41

The presence of the infected *.tmp files implies otherwise but you’re certainly free to wait if you prefer.

42

Are you using it at home or at your office?
Does it work well and worth what you’ve payed for it?
Did you test other content filtering applications? Can you compare them?

Oh, maybe we’re hijacking the thread ;D

43

Lets put it this way, after using Avast! at home, I sought out Avast! for our corporate network (1500+ machines) and it blew our previous AVS out of the water as regards to performance and cost.
I’ve had exemplary support from Ondrej and his team as well as support from a UK distributor (AVOSEC), I have no complaints about the product at all. Little mysteries like this are fuel for guys like Onrej. He thrives on it.

And yes, since it’s not causing any major problems, I’m happy to wait for the Avast! guys to come up with any ideas. Running rootKit discovery tools on tens of infected PC’s could take forever around here.

44

My curiosity was about the web filtering products and not about avast 8)

45

To quote a famous yellow skinned balding father of 2.

“DOH”

Websense is used at work, It does a very good job. Better than our old webfilter. Cheaper too. Anything I source these days has to fulfill those criteria. Better faster, cheaper; well not so much the faster, this is the NHS!

46

Who is it?

??? I’m not English-native… ???

??? I’m not English-native… I’m not following you. Sorry.

47

NHS = UK National Health Service.

48

Homer Simpson? ;D

49

Sorry David, makes no sense for me at the original post. I still does not understand.

Not following either ???

50

It relates to the domain path which was preciously queried and a bit of a joke about the NHS in QEHNick’s reference to faster, ‘well not much faster’ it is the NHS!, which isn’t very fast.
In the UK, waiting lists to get treatment are long and waiting time in accident and emergency hours. So the comment is really only going to be understood by those in the UK.

Unfortunately you selective quote of NHS in isolation loses the context for saying NHS, so I only explained what you quoted.

Websense is used at work, It does a very good job. Better than our old webfilter. Cheaper too. Anything I source these days has to fulfill those criteria. Better faster, cheaper; well not so much the faster, this is the NHS!
Do you recognize the domain in these lines O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xqehkl.nhs.uk
51

Yes sorry for the confusing nomenclature.

And Homer simpson has 3 kids not 2, so my bad!

52

Now I might be speaking too soon but…
It appears that Ravmone.exe is now being detected “ON-ACCESS”!! :smiley: ;D :-*

There have been at least two VPS updates this weekend, did one of them fix the issue?

Can you let us know Vik?

Nick

53

Which is the virus name?
Check here: http://www.avast.com/eng/vps_history.html

54

The virus name in in the previous posts, and was previously detected by avast on-demand scan but somehow failed to be detected by the on-access scanner.

This is just Nick giving feedback that it is now detected by the on-access scanner.

55

Had a reply from Vik

Yes I think they made some changes that it is now being picked up as "Trojan-Gen" as well... The problem is quite tricky, actually. The RJump thing is actually written in Perl and the executable hosts a whole (redistributable) Perl interpreter engine. As a result, it's quite tricky to detect - and is found only during a deep scan (which is not enabled for on-access).
56

Thanks for the update, very sneaky little beggar indeed. Hopefully this will have helped avast to get a handle on it now it is detected by the on-access scan as you mentioned previously.