Trojan Porn-Dialer got Past Two AVs!! HOW????

Hello Forum. I have so much confidence in Avast 4.8 Home and Drive Sentry 3.3.0.4 that I hadn’t run a full scan with Avast in 2 1/2 months. I did run quick scans with SAS and Drive Sentry during that time and all was well. One day recently I decided to download Limewire 5.1. Whatever the latest version is.
Scanned by Avast + Drive Sentry during the download. I downloaded it from a website recommended by Limewire. That should not matter considering I have TWO AVs guarding my downloads! No alarms. No problems.
I will say that a week before that, I TURNED OFF Comodo Firewall’s Defense + feature. I didn’t see the need for THREE H.I.P.S./AV apps. Anyway, hours after the Limewire download, I decided to run a full Avast scan.
It detected TWO Trojan Porn-Dialers. I was shocked. I wrote down the file names of the Trojans and googled them and found that Kaspersky labeled them as “not a virus”. Avast found the Dialers hiding in "System Restore/volume area Windows.

Question 1: How did these two Trojans get past Avast AND Drive Sentry?
Question2: How is it Avast let it thru, only to detect it 3 hours later WITHOUT having updated?
Question 3: if I had left Defense + on, would it have detected it?
Question 4: Is it because I have Wifi and therefore can’t be affected by a Dialer?

I read that some Porn-Dialers are kinda, um, legitimate. Ppl sometimes actually download and use them.
That’s how they wish to be billed for talking to ugly women. Is it because it isn’t a virus that I got no Alert? Why then would Avast later detect them as Trojans and recommend Quarantine?

My PC wasn’t harmed in any way, but I sit here annoyed and confused. ANY THOUGHTS?

Question 2: If I had left

Hi,

normally you should be able to clean the virus with this guide.

Well, if the AV doesn’t have the signature, it will not protect you from the malware. That’s why you need a default deny system ! You asked if Defense+ would’ve protected you : YES ! It would have !

best regards,
eXPerience

Hi Experience! Avast cleaned and quarantined the 2 trojans as soon as it found them. No problem.
What’s more, Avast hadn’t updated at ALL that day, yet it was able to detect the 2 trojans once I ran a Full Scan! It let it thru, yet detected it a couple hours later. It had the signature the WHOLE TIME!! The 2 Trojans had been “in the wild” for many months. AV’s do this to other ppl. They let something thru, and without updating, then detect a piece of Malware!! Sometimes minutes, sometimes HOURS later. Please remember, this all happened WITHOUT ANY UPDATE AT ALL!! I have seen Avira do the same thing.
Maddening.

Hi this could be because of the heuristics. I assume that the heuristics and file extension scanning are not as strong in the real-time scanner as in the on-demand scanner. This is why it’s needed to do some on-demand scans every months/weeks !

eXPerience

You can’t answer if D+ would have protected you :wink: theres lots of possible scenariosFor example; by default D+ doesn’t alert to file creation - the porn dialer may never have been executed. ← D+ wouldn’t have alerted.

Bigtimeidofan, The reason Avast! didn’t detect that file realtime was because it was never accessed, That explains why an system scan found it.

Hello again Experience. You assume correctly that the Heuristics are not as strong in the real-time scanner.
They’re actually NON-EXISTENT!! Avast and Drive Sentry don’t have Heuristics in the Free version at least in the real-time scanner.

As for doing scans every week. Wha? Truth be told, I am a Prideful and Arrogant man who doesn’t need to run scans as others do. It is my belief that I have set up such a Fine security system that regular scans are Unnecessary. While others are fretting about infection, I tend to just go about my way surfing and downloading as I please…with Impunity.

KYLE: Your comment was insightful and wholly accurate. I had the same thought but wanted very much to run it past the community to get other opinions. Perhaps the reason no Alerts popped up was because there was no Danger!! Since the two dialers never actually executed, there apparently was no need FOR an alert. I use wifi, not dial-up, so the dialers never could have harmed me in any way. I guess Avast is still batting 1000. It has never let a virus through since I got it almost 2 years ago.

I for one have Great respect for Comodo and it’s wonderful products. Especially the Firewall.
Still, while Defense + is STELLAR, I now am sure it too would not have alerted as there was no danger and the dialer was DEEP in the Limewire package. This is not to criticize ANY AV product of course.
I regale my AV freeware suite as A+. Because it is. I’m also sure that if I did have Dial-up, 1 of the 3 AV apps I have WOULD have stopped the dialers before they could do any financial harm.
In summary, there basically was no threat to report, so no alerts were needed.
I shall continue my policy of running deep scans about every 5 months. HOWEVER, I think maybe I’ll Reactivate Comodo Firewall Pro’s Defense + to scan for .exe files only. For prudence. Thanks.

As for doing scans every week. Wha? Truth be told, I am a Prideful and Arrogant man who doesn't need to run scans as others do. It is my belief that I have set up such a Fine security system that regular scans are Unnecessary. While others are fretting about infection, I tend to just go about my way surfing and downloading as I please....with Impunity.

Its funny what five mins has done versus your five month scan time :stuck_out_tongue:

Hey BigT :smiley:

It has been discussed before if Avast! has heuristics and the answer is hard to understand as an average user, There are many different labels of detection and Avast! detects in a different but similar way to heuristics using generic signatures.
If you visit Avcomparitives you will see that Avast! performs on the restrospective\proactive test.

Drive Sentry uses behavior blocking to detect new and unknown threats so in a way, although different it achieves the same end goal as generic and heuristics attempting to fine the new and unknowns.

Note: There are many different labels for signatures that detect multiple variants… I used generic as the stereotypical.

Hope this helps :slight_smile:

Thanks KYLE…it does! Avast uses Pure Heuristics for email and Outlook scanning. Improvised Heuristics (the generic signatures you mentioned) for everything else. I’m sure the new Avast 5.0 will be more direct.
QUERY: Do you know of a website, OTHER THAN EBAY, that I can get a used Laptop HD from?
2.5 in IDE 30 ore 40 GB. Preferably a Toshiba made HD. Any suggestions?

A bit !ot! here but anyway ;).

Amazon perhaps ?

eXperience

I went to Amazon last night. I love Amazon. They came close to having what I wanted. Not there yet. I’ll keep checking back with them. I trust them.

                I experience that, I am really confused in that time why there are trojans that can pass my avast. I am wrong because my avast is not yet fully updated. I am really shocking that thing happens to me.

Limewire is the cause of many problems with too much ■■■■ in there, it’s like a lottery, you bound to win a special treat (exe.) but not in a good way. My advice is stay clear of Limewire which is a Virus/Trojan/And the rest Haven.

It has been my experience that ANY av will let something slip through, only to find it during a Full scan or an early-load or boot time scan. The signatures are usually ALREADY there, or at least the heuristics that enable a security app to be able to detect a particular threat. ROGUES tend to get past even the most sophisticated and expensive anti-viruses. Avast is hardly the only AV that fails to detect certain threats right away. They ALL are guilty of that. Whats important is, when a full/early load/boot time scan is done, it finds and eliminates the problem.