igor0
32
A few notes to the original question:
I’ll check the corresponding code when I get back to work, but I believe avast! would never allow an infected program to execute. Of course, it may fail detecting a (new) virus, but if it detects the virus, it will deny access to it. There’s no “Continue” button that would allow it.
I can check if this “Agent” client (where can it be downloaded from, btw?) doesn’t use some special method to execute its attachments, but I really doubt it (I think all the possible methods are covered now; and even if they weren’t, avast! wouldn’t detect the virus - and it did).
To me, it seems more likely that the Swen worm was active before (it could have been started before avast) - and the warning was given by avast! at the moment it was trying to spread (execute another instance of itself, maybe?)
That wouldn’t explain how Swen could have got to the computer in the first place, of course… ???