Resident Protection?

I hadn’t done a virus scan for a couple of months mistakenly feeling safe in the fact that I was being protected by Avast 4.6-691. I did a thorough scan last night and 1170 files were apparently infected by various versions of Netsky, Beagle, Mydoom, Bugbear etc.

I noticed that my protection level was set to “Custom”. I have changed this to “High”. Am I missing something? Should I have some other setting?

The system is now apparently clean but help would be appreciated to avoid future “surprises”!

RobJ

  • Read Avast’s manual and make yourself familiar with the settings Avast it is offering.
  • Change to settings to your needs.
  • Use a firewall

And to make sure that your system is clean, do as instructed HERE

What do you mean by ‘apparently infected’ they either are or they aren’t infected.

All of the viruses you listed (Netsky, beagle, mydoom and Bugbear) use email attachments to spread (so you would have had to have opened the attachment), you need to:

  1. Ensure that the email scanner (appropriate to your email program, which you didn’t mention?) is running as this should be your first line of defence.
  2. Exercise safe hex, don’t open unknown attachments.

Custom generally is equal to or higher than HIGH otherwise it would default to HIGH, what did you change? You would have had to change something in order for it to be set to Custom, it is not wise to change settings without knowing what the change will do (avast help file). The one which may be relevant to this issue is scan all created/modified files, scan all files, this should have been your second line of defence after your email scanner.

A google search for the virus name plus removal tool should help recover the infected files, if the avast! Anti-virus Cleaner doesn’t resolve it completely.

Thanks for your prompt replies.

Eddy - where do I find the Avast Manual? Yes I am using a Firewall - ZoneAlarm.
I’m a bit reluctant to disable System Restore to check the system because it deletes all previous Restore Points and then it would be like doing without a safety net. But if it’s absolutely necessary then I will.

DavidR - I’m sorry - I shouldn’t have used the word apparently. Avast thorough scan said that the files were infected so they were infected.

My email program is Outlook Express and email scanner is always running. It has in the past alerted me to suspicious emails so it has worked.

I would never open an attached file from an unknown source. My son is the other user of this computer and he swears that he hasn’t either. So this is a mystery.

After using the DELETE function for all virus “Finds” during the full scan I did another scan and then no viruses were found. As “belt and braces” I also used avast! Anti-virus Cleaner and no viruses were found then. So should I do the Restore Disable and further scan to be sure?

Regards

RobJ

where do I find the Avast Manual?
start > programs > avast > manual/help or in Avast's folder. Look for a file called help.chm
I'm a bit reluctant to disable System Restore to check the system because.....
System restore is only for certain Windows files. Better is using a image of a working drive as backup. Or a good backup util. (eg: Norton Ghost or Nero's backup option)

Example of what system restore can do:

  1. you have a working system with system restore enabled
  2. the system gets infected
  3. you remove/clean the infection
  4. you run system restore
    Guess what? System restore puts back the infection :-
    That’s one of the reasons why I (and many others) recommend not to use it.

On looking further into email scanner performance, avast is working fine on my @ntlworld.com account (using gfi email tester). The problem is that my son’s email comes via hotmail.com and avast email scanner does not work for this.

I have tried to fathom out the Help topic for a fix for this but I am completely lost with all the jargon etc.

I guess we’ll just have to do more regular scans.

RobJ

  1. Hotmail I believe is meant to be scanned for viruses, so that too would appear to have failed.
  2. Web/Standard Shield should provide a fall back position for web based mail as it is either viewed as a web page or downloaded by OE (but not as pop3 email), when saved to the disk this should be scanned by Standard Shield depending on the settings. If there is an attachment you may need to educate your son to save it to a temporary folder on your HDD ‘Attachments’, before opening them, when saved to that location Standard Shield should scan them as they are newly created files.

Deletion is never the best first option, move to chest allows for future remedial action, such as repair, etc. if possible.