I’m trying to find out why Avast doesn’t seem to catch the rogue anti-virus & security programs that are running rampant. In the last month or so, I’ve removed 4 or 5 infections from computers running Avast. One client got infected twice in 3 weeks with 2 different rogue programs while running Avast 4.8. Is additional software needed or does Avast just not protect against this type of malware? Other suggestions?
4.8 is all but history. So if this is from people still on that version, please tell them to update their software. But even newest Avast!, or any other security vendor, has problems keeping up with the rouges.
It does protect against them, it blocked one for me once, but they produce new variants very quickly, hard to keep up with.
Additional software needed? I have not heard a peep from a single rouge since I started using this>>http://noscript.net/ , which would require Firefox, not everyones browser, but I know Chrome has a similar one called NotScript.
When you say it’s all but history, does that mean it’s no longer functional? I know all the infected systems were current for updates. I realize very new variants could be a problem, but this seems to be a bit unusual.
4.8 is not current Avast!, has not been program updated in over a year (which is like a century by online security standards). Virus definition updates will soon end for it also. Newest Avast! version is 5.1.889.
The last program update for avast 4.8 was over a year ago, so nothing new has been added to it functionally, as it has to retain compatibility for older OSes. Now avast 5.x isn’t restricted in that way as it doesn’t support older OSes and has additional detection routines that aren’t in 4.8 or the 4.8 virus signatures.
Avast 5.0 has been out for a year and 5.1 released at the start of this year and they are moving to drop support for avast 4.8 as currently there are two virus definitions update streams, one for avast 4.8 and another for 5.x and this can’t go on forever.
Rogue applications are a constant moving target with new variants constantly released.
I have a copy of the rogue program - Defender.exe - since my client was infected again. Is this useful to the Avast staff in figuring out why this program goes undetected?
upload the file to www.virustotal.com test it with 43 malware scanners
when you have the result, copy the URL in the address bar and post it here
Send sample to virus @ avast . com in a password protected zip.file
subject: undetected sample
password: infected
No security program have 100% detection
Fake antivirus overwhelming scanners
http://news.techworld.com/security/3203072/fake-antivirus-overwhelming-scanners/
The reason for the growth in numbers is what is known in technical terminology as ‘polymorphism', an old defence technique which involves changing the binary checksum of every copy (or download) of a piece of malware. This makes it much more difficult for antivirus programs to detect the programs.
Thanks for the info Pondus. Uploaded the file and it’s already listed.
a link to the result would be nice so we can give you furter infoarmation how to deal with the rought.
i suggest you download, install update and scan with malwarebytes antimalware they do a good you dealing with roughts.
http://filehippo.com/download_malwarebytes_anti_malware/ as a first step.
let us know on the progress and good luck.
Here’s a link to the infected file http://www.virustotal.com/file-scan/report.html?id=fc9d5843148da7751cc1f997c28d6cf020e8b199c3ccae2c4ce9e6db261c2296-1296140493. I can remove these manually, the problem is Avast is still not detecting them as a threat.
add the files to the chest of avast and upload them from there to avast.
should be the simplest way of sending them the files, i think.
I removed Avast and don’t have access to that computer anymore, so I can’t use that method to upload.
Check your “My messages” in top right corner
Hi All what a pain i had fake antivirus software got passed my Avast 5 all updated.
Had to disconect from internet and use my mobile to goole what to do.
This fake program shut down Super antispyware and Malware antibytes.
In the end safe mode with networking and then re run and updated above with Hitman pro 3.5.
Fixed and then re scan with all above and 3 online scanners.
Best part of 3 hrs wasted.
Would like the experts to tell me why this got passed Avast 5.
I think the rogue was smoething like pc tool NOT PC TOOLS.
Would like the experts to tell me why this got passed Avast 5.No security program have 100% detection, if they did there would not be a virus problem on the net!
Fake antivirus overwhelming scanners
http://news.techworld.com/security/3203072/fake-antivirus-overwhelming-scanners/
Aside from that, in your cleaning process did you think to send the detected samples to the avast chest, so you could send it to avast for analysis and inclusion in the virus definitions ?
Or send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body and undetected malware in the subject.
yes item saved and will be sent.
I fully understand that nothing is 100%,however if you google these fake programs then it is clear its a big problem and getting worse.
I like avast and this is the first time it has let me down and the boot scan found nothing but i kept the SAS AND MAB logs.
Also i am trying to get the link/site that crashed my system.
I have a real old xp celeron laptop that i use for this in other words if it crashes no worries.
Will report back.
Thanks for the advice,But others watch for this one getting into your system. 
Pondus, I was going to zip it up and send the file to you and the address DavidR supplied, but Avast now recognizes it as a threat.
David, I don’t know if that’s directed to me or not. No, I did not. I wasn’t aware there was an option to upload the file and I usually just delete as opposed to quarantine.
It was more directly for cool jay who used other tools to detect and remove it as when you are tracking down malware you often forget that collecting the undetected samples to send to avast to improve detections is often the last thing on your mind.
But, yes it is also indirectly to you and all who might have this problem and happen to read this topic. If you use this as an example, what happens if you get hit by this again in a week or so and avast still hasn’t received a sample of it, then it gets through again and you are on the cleaning cycle again. So where ever possible undetected samples should be sent to avast as I outlined or you can manually add it to the chest and send/submit it from there.
Generally - Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest (a protected area)/Quarantine and investigate.