It isn’t that strange there are thousands of new malware variants created daily and AVs are playing catch up, so new detections are added to try and catch up and modifications to heuristic, generic and algorithmic signatures. So it is important to have the virus definitions set to auto update.

The full system scan and the Quick scan are for the most part going to be scanning inert or dormant files and those scans are going to be limited by the current virus definitions. The File System Shield takes care of the active file scanning and has other tools at its disposal like the emulation feature (sf.bin) and behavior shield etc. to try and catch malware not in its signatures that although it doesn’t match a signature it considers suspicious.

Was the behavior shield actually blocking these files from running (I suspect so) ?

When these shields find something considered suspicious that information should be being filtered (anonymously) back to the avast labs through the CommunityIQ feature. This in itself can reveal patterns and suspect files which get added to the virus definitions.

You’re welcome, glad we could help.

I too would also recommend you download, install, update and run MBAM to ensure that there are no registry remnants of these files. Avast would normally try to remove any registry run commands for the files it detects, but I would say having a second scanner run as a backup is going to improve overall security.

yea the shield was blocking the apps from running hence the constant opening and closing

gonna dl MBAM as well to be sure
just wish i had quarantined the files rather than deleat them as avast support have asked me to send the suspicious apps to them which i cant do now

many thanks again

steve

No problem, glad I could help.

Better the hassle (attracted your attention to it) than for the behavior shield to have allowed it to run ;D

Shows the benefit of the other shields which aren’t reliant on the signatures, giving the signatures a chance to catch up.

Yeah, nice to see some behavior shield action. Rare that you hear of it doing much here on the forum. Probably worked perfectly in this situation, held things in check till the signature update started detecting them for sure.

The one that gets most of the action is the network shield blocking access to malicious sites.

ok got MBAM did a quick scan and low and behold
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) → Quarantined
HKEY_CURRENT_USER\Software\Microsoft\idgbn5xehg (Malware.Trace) → Quarantined
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) → Quarantined

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.Palevo) → Value: Shell → Quarantined
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OO1310T0QS (Trojan.FakeAlert.SA) → Value: OO1310T0QS → Quarantined
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Worm.Palevo) → Value: Taskman → Quarantined

a few nasty s lurking there

Thanks again

steve

I would suggest starting a new thread under Viruses and Worms, and let Essexboy take a look at the computer.

He will help you clear out the rest of the bollocks on your system.

@ Puffing
These are I believe orphan registry entries remaining after avast cleaned out the other infection.

Do I think you need to start another topic to investigate this, I don’t think so unless you have specific symptoms. So I would monitor your system for unusual behaviour, as you did to find this in the first place and if found then further investigation would be advised. You should also run periodic scans with MBAM and avast for a while to confirm you are in the clear.

I would recommend that you get a 3rd party firewall, the XP firewall is about as much use as a chocolate fire guard as it has zero protection against unauthorised outbound connections.

im with you david on this pc is clean now and running fine will keep an eye on things

any idears on a good freeware 3rd party firewall im a little out of touch nowadays i used to use peergaurdian when i did a lot p2p nowadays dont realy dl much only got dialup ware i live so slow as hell

Well peergaurdian I think is a more specialist firewall, but I believe a relatively light firewall is - PrivateFirewall, http://www.privacyware.com/personal_firewall.html. I don’t have any personal experience of it though.

Generally a firewall shouldn’t slow your dial-up connection as you already have inbound in the form of the windows firewall; when a 3rd party firewall is installed this is normally disabled and the actual outbound connection checks happen before the connection is established. So in theory you shouldn’t notice any difference, dial-up will still be slow (I know as until 8 months ago I was on dial-up with the firewall in my signature.

There are many others:
Many forum users are using these:

• PCTools Firewall Plus. This is a relatively user friendly firewall.

• Online Armor for the most parts fine for most users, though some find it a little heavy.

• PrivateFirewall, http://www.privacyware.com/personal_firewall.html

• Outpost Free Suite 7, which should still provide good protection, http://free.agnitum.com/. Whilst this is a suite, when you install it, it detects avast and asks if you have it installed, answering Yes will mean it doesn’t install the antivirus, anti-spyware and web control modules to maintain compatibility.

PCTools Firewall Plus. This is a relatively user friendly firewall.

+1 for PCTools Firewall.

It has served me well since ZoneAlarm’s demise.