Right click avast scan

Avast Free Antivirus / Premium Security
1

Is there anyway that the right click ashquick.exe command can be more thorough?.For example i have .exe file that contains multi adware trojan droppers yet ashquick (which would be the command that download managers use) does not detect it.Executing the file does bring avast detection , but by then some damage is already done i.e newdot.net installation which can alter network settings etc.
tia
me

2

So what if you scan the file in Simple User Interface (with all the settings set to high, archive scanning on)?

3

A scan of the file with resident set to high or custom (all files) and scan archives set to thorough fails to detect the malware .On execution however it detects it.

4

Vlk
Doesn’t that then defeat the whole purpose of ashquick?
I thought ashquick checks all downloaded files?

5

newdot.net is spy-/adware not a virus. I’m not sure if Avast detects this one but I am sure Vlk will tell you :wink:

It is always a good thing if you do not only use av software, but also applications like Ad-Aware and Spybot S&D and ofcourse have a firewall. (best is a router with hardware firewall)

Since there is no application that detects all harmfull things, I advise to use the two mentioned applications along with Avast and also HijackThis.

6

Its not only newdot net.It drops about 4 or 5 malware including one malware rebooter.Also the resident shield DOES kick in after execution , though too late to stop it dropping all the scumware.I submitted files to tojan hunter and tds3 as they didnt detect it either , but have updated thier data base.As i say avast does detect it after execution but its a little late then.
me

7
A scan of the file with resident set to high or custom (all files) and scan archives set to thorough fails to detect the malware .On execution however it detects it.

That only proves that the file is packed with some unknown method. It’s self-extracting, though. Therefore, if you run it, it extracts its contents to some temp files – and that triggers the on-access scanner…

No magic here…

8

Thats true what you say but is it not possible for avast to detect it?Heres what boclean log records on execution of the file…
08/09/2004 18:33:21: C:\WINDOWS\TEMP\STB1120.TMP
Trojan horse was found in above file
QUICKBAR TROJAN STOPPED by BOCLEAN!
Above file copied to C:\evidence.boc for examination.
Active trojan horse was shut down. System now safe.
Trojan horse was removed, registry cleaned.

08/09/2004 18:33:26: C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
Trojan horse was found in above file
NEWDOTNET2 TROJAN STOPPED by BOCLEAN!
Above file copied to C:\evidence.boc for examination.
Active trojan horse was shut down. System now safe.
Trojan horse was removed, registry cleaned.

08/09/2004 18:33:32: BUNDLE TROJAN VARIANT STOPPED!
Trojan horse was found in memory.
C:\WINDOWS\TEMP\BUNDLE.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.

08/09/2004 18:34:52: KEENVALUE TROJAN VARIANT STOPPED!
Trojan horse was found in memory.
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.

08/09/2004 18:35:12: C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
Trojan horse was found in above file
NEWDOTNET2 TROJAN STOPPED by BOCLEAN!
Above file copied to C:\evidence.boc for examination.
Active trojan horse was shut down. System now safe.
Trojan horse was removed, registry cleaned.

08/09/2004 18:37:33: EZULA/BOOT TROJAN STOPPED by BOCLEAN!
Trojan horse was found in memory.
C:\WINDOWS\ILOOKUP\TTIL.EXE contained the trojan.
Active trojan horse WAS shut down. System now safe.
I have submitted the file a few days ago , so perhaps it hasnt been included yet.
Spybot and adware etc would be no good in this case as they would only detect the malware after execution of the file.
me

9

I don’t have info on the trojan – but keep in mind that newdot.net recently won a legal battle forcing Ad-Aware (and other anti-spyware tools) to remove them from “blacklists”.

10
I don't have info on the trojan -- but keep in mind that newdot.net recently won a legal battle forcing Ad-Aware (and other anti-spyware tools) to remove them from "blacklists".

I was wondering why newdot.net wasn’t compleatly removed from my pc after spybot, ad-ware, bazooka spyware and spysweeper, removed parts of it, i had to uninstall it normally, run hijackthis and remoive them bits, restart, then deleat the folder.

–lee