TrojanClicker:Win32/Yabector NOT detected by AVAST!

I am a loyal and longtime user of AVAST. I assume it works and provides good protection…however, today I spent about 3 hours removing a corrupted file found by the on-line Microsoft security scanner, which I found VERY thorough.

In addition to AVAST, I frequently scan my PC with WalwareBytes Anti-malware scanner, which I update all the time…and JUST before a scan. I also scan frequently with SuperAntispyware. I also run ThreatFire, SBS&D, Spyware Terminator, and Spyware Blaster.

In spite of all the boots and suspenders, the Microsoft scan found something that a) wasn’t prevented and b) was not found when it entered my PC. Hmmmmmmm…

FYI the corruption was in a restore point file in the (hidden) C:\system volume information_restore{2 0255008-7a33-4bca-9586-051d24dddbf8f}\rp667\a0092559.exe

I HIGHLY recommend that users of AVAST and the scanners I use, ALSO try the full scan option at HTTP://onecare.live.com

Additional scans with the MS on-site scanner indicate the infected file is long gone.

Is AVAST not capable of detecting this Trojan? :-\

Best,

Louis

hi Louisaz

NO anti-virus can detect 100%, sooner or later one will miss some sample

sent malware sample to avast.

password compress file to virus@avast.com

You could be right, Louisaz, and it would be difficult to know otherwise, given the reported infection is in a restore point, and therefore difficult to research without activating the restore point.

But did you consider, before suggesting that all Avast users scan with Onecare, the possibility that it may have been a false detection?

BTW your “belts and braces” approach is, I think, a bit OTT. There comes a point where the tiny extra percentage of protection you might achieve is pretty much nulified by the possibility of a program conflict/ bogged down system. Especially if you use the HIPS in ST alongside Threatfire - a redundant choice, I think.

More is not always more. Layers are the key. You have at least two realtime apps covering the same layer.

After lengthy discussions with Microsoft security techs, I am now changing my prior, multi-layer approach.

I agree with you that there is (in effect) a law of dimishing returns that will set in when one attempts to use duplicate, active defensive programs – as I was doing.

And, yes, the allegedly corrupted file could have been a false positive. :-\

After researching Microsoft’s MSE, decided to install it, which I did without a hitch. So far so good. I am also retaining ThreatFire, which I have had installed for some time on several PCs without any issues. TF and MSE are running without any apparent conflicts.

I will say goodbye to AVAST for the time being. :cry:

IMHO it is an excellent first line of defense, and if the MSE/TF combo doesn’t work out, I will return to AVAST.

Louis

With avast?
Two antivirus at a time would conflict sooner or later.
MSE could catch avast temporary files and avast block the MSE ones.
Sometimes both will detected a malware, sometimes none!!!

http://forum.avast.com/index.php?topic=49846.msg422816#msg422816

You can use MSE as on-demand only.

@Louisaz

Infections in restore point files are nothing to worry about.

I do not know your operating system but an easy way to clean restore points is to open Windows Explorer (Windows key + E) then right click on Local Disk (C:) then Properties then Disk Cleanup then More Options then Clean up… in System Restore