Recently I changed Norton Antivirus for Avast Home.
I liked it very much, faster, less memory for the resident protection.
But I had one problem that made me nervous.
Two days ago, Avast sopped working and I had to fix the installation so it could start again, it was the same problem many people already had and it is discussed in another topics, so I’ll not comment here.
But yesterday Avast found some Trojan in my temporary internet folder, the resident protection didn’t block them (as norton always did) and worst, even choosing to delete the files, they’re not gone. Avast entered a kind of loop, and after some time clicking to delete, a message that the file cannot be found (or something like that) starts appearing. But the warning keeps coming over and over.
So I downloaded ewido and spybot and scanned my system. Ewido found some Trojan and apparently cleaned them. Spybot found some adware and stuff and cleaned too. Now the problem seems to be solved, but I want to now if it is normal.
What is in my mind now is, or Norton was leaking many Trojan and I never known or Avast didn’t protected my system as it should. Its important to say that these Trojan wasn’t on my system on the first system scan I did when installed avast (and updated database) before the crash.
Please, do not understand this as a complain, I’m just trying to understand what happened and, if possible, continue to use Avast.
"Trojans" are BEST dealt with by using antiSPYWARE
and/or antiTROJAN program(s), not an antiVIRUS
program. I feel the Best such FREE programs are
Ewido, which you used, and/or "SUPERantispyware"
( the FREE ver ) from www.superantispyware.com .
An AV should detect viruses, worms and especially Trojans, which, according to a recent Symantec report, are the most common form of malware now.
No AV has 100% detection, as DavidR mentioned. As Ewido’s nabbed the Trojans now, it’s hard to know whether Norton had missed the Trojans, or if avast! let them through.
I wonder why they are in your browser temp files? Is your OS/browser up to date? If not, vulnerabilities may let Trojans get onto your computer. Have you been visiting crack/warez sites? If so. no AV is going to protect you from eventually getting burned. :-\
I suggest you update IE as a matter of urgency as there are many vulnerabilities that are being exploited. You should also consider an alternative browser one that isn’t based on the IE core as these are less susceptable to adware and spyware.
Even then you should take proactive action to limit the effect of any infection that does manage to get on to your system. Whilst browsing or collecting email (any program that has access to the internet that specifically doesn’t require administrative privileges). if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
Sign of “Win32:Horst-BF [Trj]” has been found in “C:\DOCUME~1\ATLETI~1\CONFIG~1\Temp\77exhdd.9.exe[UPX]” file.
Sign of “Win32:Horst-BE [Trj]” has been found in “C:\DOCUME~1\ATLETI~1\CONFIG~1\Temp\9exssd32.6.exe[UPX]” file.
Sign of “Win32:Agent-VM [Trj]” has been found in “C:\DOCUME~1\ATLETI~1\CONFIG~1\Temp\93exmodul32d.5.exe[UPX]” file.
Sign of “Win32:Agent-VM [Trj]” has been found in “C:\Documents and Settings\Atletico 1\Configurações locais\Temp\93exmodul32d.5.exe[UPX]” file.
David
You mean use a logon that don’t have administrator privileges in windows?
What do you think about usin firefox for browse?
Temp files containing the exmodul32 string are a sysmtom of Horst.AX:
Yes. you have Trojan-Proxy.Win32.Horst.ax on your computer
Virus creates files **exmodul32.exe in temp folder. this programs activity looks like spambot.
(This thread refers back to the avast! forum where similar problems have been posted.)
The most extensive thread Avast has had about
"exmodul" is at :
http://forum.avast.com/index.php?topic=20027.msg173564;topicseen#msg173564 .
( especially the last post by "stuzoo" )
It appears this is something that should be checked out
by a volunteer Experts on an antiSPYWARE forum; if you
know of none, I recommend www.landzdown.com .