very annoying!

its not the first time…:
after a file is scannad at jotti and avast finds problem x, then you do search “here” and nothing is found. in this case avast found something it calls Win32:Tysin ??? and i wanna know more about Win32:Tysin :stuck_out_tongue:
http://www.asw.cz/i_kat_66.php?lang=ENG

and no, its not on my computer

What exactly do you mean?
Are you saying that avast! scanner at Jotti finds a malware, but locally installed avast! doesn’t detect anything in that file? If yes, what is the exact version of avast! (locally) installed and how exactly do you scan the file?

I believ that 927 is saying there is no information on ‘Win32:Tysin’ using the avast.com web site search (the link given above).

@ 927
Unfortunately there is no common virus naming convention for virus names so what is picked up by another AV may well calle it comething different, an alias.
A google search for Win32:Tysin returns a couple of hits, in one there is a Jotti listing which shows other aliases.

INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 0aa3f3fd19c7fb7e9ec0521f203ac067 Packers detected: - Scanner results AntiVir Found Trojan/Fasiat ArcaVir Found nothing Avast Found Win32:Tysin AVG Antivirus Found nothing BitDefender Found Trojan.VB.AE ClamAV Found nothing Dr.Web Found Trojan.Landa F-Prot Antivirus Found nothing Fortinet Found W32/VB.AB Kaspersky Anti-Virus Found Virus.Win32.VB.ab NOD32 Found Win32/VB.NBE Norman Virus Control Found nothing UNA Found nothing VBA32 Found nothing

However, if you were to do a search for some of the other names given by the other AVs then you may well find more information. The Win32.VB.ab alias seems to return much more information.

yes the real good av’s has lot of info on certain virus or trojans (when you do a search on the website)

you are a long way from this
http://www.viruslist.com/en/index.html

but since avast is free i don’t complain (much) :-X

927, every rule has an exception… :wink:

Just because detailed information isn’t available on the web site doesn’t mean avast isn’t a good AV. Some of those that provide detailed information miss stuff that is picked up by avast.

Not to mention the information is out there, so devoting a team to this task would take people of the active development of avast.

There are many free products but I personally don’t choose something just because it is free, it has to be up to the job and if it happens to be free that is a bonus.

Welcome to the forums and avast!

yes but you want the hole package, not just a name when you are infected

what do “you” call blackworm/kama sutra/nyxem?

Well I believe we already have a whole package… just try to find some free help at some other antivirus forum (if there is any provided for freeware version of the program). Virus naming doesn’t mean anything when it comes to protecting part of the job, it’s just an info, nothing else. Since avast! was installed first time on all my machines, term virus is unknown term here. That’s what counts.

when a trojan is found you wanna know how you got it, is it dangerous, what it did do, how can i fix it. some of them are really nasty!

if you think this is “just info” it’s sad

http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bankash.g.html

symantec don’t have the “hole package” since nav sucks when it comes to find and preventing malware, big time, but the info is good.
avast is much better at this and offcourse is this way more important but information is still important

It is not sad… it is the fact that most people don’t even look at those information, they simply want to be protected. Do not forget that most people are still “normal” users without some extensive computer knowledge. They need a good antivirus, and they got it. :wink:


I have to agree with Tesla. Although I’ve messed with computers for 25+ years, security is the main thing with my computer these days and I could really care less what the name of the virus is nor what each av program calls it. ::slight_smile:

927, perhaps you think you need to know a virus name simple because you are use to an inferior av program with which you had to know or else you could not remove the infection it let in. ???

My main concern is that it is stopped before it does damage. AND, that is exactly what Avast! does and has done for more than 2 years for me. :slight_smile:


Logfile of HijackThis v1.99.1
Scan saved at 10:29:56, on 2006-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\SwiftBtn\SwiftBtn.EXE
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wmitra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wmitra.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\Program\Messenger\msmsgs.exe
C:\Documents and Settings\Margareta\Skrivbord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.svt.se/texttv/202.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 222.89.98.219 www.wo365.com
O1 - Hosts: 222.89.98.219 cmfu.com
O1 - Hosts: 222.89.98.219 www.cmfu.com
O1 - Hosts: 222.89.98.219 9i0.com
O1 - Hosts: 222.89.98.219 www.9flash.com
O1 - Hosts: 222.89.98.219 9flash.com
O1 - Hosts: 222.89.98.219 www.nowok.net
O1 - Hosts: 222.89.98.219 nowok.net
O1 - Hosts: 222.89.98.219 wisa.com.cn
O1 - Hosts: 222.89.98.219 www.sia.com.cn
O1 - Hosts: 222.89.98.219 www.wisa.cn
O1 - Hosts: 222.89.98.219 wisa.cn
O1 - Hosts: 222.89.98.219 www.zhao99.com
O1 - Hosts: 222.89.98.219 zhao99.com
O1 - Hosts: 222.89.98.219 www.wo123.com
O1 - Hosts: 222.89.98.219 wo123.com
O1 - Hosts: 222.89.98.219 wo99.com
O1 - Hosts: 222.89.98.219 www.wo99.com
O1 - Hosts: 222.89.98.219 www.page.com.cn
O1 - Hosts: 222.89.98.219 page.com.cn
O1 - Hosts: 222.89.98.219 www.432.cn
O1 - Hosts: 222.89.98.219 432.cn
O1 - Hosts: 222.89.98.219 wysw.com
O1 - Hosts: 222.89.98.219 14.com.cn
O1 - Hosts: 222.89.98.219 www.14.com.cn
O1 - Hosts: 222.89.98.219 cnww.net
O1 - Hosts: 222.89.98.219 www.mv99.com
O1 - Hosts: 222.89.98.219 mv99.com
O1 - Hosts: 222.89.98.219 www.youav.com
O1 - Hosts: 222.89.98.219 www.mtvav.com
O1 - Hosts: 222.89.98.219 www.98983.com
O1 - Hosts: 222.89.98.219 98983.com
O1 - Hosts: 222.89.98.219 www.114.com.cn
O1 - Hosts: 222.89.98.219 114.com.cn
O1 - Hosts: 222.89.98.219 www.net114.com
O1 - Hosts: 222.89.98.219 www.skywz.com
O1 - Hosts: 222.89.98.219 skywz.com
O1 - Hosts: 222.89.98.219 www.hao6.com
O1 - Hosts: 222.89.98.219 hao6.com
O1 - Hosts: 222.89.98.219 www.678a.com
O1 - Hosts: 222.89.98.219 678a.com
O1 - Hosts: 222.89.98.219 www.7510.com
O1 - Hosts: 222.89.98.219 7510.com
O1 - Hosts: 222.89.98.219 www.zzkan.com
O1 - Hosts: 222.89.98.219 zzkan.com
O1 - Hosts: 222.89.98.219 www.ca183.com
O1 - Hosts: 222.89.98.219 ca183.com
O1 - Hosts: 222.89.98.219 3tom.com
O1 - Hosts: 222.89.98.219 www.yhjm.com
O1 - Hosts: 222.89.98.219 yhjm.com
O1 - Hosts: 222.89.98.219 www.k369.com
O1 - Hosts: 222.89.98.219 www.xxwww.com
O1 - Hosts: 222.89.98.219 xxwww.com
O1 - Hosts: 222.89.98.219 www.fm1000.net
O1 - Hosts: 222.89.98.219 fm1000.net
O1 - Hosts: 222.89.98.219 www.ok135.com
O1 - Hosts: 222.89.98.219 ok135.com
O1 - Hosts: 222.89.98.219 www.link999.com
O1 - Hosts: 222.89.98.219 link999.com
O1 - Hosts: 222.89.98.219 www.001wz.com
O1 - Hosts: 222.89.98.219 001wz.com
O1 - Hosts: 222.89.98.219 www.7t7t.com
O1 - Hosts: 222.89.98.219 7t7t.com
O1 - Hosts: 222.89.98.219 www.7k7k.com
O1 - Hosts: 222.89.98.219 7k7k.com
O1 - Hosts: 222.89.98.219 www.webcool.net
O1 - Hosts: 222.89.98.219 webcool.net
O1 - Hosts: 222.89.98.219 www.51sobu.com
O1 - Hosts: 222.89.98.219 51sobu.com
O1 - Hosts: 222.89.98.219 cy.51sobu.com
O1 - Hosts: 222.89.98.219 www.fj3721.com
O1 - Hosts: 222.89.98.219 fj3721.com
O1 - Hosts: 222.89.98.219 www.msncn.com
O1 - Hosts: 222.89.98.219 msncn.com
O1 - Hosts: 222.89.98.219 www.6235.com
O1 - Hosts: 222.89.98.219 6235.com
O1 - Hosts: 222.89.98.219 www.8goo.com
O1 - Hosts: 222.89.98.219 8goo.com
O1 - Hosts: 222.89.98.219 www.baimin.com
O1 - Hosts: 222.89.98.219 baimin.com
O1 - Hosts: 222.89.98.219 www.bwwz.com
O1 - Hosts: 222.89.98.219 bwwz.com
O1 - Hosts: 222.89.98.219 www.howow.net
O1 - Hosts: 222.89.98.219 howow.net
O1 - Hosts: 222.89.98.219 www.tongchi.com
O1 - Hosts: 222.89.98.219 tongchi.com
O1 - Hosts: 222.89.98.219 www.65658.com
O1 - Hosts: 222.89.98.219 65658.com
O1 - Hosts: 222.89.98.219 www.7o7o.com
O1 - Hosts: 222.89.98.219 7o7o.com
O1 - Hosts: 222.89.98.219 5126.net
O1 - Hosts: 222.89.98.219 www.5126.net
O1 - Hosts: 222.89.98.219 www.wangzhiku.com
O1 - Hosts: 222.89.98.219 wangzhiku.com
O1 - Hosts: 222.89.98.219 www.soyeah.com
O1 - Hosts: 222.89.98.219 soyeah.com
O1 - Hosts: 222.89.98.219 www.sowang.cn
O1 - Hosts: 222.89.98.219 sowang.cn
O1 - Hosts: 222.89.98.219 www.77177.com
O1 - Hosts: 222.89.98.219 77177.com
O1 - Hosts: 222.89.98.219 www.look8.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program\E2G\IeBHOs.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll
O4 - HKLM..\Run: [QT4StBtn] C:\Program\SwiftBtn\SwiftBtn.EXE
O4 - HKLM..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [CARPService] carpserv.exe
O4 - HKLM..\Run: [MMSystem] c:\windows\rundll32.exe “c:\windows\system32\mmsystem.dll”“, RunDll32
O4 - HKLM..\Run: [WeatherOnTray] C:\Program\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
O4 - HKLM..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [MsnMsgr] “C:\Program\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [MMSystem] c:\windows\rundll32.exe “c:\windows\system32\mmsystem.dll””, RunDll32
O4 - HKCU..\Run: [WhenUSave] “C:\Program\Save\Save.exe”
O4 - HKCU..\Run: [wmitra] C:\WINDOWS\system32\wmitra.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Date Manager.lnk = C:\Program\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program\Delade filer\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\Program\MSNMES~1\msgrapp.dll” (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

maybe this will get you “fall” down from the high towers…

and if you want i can send you some istbar files i downloaded very easily, whilst avast running :-*


Do not click on any of those active links in that HJT log above. They lead you to China and thousands of cookies (no, not the good Chinese fortune cookies kind) … probably spyware as well. :frowning:

(I am running updated spyware programs now.)

Edit:

No spyware found! 8)

Since istbar is basically adware, it may not be detected by many av programs. You can get removal help for it at this link :

http://www.doxdesk.com/parasite/ISTbar.html


and if you want i can send you some istbar files i downloaded very easily, whilst avast running

Avast is ANTIVIRUS not Antispy ware

Exactly… and btw, 927 remove those links (or at least disable them) from the HijackThis log file. There are many fresh users, tending to click on each and every one link they see. Posting something like that is not recommended.

From your HJT log file
No active firewall was found on your system a firewall will help!!
This is a bit like going out in your car leaving the keys in the ignition the doors unlocked
and expecting to come back and find your car just how you left it!! Ha Ha fat chance!!