We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
re-avast5
joe134
Posts: 3,336 Forumite
in Techie Stuff
Hi, I changed from AVG to Avast5 last night, reluctantly, scanned twice and no infections found. However, malware bytes found Trojan Dropper this morning, so either, it got on during change over, os has Avast let it through?Is it a virus, and therefore should have been detected by Avast, or Malware, which Avast doesn,t detect?Or is Avast not as good as good as it claimed to be,cannot remember last time I had a trojan on with avg, never used pc during scans;
0
Comments
-
well after a quick google it appears a dropper is a peice of malware designed to allow the instalation of other bits of software or back doors into your system,
its a difficult one really with virus scanners (also had you done a malwarebytes scan before you uninstalled AVG with the same definitions?) because no virus scanner is 100% effective and when you consider there are well over 1,000,000 virus's for windows even a drop of 0.1% (so a AV with a 99.9% detection rate) will still let over 1000 virus's passedDrop a brand challenge
on a £100 shop you might on average get 70 items save
10p per product = £7 a week ~ £28 a month
20p per product = £14 a week ~ £56 a month
30p per product = £21 a week ~ £84 a month (or in other words one weeks shoping at the new price)0 -
Hi Gonzo, YesI did malwarebytes scan before installing Avast, it,s on this site with Hijackthis log.I do a scan using malwarebytes every day, I looked it up on google too. The thing is, has it come via back door, and has it dropped its load, if it had one?well after a quick google it appears a dropper is a peice of malware designed to allow the instalation of other bits of software or back doors into your system,
its a difficult one really with virus scanners (also had you done a malwarebytes scan before you uninstalled AVG with the same definitions?) because no virus scanner is 100% effective and when you consider there are well over 1,000,000 virus's for windows even a drop of 0.1% (so a AV with a 99.9% detection rate) will still let over 1000 virus's passed0 -
well i am sure someone will come up with another idea to check your system but i would personally expect that it probably hasnt otherwise malwarebytes would have probably picked up the other bits.
if you are worried you could always do a system restore to try and get rid of any changes it might have made if any, you could also try Avira instead of Avast as it does have one of the best detection rates and i have a funny feeling you probably wont be able to trust Avast in the forseable future anyway, personally i have never had a problem with Avast when i have been working in windows (use Ubuntu most of the time anyway) but then again it is a numbers game as stated above even the best anti virus with a 99.9% detection rate will still miss over 1000 virus'sDrop a brand challenge
on a £100 shop you might on average get 70 items save
10p per product = £7 a week ~ £28 a month
20p per product = £14 a week ~ £56 a month
30p per product = £21 a week ~ £84 a month (or in other words one weeks shoping at the new price)0 -
Thanks gonzo, I ,ll keep looking to see if it,s dropped anything, probably not.If I do change, I think I,ll go back to AVG.no problems at all with it.Just thought I would see how Avast did .Should have known better, stick with what you know.My daughter has Avira, paid for version, I had her pc last week , riddled, not updated, although auto updates activated, thats twice I,ve done it.So don,t think that,s on.Pitty you cannot have 2 on, and switch between them.Not in their interests I suppose.:beer:well i am sure someone will come up with another idea to check your system but i would personally expect that it probably hasnt otherwise malwarebytes would have probably picked up the other bits.
if you are worried you could always do a system restore to try and get rid of any changes it might have made if any, you could also try Avira instead of Avast as it does have one of the best detection rates and i have a funny feeling you probably wont be able to trust Avast in the forseable future anyway, personally i have never had a problem with Avast when i have been working in windows (use Ubuntu most of the time anyway) but then again it is a numbers game as stated above even the best anti virus with a 99.9% detection rate will still miss over 1000 virus's0 -
Run one of these online scanners as a further viri test .
Jotti.org
This service allows you to upload a file and have it scanned by 20 or so know virus scanners. Maximum file size 10 MB
http://virusscan.jotti.org/
Trend Micro's FREE online virus scanner
http://housecall65.trendmicro.com/
BitDefender Online Scanner
Requires IE 4+ or better
http://www.bitdefender.com/scan8/ie.html
Kaspersky Lab Virus Scanner
http://www.kaspersky.com/virusscanner
F-Secure Online Scanner
Supported web browsers:
Internet Explorer 6.0 or higher
http://support.f-secure.com/enu/home/ols.shtml
ESET Online Scanner
Internet Explorer (IE) 5.0 or later
http://www.eset.com/onlinescan/index.php
jje0 -
Open malwarebytes, goto LOGS and post the WHOLE of the last log
Please post a link to where you downloaded Avast from
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
If you get a message that you cant write to the hosts file then Press the SHIFT key, and whilst holding it RIGHT CLICK and select RUN AS (admin):idea:0 -
Malwarebytes' Anti-Malware 1.46Open malwarebytes, goto LOGS and post the WHOLE of the last log
Please post a link to where you downloaded Avast from
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
If you get a message that you cant write to the hosts file then Press the SHIFT key, and whilst holding it RIGHT CLICK and select RUN AS (admin)
www.malwarebytes.org
Database version: 5079
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
09/11/2010 13:02:39
mbam-log-2010-11-09 (13-02-39).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 231976
Time elapsed: 1 hour(s), 1 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
alwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5079
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
09/11/2010 11:15:58
mbam-log-2010-11-09 (11-15-58).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 232601
Time elapsed: 1 hour(s), 8 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Acer\AcerReg\EMEAREG\SETUP.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.0 -
Logfile of Trend Micro HijackThis v2.0.4Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5079
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
09/11/2010 13:02:39
mbam-log-2010-11-09 (13-02-39).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 231976
Time elapsed: 1 hour(s), 1 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
alwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5079
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
09/11/2010 11:15:58
mbam-log-2010-11-09 (11-15-58).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 232601
Time elapsed: 1 hour(s), 8 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Acer\AcerReg\EMEAREG\SETUP.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.
Scan saved at 15:55:44, on 09/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1220527232\ee\aolsoftware.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\joe\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\AOL 9.0 VRb\waol.exe
C:\Program Files\AOL 9.0 VRb\shellmon.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\System32\osk.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1220527232\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9034 bytes
Cheers EriK0 -
why are you going back to avg, that didn't find anything either, neither did spybot/rapport which are churning away slowing things down without any benefit. avast has the best detection rates and lightest footprint of any free ones, as already explained, no antivirus finds everything, it may even be a false positive, or undetected due to out of date signatures.!!
> . !!!! ----> .0 -
Hi jj, Thanks very much. Tried Bitdefender, failed.UsedEset, no problems, nothing found.Good things I never new about, for a snapshot scan.save eset, may need again.:beer:Run one of these online scanners as a further viri test .
Jotti.org
This service allows you to upload a file and have it scanned by 20 or so know virus scanners. Maximum file size 10 MB
http://virusscan.jotti.org/
Trend Micro's FREE online virus scanner
http://housecall65.trendmicro.com/
BitDefender Online Scanner
Requires IE 4+ or better
http://www.bitdefender.com/scan8/ie.html
Kaspersky Lab Virus Scanner
http://www.kaspersky.com/virusscanner
F-Secure Online Scanner
Supported web browsers:
Internet Explorer 6.0 or higher
http://support.f-secure.com/enu/home/ols.shtml
ESET Online Scanner
Internet Explorer (IE) 5.0 or later
http://www.eset.com/onlinescan/index.php
jje0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.4K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards