Avast and password protected file *sigh*

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
so I do a full scan and this time (usually there are just a few) there  
are quite a LOT of password protected files, not happy with the names of  
a few (the names sounds suspicious) (maybe I'm paranoid) anyway  
GETMAC.BAT was one for instance, anyway is this just an avast flaw, am I  
infected or should I switch AVs? the last scan with malware bytes showed  
2 infections, 2 bad PUPs and then scanned with avast, but with all those  
un scannable files, had some free time and reinstalled win 8 and now  
have Avira, I think avast was slowing my PC down a bit too much anyway.

Re: Avast and password protected file *sigh*

On Sat, 24 Aug 2013 17:59:43 -0400, usenetopian wrote:

Quoted text here. Click to load it

LOL. Avast has a pretty small resources footprint. What was slowing your  
machine down was probably all those connections to the botnet and the bad  
stuff phoning home and emailing itself to everyone you know.



--  
"I am not made like anyone I have seen; I dare believe I am not made
like anyone in existence. If I am not better, at least I am different."
-Jean-Jacques Rousseau (1712-1778)

Re: Avast and password protected file *sigh*

@speranza.aioe.org:

Quoted text here. Click to load it

What makes you think this is a flaw with avast? Password protected archives  
are what they are. It's certainly not avasts job to try and crack into them  
for you. If you wish to scan inside one, decrypt it into an empty folder and  
right click/scan folder.




--  
http://bughunter.it-mate.co.uk/cacti.jpg

Re: Avast and password protected file *sigh*

usenetopian wrote:

Quoted text here. Click to load it

If any program could read any encrypted file, what would be the point of
wasting the time and resources to encrypt the file in the first place?

So in that rambling post, did you have a question?  What was the goal of
your post?  Was it why you, someone else, or a program cannot read a
password-protected file?  Or why in this last scan you found lots of
password-protected files versus your prior scan (but without mention of
the time interval between those 2 scans or how much change there was
during that time)?  You don't mention how often you perform an on-demand
scan.  The on-access (real-time) scanner catches creation of malware
files or detects their contents when some process wants to read from
those malware files.  If you ever disable your AV program, you could get
malware files downloaded onto your drive.  When you later reactivate
your AV software, it's just scanning to do active monitoring.  It
doesn't go scanning all files on all hard drives.  The on-access scanner
is monitoring the active processes.  To find quiescent malware files on
your drives that got there when the on-access scanner was off, you need
to run or schedule a scan using the on-demand scanner.  

If your question is about reading encrypted files, it is not a flaw of
Avast or any other program that it cannot, will not, or doesn't have
sufficient hardware resources and time to decrypt password-protected
files to peek inside them.

EVERY security program (that is active monitoring your computer) will
incur some expense in resources (hardware and software).  Obviously it
still needs some time for itself to run and do its interrogations.  I've
had Avast on several hosts and its impact on the computer has been
minimal and far less than, say, the big boys, like Symantec and McAfee.
Seems the real culrit are all those unknown password-protected files
that you have.

Are ALL of the suspect password-protected files using oddball filenames?
If so, you sure you didn't get hit by ransomware?  That doesn't have to
infect your computer.  It merely has to run, like you choose to run a
download instead of saving it.  Ransomware snoops around your computer
looking for drives it can access and their files.  It might rename lots
of files and even set the hidden file attribute (so normal file I/O
won't find the files).  If it has time and was encoded for such, it
might then follow with encrypting your files.  Then it lies to you by
saying your host is infected and you'll have to buy their software to
recover your files.  Without their program (and your money they
receive), nothing can decrypt the files some of which could be
executables and OS-related files.  When the ransomware is done renaming,
deleting, hiding, and/or encrypting your files, it removes itself
because it has completed its intended malicious task so it doesn't need
to be around anymore for real anti-virus software to find it.  Their
program isn't needed anymore but they'll sell you another one after you
pay their ransom that will let you recover your files -- well, until
that next program fires off at some later time to repeat the whole
process (or you visit another site with the fake AV page) and you pay
another ransom.

Re: Avast and password protected file *sigh*

On 8/25/2013 8:04 PM, VanguardLH wrote:
Quoted text here. Click to load it

sorry for my rambling post (pain medication can do that sometimes)  
anyway definatately not ransomware, I'm not that much of a noob to not  
be able to detect that, I mis-typed also, malware bytes found 2 pup  
infections one was in unrar program (adware, but only if you don't  
untick the boxes) the other was in a temp file in IE which I rarely use.  
Feeling a bit paranoid, I reinstalled win 8 and installed comodo  
firewall right away, got rid of the 'free' McAfee (God they are aweful)  
and installed Avira free and so far everything is running smooth (also  
spyware blaster too which I like) I might use a hosts file again but the  
last time I used that, it was blocking some legit sites that I should  
have no problem with. When I get the chance I need to get a router as  
and added layer, can't be too careful...

one question though, running 2 real time av's is a bad idea (usually),  
but is running windows own firewall with comodo's free firewal bad also?

Re: Avast and password protected file *sigh*

usenetopian wrote:

Quoted text here. Click to load it

*Running* (active monitoring) by multiple anti-malware products is not
recommended not only due to conflicts but also for duplicated prompting
and possible differences in action commited on suspect files or
processes.  However, installing multiple anti-malware products where
only one is active at a time (i.e., it's on-access or real-time
monitoring is active) while the others are passive (used for manually
instigated on-demand scanning) is not only okay but is recommended.

Running 2 active firewalls can also conflict with each other.  However,
even if they cooperate, you'll end up with duplicate prompts although
Windows firewall is a lot more silent than Comodo (because Comodo
includes HIPS to regulate which process has network access).  Every
security product incurs an impact on the computer.  Each has to consume
some CPU cycles, generate some bus traffic, and will affect the
responsiveness of the computer.  Also, the point of the computer is to
use it, not to have it sit isolated and nearly consumed with security
processes.  The more security you apply to a host the less usable it
becomes.  You need to find a comfort level regarding security and
usability.

Consider multiple firewalls like having 2 sifters for flour.  Once is a
coarse sifter and the other is a fine sifter.  If you put the coarse
sifter under the fine sifter, the sand won't make it through the fine
sifter so the coarse sifter isn't helping you any.  If you put the
coarse sifter over the fine sifter, the coarse sifter is, well, too
coarse so the sand goes through but gets caught by the fine sifter.  The
coarse sifter is a wasted effort.  Just use the fine sifter.  Comodo's
firewall is the fine sifter but can exceed the user's expertise to
understand how to use it well.  Unlike anti-malware programs (e.g.,
anti-virus) where overlapped coverage (one active, the other(s) inactive
but used as on-demand scanners) increases with multiple deployments,
multiple firewalls will not up their protection.  Just use the firewall
with the better protection but one that you can understand and use well.

Pick one firewall and use just that one.  Uninstall or disable the other
one.  Which one you pick depends on your expertise and willingness to
tweak over time along with what satisfies your comfort level.  I've used
Comodo's firewall in the past, like on Windows XP, but when I moved to
Windows 7 then I decided to just use its firewall.  Comodo just gets in
the way too often.  Yes, I know the HIPS prompting wanes over time but I
grew weary of having to research some of its prompts which had me
digging into the bowels of networking in Windows (e.g., how many users
understand the messaging between processes and how that might trigger a
HIPS prompt despite the connection is local and doesn't even touch the
external interface of the network adapter).  To me, Comodo firewall
became overkill and a too much a nuisance.  It generated too much impact
on my networking (local, intranet, or Internet) and exceeded my comfort
level for a secure [enough] platform.  Comodo isn't without their own
problems, too, such as completely losing Internet access, not knowing
why or finding how to get Comodo to become responsive again, and having
to reboot or uninstall Comodo firewall to get Internet working again.  

Security and ease of use are the antithesis of each other.  Too much
security has you wasting too much of your time to maintain it and gets
in the way of using your computer.  I could carry 6 spare tires in my
car but 1 suffices.  Once in over 40 years did I have more than 1 tire
need replacing at the same time.  Meanwhile and far more often I need
the cargo space for grocery shopping or have more than 1 passenger.

By the way, you never mentioned which OS you are using.  If Windows then
which version of it?  Some versions of Windows come with Windows
Defender which is active by default.  Since you mention using Avast, did
you ever disable the on-access (real-time) scanner and the scheduled
on-demand scan by Windows Defender?  Keep Defender installed but use it
as an on-demand scanner.  Use Avast's on-access scanner for active
protection.  If Defender came with your version of Windows, Avast may
not disable its on-access scanner when you install Avast.  You don't
want multiple concurrent active AV scanners so make Defender inactive
but still available for manual scans.

Site Timeline