Undetected virus...

Recently, my computer was infected twice by viruses that went undetected byt Avast. The first one was win32.trojano-1124 and the second one was w32.spybot.worm.

I realised I was infected (probably via a security breach in Windows 2000) when my network icon was blinking like crazy for no apparent reason. I opened a command prompt window and launched “netstat -a” to see that my machine was sanning port 135. I brought my computer at work and the technician scanned it with his Symantec Corporate Edition 10.1 and told me I had win32.trojano-1124 which was not detected by avast. I reinstalled everything from my original CDs (Windows 2000 and Office 2000 - that’s all I use), installed all the latest Windows and Office updates.

The second time, similar scenario, except it was port 445. Again, took again computer to work. This time, technician tells me I am infected by w32.spybot.worm. He asked me if I was running Kazaa or MIRC, but other that Office 2000, I am not running anything else.

How come avast could not detect those two viruses?

Philippe

Not a software is perfect… An antivirus based on signatures needs constant improvement.
If you can, please, send the samples to virus@avast.com and post a link to this thread in the email body.
We’re asking for better detection all the time (http://forum.avast.com/index.php?topic=26293). :-\

You should add to your defences a specialised anti-spyware program which will improve your overall protection.

If you haven’t already got this software (freeware), download, install, update and run it periodically (weekly, etc.).

  1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.
  2. Ad-Aware SE Personal Edition
  3. Spybot Search and Destroy
  4. Spywareblaster Don’t install this until you are clean.

Do you have a firewall, if so what ?

You have to ask yourself what it was that you were doing that put you at risk, it is possible to exercise safe hex and limit exposure. Read How did I get infected in the first place? and follow the advice. Check out the DropMyRights link in my signature.