Avast Doesn't Block XP Defender malware (ave.exe)

Discussion in 'Spyware' started by David Kaye, Apr 3, 2010.

  1. David Kaye

    David Kaye Guest

    My main computer got a drive-by infection of AVE.EXE earlier today. The first
    thing I heard about it was Windows warning me that the firewall had been
    turned off. Then I got a "scan" from "XP Defender". The offender is ave.exe.
    I rolled back the registry and eliminated it, but I'm rather pissed that
    the latest Avast did not see it at all. Avast has normally been very good
    about checking out programs (exe, dll, etc) and blocking them if suspicious,
    but this one sailed right through. It launched as an app and it showed up as
    ave.exe in the task manager. How'd it get in?

    Also, if anybody has a clue as to where I could have gotten it. I had visited
    some rather innocuous websites, didn't click on any downloads, didn't install
    any updates to anything. Windows did not warn me about any exe downloads,
    either.

    I'm stymied.
     
    David Kaye, Apr 3, 2010
    #1
    1. Advertisements

  2. Were you running as administrator at the time of the "attack"?

    It is possible, while browsing to a legitimate site, to get redirected
    to a site that launches several browser exploits aimed at executing a
    rogue application on your machine. When such a site is able to cause a
    download, the downloadable file may be changed programatically
    (server-side) to avoid detection by your antimalware component. Similar
    to the way a virus can be self-polymorphic - a downloaded program file
    can take many forms.
     
    FromTheRafters, Apr 3, 2010
    #2
    1. Advertisements

  3. Avast is an antivirus application not an antimalware application. That said
    the latest version is 5 do you have that version, mine detects it.


    --
    The Real Truth http://pcbutts1-therealtruth.blogspot.com/
    *WARNING* Do NOT follow any advice given by the people listed below.
    They do NOT have the expertise or knowledge to fix your issue. Do not waste
    your time.
    David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
     
    The Real Truth MVP, Apr 3, 2010
    #3
  4. David Kaye

    gufus Guest

    Hello, The!

    You wrote on Sat, 3 Apr 2010 07:49:11 -0700:

    | Avast is an antivirus application not an antimalware application. That
    | said the latest version is 5 do you have that version, mine detects it.

    Yep... to be safe, people /need/ both. I use MS Defender @ Avira.

    Good coverage IMHO
     
    gufus, Apr 3, 2010
    #4
  5. David Kaye

    gufus Guest

    Hello, Dustin!

    You wrote on Sat, 03 Apr 2010 18:57:10 GMT:

    DC> You don't need or want the stolen cobbled script of junk Chris panders
    DC> here. He's already got one sucker (BD), don't become his next one.

    Ah...
     
    gufus, Apr 3, 2010
    #5
  6. David Kaye

    gufus Guest

    Hello, David!

    You wrote on Sat, 03 Apr 2010 20:48:23 GMT:

    DK>DK>
    DK> Avast is an anti-malware app. It is extremely good otherwise at
    DK> detecting problems. To say that it is solely anti-virus indicates that
    DK> you don't know what a virus is.

    Hehehe...
     
    gufus, Apr 3, 2010
    #6
  7. What part of "That said the latest version is 5 do you have that version,
    mine detects it." don't you understand?
    Avast antivirus software provides complete virus protection for your
    computer. The antivirus engine is complemented by an anti-spyware module.
    Where on this page asshole does it say Avast Anti-malware as opposed to
    Avast Antivirus http://www.avast.com/security-software-home-office



    --
    The Real Truth http://pcbutts1-therealtruth.blogspot.com/
    *WARNING* Do NOT follow any advice given by the people listed below.
    They do NOT have the expertise or knowledge to fix your issue. Do not waste
    your time.
    David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
     
    The Real Truth MVP, Apr 3, 2010
    #7
  8. David Kaye

    gufus Guest

    Hello, The!

    You wrote on Sat, 3 Apr 2010 13:14:32 -0700:


    TRT> module. Where on this page asshole does it say Avast Anti-malware as
    TRT> opposed to Avast Antivirus
    http://www.avast.com/security-software-home-office

    Temper... temper..
     
    gufus, Apr 3, 2010
    #8
  9. David Kaye

    David Kaye Guest

    Running XP Pro with a default user with admin privileges.
    Using OpenDNS as the DNS. Using Windows Firewall and Avast. I checked
    filedates in various directories and didn't see much other than ave.exe and
    its entries in the registry. It was actually fairly simple to get rid of,
    having dealt with it before on customer machines.
    What's eating me is that the program launched with a window that was clearly
    detectable in Task Manager as ave.exe, and yet while Avast was running it
    simply didn't see the program.

    After rolling back the registry 5 days manually (booting up with BART-PE) I
    then ran XP in regular mode and scanned with MalwareBytes. MB immediately saw
    it. (I'm using the freebie MB, so it does no realtime scanning). Avast
    still didn't see it even after I ran the drive scan option. And I have the
    latest Avast update.
     
    David Kaye, Apr 3, 2010
    #9
  10. David Kaye

    David Kaye Guest

    Avast is an anti-malware app. It is extremely good otherwise at detecting
    problems. To say that it is solely anti-virus indicates that you don't know
    what a virus is.
     
    David Kaye, Apr 3, 2010
    #10
  11. David Kaye

    Peter Foldes Guest

    Finally you got it

    --
    Peter

    Please Reply to Newsgroup for the benefit of others
    Requests for assistance by email can not and will not be acknowledged.

     
    Peter Foldes, Apr 3, 2010
    #11
  12. From: "gufus" <>

    | Hello, The!

    | You wrote on Sat, 3 Apr 2010 13:14:32 -0700:


    TRT>> module. Where on this page asshole does it say Avast Anti-malware as
    TRT>> opposed to Avast Antivirus
    | http://www.avast.com/security-software-home-office

    | Temper... temper..

    Avast 5; Same signatures, different engine.
     
    David H. Lipman, Apr 3, 2010
    #12
  13. From: "David Kaye" <>


    | For the record "the lastest version" means exactly that, 5.0.462. I'm
    | wondering what part of "latest version" people don't understand.

    | Anyhow, back to our story...MB found it, Avast didn't. The ave.exe malware
    | program has been out there for some time. I first saw it almost a year
    | ago. I'm really surprised and disappointed that Avast didn't see it, and I'm
    | inclined to rethink whether I should encourage my customers to use it.


    I wonder how Avira AntiVir would have done in its place.
     
    David H. Lipman, Apr 3, 2010
    #13
  14. David Kaye

    gufus Guest

    Hello, David!

    You wrote on Sat, 3 Apr 2010 17:31:00 -0400:

    DHL> I wonder how Avira AntiVir would have done in its place.

    I would have shiped it to http://www.virustotal.com/
     
    gufus, Apr 3, 2010
    #14
  15. Did you notice how everyone keeps avoiding your question about the quality
    of my software. It's been asked many times and not by you but never
    answered.


    --
    The Real Truth http://pcbutts1-therealtruth.blogspot.com/
    *WARNING* Do NOT follow any advice given by the people listed below.
    They do NOT have the expertise or knowledge to fix your issue. Do not waste
    your time.
    David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
     
    The Real Truth MVP, Apr 3, 2010
    #15
  16. David Kaye

    David Kaye Guest

    That's it. Into the killfile you go. Have fun talking to yourself.
     
    David Kaye, Apr 3, 2010
    #16
  17. David Kaye

    gufus Guest

    Hello, David!

    You wrote on Sat, 3 Apr 2010 17:20:08 -0400:

    TRT>>> opposed to Avast Antivirus
    |> http://www.avast.com/security-software-home-office
    DHL>
    |> Temper... temper..
    DHL>
    DHL> Avast 5; Same signatures, different engine.

    Ah....
     
    gufus, Apr 3, 2010
    #17
  18. Probably for the same reason why he can't fix his clock, user error.



    --
    The Real Truth http://pcbutts1-therealtruth.blogspot.com/
    *WARNING* Do NOT follow any advice given by the people listed below.
    They do NOT have the expertise or knowledge to fix your issue. Do not waste
    your time.
    David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
     
    The Real Truth MVP, Apr 3, 2010
    #18
  19. David Kaye

    gufus Guest

    Hello, David!

    You wrote on Sat, 03 Apr 2010 22:28:50 GMT:

    DK>
    DK> For the record "the lastest version" means exactly that, 5.0.462. I'm
    DK> wondering what part of "latest version" people don't understand.

    Easy.. easy David

    BTW, check your setup, your clock is wrong.
     
    gufus, Apr 3, 2010
    #19
  20. David Kaye

    gufus Guest

    Hello, The!

    You wrote on Sat, 3 Apr 2010 15:11:33 -0700:

    TRT> Probably for the same reason why he can't fix his clock, user error.

    <grin>
     
    gufus, Apr 3, 2010
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.