Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Avast Vrius Scanner

Dec 16, 2006 4:17AM PST

I had Avast Virus Scanner run a deep scan on my computer. It found Win32 Tenga virus in 69 exe files on my computer. This was missed by AVG, as well as McAfee I want to know why?

I was running the scan on medium and it was not doing the archive files until today I decided to run a thorough scan and I kept getting these warnings to do repairs. Computer is now virus free.

Take my advise and do a thorough scan on your computers a.s.a.p with Avast Virus scanner.

I still want to know why the other virus scanners missed this virus?

Discussion is locked

- Collapse -
Three possibilities...
Dec 16, 2006 7:43AM PST

1.) The other antivirus scanners were not performing a thorough scan, including compressed files.
2.) The other scanners did not have that particular worm in their definition files. (Are they up-to-date?)
3.) What Avast detected were false positives due to incorrect definitions or internal corruption. It has happened many times in the past.

I would want to know what some of those EXE files were (by name) and where they were located. (Windows directory, System32 directory, etc.)

John

- Collapse -
infected files were
Dec 16, 2006 8:00AM PST

The infected files were in Calendar Pal download exe,
incredimail download exe
PC rescue exe files programs
BVS Solitaire game exe file
PSPro exe file
folder magic exe file
all were exe files in programs or downloads.

the list totals 71 win32 Tenga virus's in my computer

- Collapse -
Maybe a False Positive by Avast??
Dec 17, 2006 1:08AM PST

McAfee calls it: W32/Gael.worm.a

- Excessive netbios traffic emanating from infected system
- Presence of DL.EXE, GAELICUM.EXE, and CBACK.EXE

The virus does not create any registry keys or in any other way "install" itself to automatically start on system reboot.

http://vil.nai.com/vil/content/v_134857.htm

Can you find the DL.exe, Gaelicum.exe and cback.exe on your computer?

I would suggest before doing anything to scan with Housecall:

Please run the Housecall online virus scan located at:
http://housecall.trendmicro.com/housecall/start_corp.asp
Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system.
When the scan is finished, please restart your computer.

- Collapse -
Here is my shot at an answer.
Dec 21, 2006 9:29AM PST

I use, Spybot Search & Destroy, Ad-Aware SE Personal, Highjackthis, SpywareBlaster, Zone Alarm and Avast. I use an online scan just to make sure it?s a clean machine, my pick is Trend Micro?s Housecall which requires that my Sun Java runtime is kept up-to-date (I have tried others but they tend to fail to scan).

False positives, I've had these with Housecall. Because scan programs identify malware differently from maker to maker this sometimes happens. In your case I think it was real but it is sometimes hard to tell. I check the properties of the files in questions. I have found that if the dates are the same as when I had a problem with the computer and I can't find the file source I do a search on the file. If I find the file to be associated with a virus/malware by different sources or a trusted source I then delete it.

You asked, "I still want to know why the other virus scanners missed this virus?" Here is my shot at an answer. Some anti-virus program makers/manufacturers classify malware as a non-threat, so they ignore it. These companies then sell an additional scan program that is geared for malware, you buy it, you pay more, and they make more money. It comes down to what I like to call the protection suite effect and it is sweet for the profits. The other problem is that all anti-virus program makers/manufacturers are always playing catch-up, as new virus/malware is created/modified as fast as they can up-date there virus detection files. Well that is my shot at an answer, I hope it helps.