Jump to content

Why is the lo-fi version of this forum infested with a trojan program?

Miracle

By Miracle
in The Lounge

 Share

Recommended Posts

Anthony A

Anthony A

Posted
Posted
Strange. :huh:

I don't know if my two download managers make a difference or not DownThemAll, and Orbit Downloader which are both plugged into Firefox as an extension, I don't see how they could but I don't know for sure.

Well according to some of the people on the Firefox and AVG forum what I experienced is normal :blink: It has something to do with how FF handles downloads compared to IE. The mod on the AVG forum says that AVG doesn't scan the download from the internet. It detects the infection from files already on the machine. On the Firefox forum they say that they get the same results as me and that it supposed to be that way. In FF3 it will use your AV to scan downloads. Hmm

 

Maybe your download managers do change the way AVG detects the downloads?

Link to comment
Share on other sites
JDPower

JDPower

Posted
Posted
Well according to some of the people on the Firefox and AVG forum what I experienced is normal :blink: It has something to do with how FF handles downloads compared to IE. The mod on the AVG forum says that AVG doesn't scan the download from the internet. It detects the infection from files already on the machine. On the Firefox forum they say that they get the same results as me and that it supposed to be that way. In FF3 it will use your AV to scan downloads. Hmm

 

Maybe your download managers do change the way AVG detects the downloads?

I went through this exact same thing a while back Dennis. I found the solution was to go into AVG Control centre, right click the resident shield, select properties and tick the box for 'On close scanning'. (Apparently it's not enabled by default because it can be slightly resource hungry on some systems, no problem on two different computers here though)

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted
I went through this exact same thing a while back Dennis. I found the solution was to go into AVG Control centre, right click the resident shield, select properties and tick the box for 'On close scanning'. (Apparently it's not enabled by default because it can be slightly resource hungry on some systems, no problem on two different computers here though)

The AVG resident shield on my system is in the factory default settings - I haven't changed anything after figuring out it was the reason all those big 41mb plus .AVG files were appearing in AVG's application data folder. I'm wondering if that Firefox tweaker FireTune had something to do with, I really have no ideal.

 

This is the AVG resident shield settings I'm using (I think they're the defaults):

avg_resident_shield_settings_thumb.png

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted

The plot thickens with more utter strangeness, because when I go to download the EICAR test virus either as a .com, .txt, or .zip file AVG Free doesn't spring into action, and allows it to download. :huh:

 

Edit: Change that, when actually allowing the download to start AVG does detect it. But when I checked the lo-fi version of the forum yesterday when that .exe file tried to automatically download AVG sprang into action before I could click anything in Firefox at all. This is making my head hurt.

Link to comment
Share on other sites
Anthony A

Anthony A

Posted
Posted
The AVG resident shield on my system is in the factory default settings - I haven't changed anything after figuring out it was the reason all those big 41mb plus .AVG files were appearing in AVG's application data folder. I'm wondering if that Firefox tweaker FireTune had something to do with, I really have no ideal.

 

This is the AVG resident shield settings I'm using (I think they're the defaults):

avg_resident_shield_settings_thumb.png

 

Those are the defaults. I have selected scan all files on my AVG installs.

 

I will link the thread I have going on AVG so you cans see what the Mod there is saying. According to him AVG is behaving as it should. He says all AV do it this way.

http://forum.grisoft.cz/freeforum/read.php...2,backpage=,sv=

Link to comment
Share on other sites
Anthony A

Anthony A

Posted
Posted
The plot thickens with more utter strangeness, because when I go to download the EICAR test virus either as a .com, .txt, or .zip file AVG Free doesn't spring into action, and allows it to download. :huh:

 

Edit: Change that, when actually allowing the download to start AVG does detect it. But when I checked the lo-fi version of the forum yesterday when that .exe file tried to automatically download AVG sprang into action before I could click anything in Firefox at all. This is making my head hurt.

 

 

Try downloading the test file in IE. AVG piratically jumps out of the screen when I do this.

 

 

I have tried all versions of that test file in Firefox and Opera 9 multiple times on 3 machines and not once do I get an alert during the download. I downloaded to desktop with no intervention from AVG. If I try to run or open the test file AVG alerts me instantly. With IE, Maxthon, and Opera 8.54 I get AVG alerts as soon as I attempt a download. It seems to me IE's behaviour is safer by allowing AVG to alert immediately.

 

Once I downloaded that test file to desktop I tried a few apps on it. I used the right click context scan of A-squared and it detected nothing. I did the same thing with SAS and it detected nothing. AVG AS right click context menu scan detected the bad file. I turned on the resident protection for Windows defender and downloaded the file again and Defender missed it.

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted
Try downloading the test file in IE.

I just used IE to attempt to download eicar.com, and immediately before I could click anything AVG sprang into action allowing me to deal with it before I even downloaded it.

1. First my download manager Orbit Downloader was going to fetch the file and AVG caught it before I could tell Orbit Downloader where to download the file, so I selected heal which moves it to the virus vault.

2. Then I canceled Orbit Downloader and exited the whole program which then sent the download to the normal IE download window and AVG caught it yet again, and yet again I was able to heal it without actually downloading anything.

In IE's case it had already downloaded eicar.com into Temporary Internet Files, according to the AVG Virus Vault.

 

With that Trojan yesterday Firefox had already gotten approximately 28 bytes of the file and AVG caught it, according to the AVG Virus Vault.

 

Edit: What that mod is stating on that forum makes no sense to me. If anti-virus can't detect what's in a web page then what the hell is the use of having real-time protection. Then again maybe I'm reading what he stated incorrectly.

Link to comment
Share on other sites
Anthony A

Anthony A

Posted
Posted
I just used IE to attempt to download eicar.com, and immediately before I could click anything AVG sprang into action allowing me to deal with it before I even downloaded it.

1. First my download manager Orbit Downloader was going to fetch the file and AVG caught it before I could tell Orbit Downloader where to download the file, so I selected heal which moves it to the virus vault.

2. Then I canceled Orbit Downloader and exited the whole program which then sent the download to the normal IE download window and AVG caught it yet again, and yet again I was able to heal it without actually downloading anything.

In IE's case it had already downloaded eicar.com into Temporary Internet Files, according to the AVG Virus Vault.

 

With that Trojan yesterday Firefox had already gotten approximately 28 bytes of the file and AVG caught it, according to the AVG Virus Vault.

 

Edit: What that mod is stating on that forum makes no sense to me. If anti-virus can't detect what's in a web page then what the hell is the use of having real-time protection. Then again maybe I'm reading what he stated incorrectly.

 

Well I take what the mod said the same as you are. I asked him clearly in one of my posts as you probably read and he said AVG or any AV will not scan the download. It will only scan a file already on the system if you attempt to run or open it. If you want active scanning of downloads you use a AS program.

 

It would seem to me IE7 is safer as far as this issue is concerned. I would prefer to be notified immediately of a bad download not after I download and try to open it.

 

I am curious what others are experiencing with Firefox, AVG AV and that test file. Also how do other AV programs deal with that test file using Firefox to download. I would like to see what happens using Avast AV if you download that test file with Firefox.

Link to comment
Share on other sites
Miracle

Miracle

Posted
  • Author
Posted

Well my Kaspersky internet security 2007 caught all attempt to download any of the test viruses, both in Ie and firefox, its the web antivirus module that will catch the virus, guess AVG dont have such a module, and im happy to see this working flawlessly :-) . The major reason i use KIS is because of its incredible speeds, if keeps a database over what it has scanned in the past, and dont make a full scan of files in the database that seem to be unchanged, making the scanning verry fast, think thats the only program that has that feature, and so far no viruses :-)

Link to comment
Share on other sites
Anthony A

Anthony A

Posted
Posted
Well my Kaspersky internet security 2007 caught all attempt to download any of the test viruses, both in Ie and firefox, its the web antivirus module that will catch the virus, guess AVG dont have such a module, and im happy to see this working flawlessly :-) . The major reason i use KIS is because of its incredible speeds, if keeps a database over what it has scanned in the past, and dont make a full scan of files in the database that seem to be unchanged, making the scanning verry fast, think thats the only program that has that feature, and so far no viruses :-)

 

Read the link I provided to the AVG forum and the thread I started. The mod says all AV work like I have said mine is. I find that hard to believe and you just confirmed it for me. It seems I am safer using IE7 than Firefox as long as I am using AVG AV as perverted as that sounds. May be time to switch. I would like to hear from Avast and Antvir users how there AV handles that test file when Downloaded with Firefox.

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted
Read the link I provided to the AVG forum and the thread I started. The mod says all AV work like I have said mine is. I find that hard to believe and you just confirmed it for me. It seems I am safer using IE7 than Firefox as long as I am using AVG AV as perverted as that sounds. May be time to switch. I would like to hear from Avast and Antvir users how there AV handles that test file when Downloaded with Firefox.

I doubt you're safer using IE7 due to how hooked it is into the system. Perhaps reinstall AVG over what you have now to essentially do a "repair install." I know Kaspersky works as mentioned by Miracle as should any other antivirus without really giving something a "gimmicky/tech name" like web shield or whatever as all executable files (all .htm, scripts, etc. in web pages) will be scanned by any run of the mill antivirus with a resident shield.

Link to comment
Share on other sites
Anthony A

Anthony A

Posted
Posted
I doubt you're safer using IE7 due to how hooked it is into the system. Perhaps reinstall AVG over what you have now to essentially do a "repair install." I know Kaspersky works as mentioned by Miracle as should any other antivirus without really giving something a "gimmicky/tech name" like web shield or whatever as all executable files (all .htm, scripts, etc. in web pages) will be scanned by any run of the mill antivirus with a resident shield.

 

Repair install? Why? Three machines here do it. I don't think I have three corrupt installs. The mod on the AVG forum says that what it's supposed to do. The guys on the Firefox forum say it does that to with AVG when they run the test file. Seems that is how AVG works and there is nothing to repair. The only option is to use another AV app.

 

Didn't you say that AVG gave no alerts on the download of that test file when using Firefox? You were alerted when you tried to open/run the file?

 

Maybe I will try the on close scanning option in AVG and see what happens.

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted
You were alerted when you tried to open/run the file?

I never tried to run the file. AVG detected the eicar.com file immediately, probably because it's an executable file. It didn't detect the eicar.txt or eicar.zip file.

 

Edit: Correction with a better explanation:

It didn't detect the eicar.txt or eicar.zip file. I would've had to download them and actually scan them.

Link to comment
Share on other sites
Anthony A

Anthony A

Posted
Posted

Update. When using the on close scanning option AVG did detect the test file immediately on downloading. It did not detect the zip test file though until you try to open it.

 

Andavari, where did you say that the big files were created in AVG when using the onclose option? I want to keep on eye on this.

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted

AVG 7.5 has an updated cleaning routine that's currently in winapp2.ini that I submitted to TwistedMetal. ;) MrG hasn't got around to putting it in the default winapp.ini yet. :(

 

They're located here, on Windows XP at least:

C:\Documents and Settings\All Users\Application Data\Grisoft\*.AVG

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\*.AVG

Link to comment
Share on other sites
Anthony A

Anthony A

Posted
Posted
AVG 7.5 has an updated cleaning routine that's currently in winapp2.ini that I submitted to TwistedMetal. ;) MrG hasn't got around to putting it in the default winapp.ini yet. :(

 

They're located here, on Windows XP at least:

C:\Documents and Settings\All Users\Application Data\Grisoft\*.AVG

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\*.AVG

 

 

Thank You.

 

Are you using the onclose option in AVG if so that will explain why you get some alerts on download. In one of your previous posts you said AVG alerted you when you downloaded the eicar executable file but not the zip files. That's what is happening with me now with the on close option selected.

Link to comment
Share on other sites
Miracle

Miracle

Posted
  • Author
Posted

Yep, i read it, and he is both right and wrong :-) , since kasperskys web antivirus, is only scanning incomming traffic on a port u choose(default 80) , and i guess its working by making a little buffer before it writes the data to the disc, and therefore can catch any unwanted code in a file, before its written to the disc(depend on the buffer you set(Edit:With Buffer i mean, you can choose how long time is allowed for scanning of data,default is 1 sec)), but it wont scan a whole webpage and all its files(Edit: it will scan the current webpage, but not links), only when you choose to get the file, it will analyze the fragments it will get, so if the virus was big enough i guess it could be transfered to the disc without any warning, though now im examinig how its working, im not sure if its worth the (little) slowdown of internet browsing, since if the file was downloaded, and i try to open it, kaspersky would scan the whole file anyway :-). But im not into all of the algorithme it uses for scanning, and even dont know if i would be more unsafe if kaspersky would first warn me when i try to open the file. But hey i feel pretty safe with all the blocking stuff hehe

Link to comment
Share on other sites
Miracle

Miracle

Posted
  • Author
Posted

For all new commers, that goes straight to the last page, i must add, LO-FI Version of this forum is now clean, thx MrG

 

Quote Post 13:

 

Apologies for this, all fixed now!

 

It looks like this hack crept in at some point. I've checked the rest of the system and it's fine. All the admin and system passwords have been reset for safety.

 

MrG

 

Quote End

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted
Are you using the onclose option in AVG if so that will explain why you get some alerts on download. In one of your previous posts you said AVG alerted you when you downloaded the eicar executable file but not the zip files. That's what is happening with me now with the on close option selected.

I'm not using On Close, because I had figured out that messing with the resident shield settings is what caused all those .AVG files that were appearing far too often.

 

I don't however know what exact setting in the resident shield causes those .AVG files to be created, which is why I've left the resident shield at the default setting and didn't mess with it when I reinstalled AVG Free on August 2, 2007.

Link to comment
Share on other sites
Miracle

Miracle

Posted
  • Author
Posted
For all new commers, that goes straight to the last page, i must add, LO-FI Version of this forum is now clean, thx MrG

 

Quote Post 13:

 

Apologies for this, all fixed now!

 

It looks like this hack crept in at some point. I've checked the rest of the system and it's fine. All the admin and system passwords have been reset for safety.

 

MrG

 

Quote End

 

Meaning, maybe you 2 should start a new thread about why freeware Antiviruses, ain't filled with more options? hehe, let this thread be done, its big enough allready, and its fixed :-)

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted
Meaning, maybe you 2 should start a new thread about why freeware Antiviruses, ain't filled with more options? hehe, let this thread be done, its big enough allready, and its fixed :-)

That's what I was thinking earlier myself.

 

Another forum I visit would have split this thread in a nano second and moved our av discussion into a unique thread all its own, and locked this very thread since MrG fixed the issue with the forums.

 

However if you haven't noticed this forum goes off topic allot. It's unavoidable, and many of us are guilty of doing it on a regular basis which is probably why many people have stayed on this forum for so long as it isn't uptight for the most part.

Link to comment
Share on other sites
Miracle

Miracle

Posted
  • Author
Posted
That's what I was thinking earlier myself.

 

Another forum I visit would have split this thread in a nano second and moved our av discussion into a unique thread all its own, and locked this very thread since MrG fixed the issue with the forums.

 

However if you haven't noticed this forum goes off topic allot. It's unavoidable, and many of us are guilty of doing it on a regular basis which is probably why many people have stayed on this forum for so long as it isn't uptight for the most part.

 

i understand, but as longer you continue the longer away you go from the main topic, it would be better in a anoter thread, also it would be much easier for newcommers to search for their simmilar fault ect. :-) EDIT: i been on such forums, and i hate it, its so difficult to get an answer to ur fault, since u have to read about 100+ post to get the answer :-( , so plz try to understand this, its for everyones good :-) I know ur a bright man, reading almost all ur post, i see you know ur stuff, so, i almost know as much in he pc world as you, even more in some areas :-), but try to keep the forum clean, of info you can gather in a day :-:) Since most ppl, wont be able to comprehend it :-)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept