.
I really appreciate this, even if it was a long wait.
I still can’t get how they could keep these two kind of products (Pro/Home and NetClient) so unrelated.
At least the detection engine should be shared, IMHO.
.