w32.wimad [drp] query

My brother said that avast detected a few files called w32.wimad from a p2p program, he said he pressed abort connection yet some appear to have downloaded anyway and upon further investigation were still present on my system. When I scanned them they were picked up and I sent them to chest, what worries me is that although he pressed abort connection they still made it through and I’m confused as to why standard shield didnt pick them up (although p2p shield should have stopped them)

Is there a way of checking what actions were taken as a result of a detected threat so I can double check my brothers info against a log of some kind?

Howdy sanctuaryforever,

Let him read this: http://forum.kaspersky.com/lofiversion/index.php/t19679.html
And then he might understand the threats he has his computer allowed to run, and learn better security attitudes. P2P is lively dangerous and a sure way to get criminal malware and/or official malware onto your PC, because certain parties (old media interests etc.) do not favour these kind of activities, to put it mildly…

Fake codecs. wma findings, give us a hjt logfile of the infected computer, before you clear other things,
download hijt here: http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/
Attach the logfile txt as an attachment to your next posting,

Furthermore look for traces inside: C:\Users\Owner\Music\Top of Charts; C:\Users\Owner\Music\Rare Recording; C:\Users\Owner\AppData\Local\Temp\iuhgpxbw.dll and xdnplvsu.dll or pwulbmjk.dll or similar, C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 …UPX-file;

Use temporal file cleaners like ATF Cleaner and ClearProg,

polonus

There is a topic in the forums were either Vlk or Igor explains that the web shield does abort the connection, but that some browsers, might complete the download. Also if they happen to use a download manager, that is effectively operating under a different set of rules and may not obey or even know about the http aborted connection.

Having said that you said they were using a P2P app yet pressed abort connection which I thought was the preserve of the web shield and the p2p app would also be trying to finish the download.

Since there is a distinct lack of information (P2P app, infected file name and location, etc.) we can’t really say much other than to speculate.

regarding what you said above will this be improved upon in future and allow abort connection to be more effective at stopping downloads?

How can it be, avast can’t control how the browser or download manager is programmed, it has done as it said on the tin ‘aborted’ the connection what the browser or download manager chooses to do, e.g. continue regardless.

I also can’t say if or how it might be improved on, I’m just an avast user like yourself, I’m only reporting what has been said.

I wasnt intending to sound like I was bad mouthing avast, I am just trying to piece together a series of events, sorry for any offence caused

thankyou for your explanation though

No offence taken ;D

One last thing does Avast log what actions someone has taken regarding an infection or does it only show that one was detected?

It doesn’t record actions taken only detection information.

You can see what is recorded in the avast log viewer, warning section or open the C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log file using note pad (where the info comes from to be displayed in the warning section of the log viewer).