Virus that Avast! did not detect? Or help out with?

Hey,

Recently, my mother had been using our PC doing some internet browsing - she works from home and utilizes the computer for her work. Anyway, she found a site in google - Vanuatu Whitepages - she had to look up someone from Vanuatu. (This is the site I suspect the malware/virus) came from). After visiting this site (and avast not blocking any connections or doing anything) she tried visiting some of her “usual” sites. Suddenly, she could not access it. Kept coming up with “Firefox cannot find the server”. I tried both with Firefox and IE. Then, I tried with my Laptop (as i thought the site might just be down but wanted to make sure). It was working fine on my laptop. So then…I downloaded a little app that i like using called Trend Micro House Call but everytime i tried running it it kept failing to update itself. So i did some research on this…and it came up with this link:
http://community.trendmicro.com/t5/Home-and-Home-Office-Forum/HouseCall-install-failure/td-p/2163
(post number Four defines the virus/malware as Win32/Alureon.CO

This apparently hinders the effects of Windows Update. So i tried loading the Windows Update Site and it didnt work. So i tried the fix on the site and it worked!

So, if this is the virus (Win32/Alureon.CO):
A: Why did avast! do nothing to stop the connection? (webshield)
B: Stop it from changing TCP/IP Settings without my consent?
C: Why did nothing appear after a boot time scan with Avast! AND a safemode scan with HouseCall?

It makes me feel a bit weird when i find out that the antivirus software that i have used for quite a while still allows these types of things into my PC AND lets them change settings AND doesn’t detect it.

This is the listing from Microsoft about the trojan:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Trojan%3AWin32%2FAlureon.CO&threatid=144686

Hope this helps!

:smiley:

A/B/C/ no security program have 100% detection.
There is something like 50 000 new malware code found daily…so to find it all !!! mission impossible

Check your computer for Malware with

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
after install click update so you have latest database before scan
click the remove selected button to quarantine anything found
you may post the scan log here

Hey,

Here is a scan log from Malware Bytes - confirming the trojan as: Trojan.DNSChanger

Hope this helps!

your log say " No action taken. " you need to scan again and click " remove selected " to quarantine the bug

when done you scan again to see if it comes up CLEAN and problem gone ?

Yes, the malware IS gone - but i mainly started this thread to alert Avast! about it. And for the developers to incorperate it into their next definition.

And for the developers to incorperate it into their next definition.
Then send the sample to virus@avast.com in a password protected zip.file and write the password in the mail

A sample of what?!?!?! I removed the malware. :-\ :-\

Maybe next time…!! :wink:
asyn

Hey,

Thanx anyways guys. Next time i will sample it before i remove it. :smiley:

as Asyn said " Maybe next time" :smiley: