Both of these viruses were added to the database less than a week ago (see http://www.avast.com/i_idt_1404.html ) so it’s quite likely that they got to your hard-disk before that update…
My PC was running for about 10 minutes without any virus alert. I’ve created a link in the start menu for Ashquick with options “*MEMORY” “*STARTUP”, then I’ve launched it, and ( what a surprise ) a virus has been found in an .exe file which was running.
I don’t understand why resident protection hasn’t detected it.
Oh, you can only get this with a ‘boot-time’ scanning… You can schedule one to be sure that avast will scan before anything else is running.
In XP systems (or Windows in general) you cannot control the sequence of the boot and more than this, a virus will do everything to run ‘before’ the antivirus).
Are you using XP? Why don’t you schedule a boot-time scanning with the option of archive scanning?
Sure - but the antivirus has to be active at the moment. When the antivirus is running (and it usually is soon after Windows OS is started), it can scan the started files, detect the viruses in them and deny access (i.e. not allow to start them) when a virus is really detected.
However, if a virus is started before the antivirus, you cannot do much about it. In fact, the virus may do exactly the same thing (and in a simple way, some viruses really do) - scan the started processes and not allow the antivirus programs to be started. Then, the virus simply “wins”.
Otherwise - no, the resident scanner doesn’t do a memory scan when it’s started; it just begins to do its work - background monitoring of started files, transfered e-mail, etc.
If you want an initial memory scan, you can put a link to ashQuick.exe *MEMORY into your Startup.
However, if a virus is started before the antivirus, you cannot do much about it.
Well, if I understand you correctly, that means that IF a virus get’s active BEFORE the resident part of Avast! starts I even don’t get a message at least i.e. that I should do a “Boot time scan” or a “full scan”.
If that’s the case why isn’t then the “initial memory” scan (maybe as an option) implemented in the resident scanner? ???
Of course I understand that a virus that is already resident in memory can’t be removed. But I should at least get a message that I have to take some other action.
I general this would be a good thing. Checking memory before loading other avast! components,or simply starting first (but this is quiet random by Windows itself)
I to think its a great idea and I have been trying to do this but failed miserably.
I started by creating a shortcut (to ashquick.exe) on my desktop and tried to add the option/switch, everything I tried to add in the command of the shortcut’s properties failed.
How do you do this? Can it be done in the Home version?.
“C:\Program Files\Alwil Software\Avast\ashQuick.exe” “*MEMORY”
The *MEMORY parameter causes avast! to scan the operating memory of the computer: the true virtual memory.
“C:\Program Files\Alwil Software\Avast\ashQuick.exe” “*STRT-MEM-SHORT”
The *STRT-MEM-SHORT scans (besides the startup items) the modules loaded in memory: the corresponding files, not the real memory.
While the *MEMORY parameter may catch unknown (packed) variants of viruses that may not be detected on disk (they can be found since the packed file is already unpacked to memory), it may also fail to detect the viruses for which only a packed variant exists (and the VPS does not contain a signature for the unpacked code). Generally, avast! virus database is optimized (and checked) for the file detection - the memory scan is rather a special additional feature.
“C:\Program Files\Alwil Software\Avast\ashQuick.exe” “*STARTUP”
The *STARTUP parameter will scan all startup user accounts items.
“C:\Program Files\Alwil Software\Avast\ashQuick.exe” “*STARTUP-SHORT”
The *STARTUP parameter will scan the current user startup items.
So, if you want a real thorough check of the memory/ startup, I’d rather recommend using both the parameters *STRT-MEM-SHORT and *MEMORY together (or, *MEMORY, *MEMORY-SHORT and *STARTUP for all the user accounts). Like this:
Why can’t the resident scanner to a memory/process scan when it starts? The on-demand scanner does that when you start it, so it shouldn’t be any difficulties making the on-access scanner do that quick scan when it starts - should there.
This would make avast! even better - with little extra programming.
Thanks Technical, for a great explanation of the parameters and there uses with AshQuick.exe. I have gone with your last option quoted above, which is now working in the shortcut path, my error was trying to contain the extra parameters within the speech quotes of the URL path.
Even with the thorough scan options listed the scan doesn’t take very long at all 45 seconds (I don’t have a large amount of programs opening at startup).
I can see from the interest after your explanation, this will be very useful to many others and hopefully become a future option that can be selected within the Resident Shield’s options.
it is possible to made low level service which starts immediately after kernel …
it’s just very complicated to code …
and btw someone said u can’t define order what is started on boot … i got somewhere util which was able sort and set all services starting after kernel …
so it is possible , what matter is HOW HARD is to code it :