Please see the mcafee STINGER log. It found Sdbot. During the scan Avast resident was active (4.6.691) VPS -0536.1. So it also checked the files that stinger scanned. Moreover System32 folder is marked for scan when avast screensaver starts. But still it wasn’t found :-[
McAfee AVERT Stinger Version 2.5.6 built on Aug 16 2005
Copyright (C) 2005 Networks Associates Technology, Inc. All Rights Reserved.
Virus data file v1000 created on Aug 16 2005.
Ready to scan for 54 viruses, trojans and variants.
Why should the user do this?
You may block all downloads of *.pif files in Avast webshield.
.pif files should be a problem...
There is a great variety of malware using the .pif and .scr extensions and they are often not the same in spite of having the same full file name.
The file update.pif I mentioned seems polymorphic (filelenght changes from 153 -160 kB) and is totally inaccessible by even medium level tools. It generates an (unknown) Read/Write error to prevent being examined. I succeeded to remove this one quite easily, but this may not be the case with newer versions. For this reason, it is advisable to block these files sothat they cannot enter the system. Fortunately, Avast’s webshield is capable to do this.
I don’t see that many legitimate purposes for a .pif file being downloaded from the internet, I thought the old Program Information File (.pif) had more or less died as these were used primarily with older programs in say win95 era?
The fact that a .pif file is effectively an executable to setup a program, I wouldn’t want it to be downloaded easily. If you genuinely needed to download a .pif file then you can by temporarily disabling web shield.
How to disable pif files download in Outpost firewall. I tried to look up interactive elements (or active elements - I’m not sure about english name of this module - I’m using russian version of outpost) but create new filter field is not active.
You need only add the *.pif to the Web Shield URL Blocking section nothing needs to be done in your firewall, but I’m sure that it must be possible in Outpost Pro if you really wanted to do it in the firewall.
See ‘Adding a Site to the Block List’ in the Outpost help file.
It is not necessary to add "*" symbols in the word you enter because the Content Blocking plug-in will search the whole URL for the string you have entered. For example, if you add "explosive " the following sites will be blocked www.how-to-make-explosive.com, www.explosive.com , www.explosivetutorial.net and all others that have the "explosive" sub-string in their addresses.