Since some weeks ago, AVAST shows strange behavior. Sometimes the AVAST icon on the right taskbar is showing a red round sign with a white bar in the middle. If I open the right-click-menu, it is telling me that on access shield is not running. If I try to activate the shield manually nothing happens, I am not able to activate the shield manually. After restarting the operating system everything’s is looking quite usual and the on access shield is running as it should be.
I think, AVAST is working very fine, last Sunday it shows me a trojan named kaht.exe in the temp directory of my personal folder in user mode - and it was possible to delete this malware.
My operating system: WINDOWS XP HOME, SP2,
Software firewall by Windows XP,
Hardware firewall by an AVM/FritzBox-Router 7141 with phone access over internet.
AVAST version is 4.7.942, virus definitions from yesterday, March, 14, 2007 - updating is working fine.
My latest on demand scans with avast in normal mode and safe mode did not show any malware.
Yesterday scan with Dr. Web did not show malicious results, too.
My access to the internet usally is done in restricted user mode, admin mode I only use to get WINDOWS updates or installing software (or enable the AVAST scan in safe mode).
Well here’s an odd thing. I had done a little research on this yesterday while at work, going to some forums where it was discussed, etc but being careful about the sites I visited (or so I thought). Now my weekly scan reports the following
This was detected by Symantec Corporate (no comments please :(). Problem is, Symantec’s on line scanner won’t scan packed files and these are. Its interesting that this stuff got past my router’s gateway antivirus too (McAfee based signatures).
At least knowing these paths you might be able to find the files manually on your computer. Symantec’s recommended action is to simply delete them.