so you caught a virus, what then?

[skydiver]

The anti-virus software programs are oriented towards preventing an
infection. But when you get infected, how good are they at fixing it? That's
very important too. I recently had that happen to me. I thought avast! was a
great anti-virus software until I became infected, but then it offered me no
help whatsoever. I was thrown back on my own resources and had to go looking
for detailed information about the virus elsewhere. I had to google, etc to
get any basic information about it. The same for removing it or fixing my
system. No help from avast! So I'm thinking about dumping avast! but wonder
which other anti-virus software might have a better assist in dealing with
an infected system. Any advice?

I was lucky. Turns out it was a false-positive. I didn't really have a
virus. Even if I had the virus that was reported, it was a benign type which
didn't harm the op system. But it was a signal to me to go looking for
something better in that department. If I really had a virus, I would want
some better help in the future.

 

[Martin, VK2UMJ]

The anti-virus software programs are oriented towards preventing an
infection. But when you get infected, how good are they at fixing it?
That's very important too. I recently had that happen to me. I thought
avast! was a great anti-virus software until I became infected, but then
it offered me no help whatsoever. I was thrown back on my own resources
and had to go looking for detailed information about the virus elsewhere.
I had to google, etc to get any basic information about it. The same for
removing it or fixing my system. No help from avast! So I'm thinking about
dumping avast! but wonder which other anti-virus software might have a
better assist in dealing with an infected system. Any advice?

I was lucky. Turns out it was a false-positive. I didn't really have a
virus. Even if I had the virus that was reported, it was a benign type
which didn't harm the op system. But it was a signal to me to go looking
for something better in that department. If I really had a virus, I would
want some better help in the future.

And you wonder WHY you couldn't get any help from Avast! about removing it??
I doubt ANY AV software would give you information and help removing
something that doesn't exist!!

Get a grip!!!! Every actual virus that Avast! has detected on my systems it
sucsesfully removes as well, or at the very least isolates to the virus
chest. I really don't expect it to tell me detailed info about non-existent
virus's........... Nothing is ever 100% accurate, even Avast! But it is
among the better ones, resource wise as well as detecting - certainly better
than AVG!!!!

 

[Virus Guy]

Take the hard drive and slave it to another (trusted) computer and
scan it with "The Cleaner" with NAV running in the back ground.

 

[Ian JP Kenefick]

The anti-virus software programs are oriented towards preventing an
infection. But when you get infected, how good are they at fixing it? That's
very important too.
OK....

I recently had that happen to me.

No you didn't - it was a FP.

I thought avast! was a
great anti-virus software until I became infected, but then it offered me no
help whatsoever. I was thrown back on my own resources and had to go looking
for detailed information about the virus elsewhere. I had to google, etc to
get any basic information about it. The same for removing it or fixing my
system. No help from avast! So I'm thinking about dumping avast! but wonder
which other anti-virus software might have a better assist in dealing with
an infected system. Any advice?

Yes - there are removal utilities available for when you do get
infected. See my signature!

I was lucky. Turns out it was a false-positive.

Lucky - I think the opposite. How did you know this was a false
positive. Why did you think you were infected in the first place?

I didn't really have a
virus. Even if I had the virus that was reported, it was a benign type which
didn't harm the op system.

Lots of viruses do not directly HARM the operating system but that
does *NOT* make them benign. In fact, quite a successful virus would
not harm the operating systems functionality - this way it would
remain active without any suspicions being aroused on the user.

But it was a signal to me to go looking for
something better in that department. If I really had a virus, I would want
some better help in the future.

Avast from what I hear has a decent reputation. However I do not
understand, since you were actually not infected with a virus how did
AVAST let you down?
--

Regards,
Ian Kenefick
Got a virus?
Go to www.ik-cs.com > 'Got a virus?'

 

[skydiver]

No you didn't - it was a FP.

It was a virus, according to avast!

Yes - there are removal utilities available for when you do get
infected. See my signature!

I don't want a lot of 2nd party utilities. The anti-virus software should
handle this automatically.

Lucky - I think the opposite. How did you know this was a false
positive.

I figured it out eventually after about 24 hours of hard work and a
half-dozen emails to experts requesting their help.

Why did you think you were infected in the first place?

Because that's what avast! said when I scanned my computer. The siren
sounded and a voice blared out: Warning You Are Infected (or something
similar).

Lots of viruses do not directly HARM the operating system but that
does *NOT* make them benign. In fact, quite a successful virus would
not harm the operating systems functionality - this way it would
remain active without any suspicions being aroused on the user.

This particular one is supposed to do no damage. It attaches itself to a few
files but doesn't harm them nor the op system: "Win32:Aris". I finally found
a good description at antivirus.com (Trend Micro), which also provided an
online scan saying it was NOT actually this virus (i.e. a false positive by
avast!).

Avast from what I hear has a decent reputation. However I do not
understand, since you were actually not infected with a virus how did
AVAST let you down?

Because as I said in my original post, anti-virus software shouldn't stop at
the point of preventing infection. It should also fix an infection, or at
least provide some good help. But avast didn't even list the virus on its
website.

 

[Ian JP Kenefick]

Because as I said in my original post, anti-virus software shouldn't stop at
the point of preventing infection. It should also fix an infection

You obviously dont understand antivirus very well. Antivirus
signatures not only detect the virus but they also contain a routine
for disinfection.

least provide some good help.

False positives happen. For most they are rare and in your case the
problem was solved with a database update. Get over it.

But avast didn't even list the virus on its

No website offers a virus description for *EVERY* detected virus. Did
AVAST warn for a possible new virus/suspicious object ie. Heuristic or
was it a pattern match ie. a signature detection where you get the
name of the infection? If it was a heuristic then there will be no
virus description either.
--

Regards,
Ian Kenefick
Got a virus?
Go to www.ik-cs.com > 'Got a virus?'

 

[Roger Wilco]

Yes... and no. Preventing an infecttion should be done by the users use
of safe computing practices. Originally the AV was only needed to
"detect" an infection prior to the user executing an otherwise trusted
file from an otherwise trusted source. Without the trust involved the
user has no reason for executing the "infected" file in the first place.
If you ask a programmer friend to send you a particular program he or
she has created and the programmer does so (trustworthy) then you need
the AV to try to verify that the program has not been infected -
otherwise there is no reason to execute the program at all since it is
from an untrusted source.

Detection is the first thing.

Detection is enough. If it is "infected", you ask the trusted source to
send you another one because the one sent was deemed by AV to be
"infected" with 'something'. People don't like to be saddled with having
to make themselves safe, and they don't want to have to throw out an
infected program file. They want to be able to execute viruses and then
"undo" whatever was done. To "undo" whatever was done you first need to
do more than 'detect' you need to "identify". Once an identification has
been made you could take whatever steps necessary to affect an 'undo' by
researching what is known about what that particular virus variant does
and reverse those changes if possible. People don't want to be saddled
with this either - so AV now tries to do detection, identification, and
"healing" or "cleaning" procedures.

I don't want a lot of 2nd party utilities. The anti-virus software should
handle this automatically.

Actually, you shouldn't ever become "infected" by malware known to the
AV, and malware not known to the AV can't be identified (and later
cleaned) by the AV. AV used correctly is the "ounce of prevention" that
tells you to trash the suspected program file (instead of executing it)
and get a new uninfected one from the trusted source.

The primary goal is to 'detect' with as few FP detections as possible.
The recent crop of AV programs have gotten away from this basic fact and
enjoys a marketshare based upon the other things you say are important.
Next peeps will be in here saying that adware removal is the most
important thing to consider when selecting an AV.

This particular one is supposed to do no damage. It attaches itself to a few
files but doesn't harm them nor the op system: "Win32:Aris". I finally found
a good description at antivirus.com (Trend Micro), which also provided an
online scan saying it was NOT actually this virus (i.e. a false positive by
avast!).

Not just a FP detection but a misidentification of what it was thought
to be infected with - and you want the AV to 'clean' it!?

In this case, you were outta luck - there is no way to 'clean' a program
file that has no worth in it.

I agree, a vendor that supplies information on the known malware it
detects (or thinks it detects) is a good thing. Many times I have seen
people ask "what does this virus do" and it usually turns out that the
virus name was assinged by AVG and their information about that virus is
nonexistant - not even a list of aliases (names used by other vendors
for this same virus) is given. Scanning by other vendor's products will
usually indicate an FP or at least give you more names to investigate.

A high detection rate and a low FP rate is what is needed. Everything
else AV does is just to relieve the users of having to conform to safe
practices.

 

[Gregg Cattanach]

The anti-virus software programs are oriented towards preventing an
infection. But when you get infected, how good are they at fixing it?
That's very important too. I recently had that happen to me. I
thought avast! was a great anti-virus software until I became
infected, but then it offered me no help whatsoever. I was thrown
back on my own resources and had to go looking for detailed
information about the virus elsewhere. I had to google, etc to get
any basic information about it. The same for removing it or fixing my
system. No help from avast! So I'm thinking about dumping avast! but
wonder which other anti-virus software might have a better assist in
dealing with an infected system. Any advice?

I was lucky. Turns out it was a false-positive. I didn't really have a
virus. Even if I had the virus that was reported, it was a benign
type which didn't harm the op system. But it was a signal to me to go
looking for something better in that department. If I really had a
virus, I would want some better help in the future.

Actually, AVast has a very good utility to help recover from an infection,
it's VRB Virus Recovery Database. I haven't had to use it, but they
definitely have the ability to restore corrupted files from this database.
And the other poster was right, if you weren't really 'infected', AVast
wouldn't know what you were trying to fix.

 

[skydiver]

Actually, AVast has a very good utility to help recover from an infection,
it's VRB Virus Recovery Database. I haven't had to use it, but they
definitely have the ability to restore corrupted files from this database.
And the other poster was right, if you weren't really 'infected', AVast
wouldn't know what you were trying to fix.

There was absolutely no help provided, not from the VRDB, not from anything.
The siren sounded, the light started flashing, and a voice said: "You are
infected with a virus", or something similar. That was it. Nothing more. I
was left entirely on my own, no help whatsoever from avast. And when I asked
at their forum, they started some kind of nonsensical "putdown" crap, and
refused to respond properly. They didn't want to help. They only wanted to
defend their stupid software's reputation, or some such, no consideration
for the person who was infected. So avast is totally worthless on all
scores, insofar as I can discover, when a virus is found. I would now have
to advise anyone to avoid it. I used to be an avast supporter, before I
encountered the virus, but no more. The fact that I wasn't really infected
is irrelevant to the situation, i.e. avast provides totally zero (0) help
and assistance when a virus is found. You are left entirely on your own
resources and will have to go looking and googling elsewhere to try to find
out the basic facts about the virus and how to fix it. I don't think most
people want that kind of hassel when/if a virus is found. They want proper
help from the anti-virus software. They won't get it from avast. End of
story. avast is pure junk!

 

[Gregg Cattanach]

There was absolutely no help provided, not from the VRDB, not from
anything. The siren sounded, the light started flashing, and a voice
said: "You are infected with a virus", or something similar.

It probably said something more like: "Avast has found a virus", NOT "you
are infected with a virus", two completely different things. When it finds
a virus in e-mail or from a website, it let's you know so you can skip it,
delete it, etc. Avast has worked perfectly for me, notifying me of several
website and e-mail viruses, and giving me the ability to delete them before
they are executed.

Take the time to actually read the warning dialog box.

 

[skydiver]

You're arguing about trivialities. My conclusions remain the same. Avast is
worthless when a virus is found. Period. End of story. If you want to use
it, fine, doesn't matter to me, but I want something better...

 

[kurt wismer]

You're arguing about trivialities. My conclusions remain the same. Avast is
worthless when a virus is found. Period. End of story. If you want to use
it, fine, doesn't matter to me, but I want something better...

http://anti-virus-rants.blogspot.com/2004/07/all-anti-virus-products-fail.html

 

[skydiver]

http://anti-virus-rants.blogspot.com/2004/07/all-anti-virus-products-fail.html

I understand that line of thought, but it doesn't apply in my case. I'm not
blaming the anti-virus software for allowing an infection. My concern is
that the anti-virus software doesn't help to fix an infected computer,
doesn't provide the necessary basic information about the particular virus
involved, and no instructions on how to proceed to clean the computer. It
leaves the user entirely on their own ingenuity and resources, and they must
go googling and searching to try to discover the facts involved, details
about the particular virus which has been identified in the scan. One must
try to find out if any damage has been done, and how to fix it, and whether
that is possible. I expect the anti-virus software to provide that kind of
basic information and assistance to deal with an infection it has
discovered, but avast doesn't. Except for that, avast seems OK, but I want
something better. I'm not running and jumping on a different anti-virus
product, but am looking around...

 

[Martin, VK2UMJ]

I understand that line of thought, but it doesn't apply in my case. I'm
not blaming the anti-virus software for allowing an infection. My concern
is that the anti-virus software doesn't help to fix an infected computer,

Yes it does....

doesn't provide the necessary basic information about the particular virus
involved, and no instructions on how to proceed to clean the computer. It
leaves the user entirely on their own ingenuity and resources, and they
must go googling and searching to try to discover the facts involved,
details
Nope..

about the particular virus which has been identified in the scan. One must
try to find out if any damage has been done, and how to fix it, and
whether that is possible. I expect the anti-virus software to provide that
kind of basic information and assistance to deal with an infection it has
discovered, but avast doesn't. Except for that, avast seems OK, but I want

Avast certainly does deal with a true infection... How did you set up
Avast? Was it setup to ask you what to do, or act automatically? And what
options did you enable? Remember that you can change those settings for
each provider so after a detection it will perform the specified tasks (seek
input, or auto delete, or move to chest, etc).

something better. I'm not running and jumping on a different anti-virus
product, but am looking around...

But, Avast DOES fix an infected computer. My daughter is constantly surfing
sites that download virus's, trojans, etc (how do you stop a tennager with
their own computer), yet Avast detects and removes ALL infections found. No
problems, no hassles, no drama's (like I did have with AVG Free).

What it DOESN'T remove is detections that turn out to be false and no
infection at all, and frankly I wouldn't expect it to either! You seem to
be getting your knickers in a twist over something that no AV software would
do - remove a non-existent virus! Get a grip and judge Avast (and others)
on how they perform with an actual true infection, and so far on the 5
computers I have installed Avast on there has *never* been an issue with
Avast failing to remove a virus that it detected...

 

[Barry]

Skydiver, I think you've come to the wrong group. These people are
obviously technically competent and can instinctively distinguish
between real and pretending viruses, but they have no concept of how
most people want to use their PCs.

For most users, the PC is not a profession or even a hobby. It's a
tool for email or Internet. If a housewife doing her shopping gets a
virus warning, our friends here would expect her to decide what action
to take on the basis of whether the message was prompted by a
heuristic analysis or a pattern match.

I'm a retired IT manager and I teach disadvataged people to use PCs.
An important part of my job is to show them that they should not be
scared. Unfortunately the primitive nature of the Microsoft operating
system requires that they will need to deal with threats to their
privacy and the integrity of their programs and data.

I aim to set up their computers to deal with these threats with the
minimum of ongoing intervention. But perhaps the group members are
correct in their implication that PCs are not for ordinary people.

Barry

 

[kurt wismer]

I understand that line of thought, but it doesn't apply in my case.

do you *really* understand it?

I'm not
blaming the anti-virus software for allowing an infection. My concern is
that the anti-virus software doesn't help to fix an infected computer,
doesn't provide the necessary basic information about the particular virus
involved, and no instructions on how to proceed to clean the computer.

hold on - it detected a virus but couldn't clean it... so you're ok
with the possibility that anti-virus products don't have perfect
detection, but when it comes to their lack of perfect restoration
capabilities you cry foul?

seems you don't understand the "all anti-virus products fail" concept
after all...

then there's the lack of information for that particular virus on their
website - well, guess what - no anti-virus vendor has an exhaustively
complete online virus description database... the cost of maintaining
such a thing is actually quite high and the return is not nearly as high...

then there's the fact that it was a false alarm, and if it had been a
real virus then possibly the events may have gone differently... the
product might have actually been able to do something about the virus
right out of the box and/or inquiries to their support department may
have been more fruitful...

 

[kurt wismer]

Skydiver, I think you've come to the wrong group. These people are
obviously technically competent and can instinctively distinguish
between real and pretending viruses, but they have no concept of how
most people want to use their PCs.

non-sequitur... if people want protect their pc's, part of that
protection is going to have to come from changes in their behaviour...

if you go to the doctor complaining about pain every time you poke your
eye you can bet he's going to tell you to stop poking your eye...

arbitrary user behaviour is not necessarily reasonable...

For most users, the PC is not a profession or even a hobby. It's a
tool for email or Internet.

yeah, my hair clippers are a tool for clipping hair... i still need to
oil the blades to maintain it...

a car is a tool for getting from point A to point B, it too requires
maintenance and responsible behaviour...

if you neglect your tools, your tools will eventually stop being useful...

If a housewife doing her shopping gets a
virus warning, our friends here would expect her to decide what action
to take on the basis of whether the message was prompted by a
heuristic analysis or a pattern match.

no, we expect her to look for help/ask for advice if she doesn't
already know what to do...

[snip]

I aim to set up their computers to deal with these threats with the
minimum of ongoing intervention. But perhaps the group members are
correct in their implication that PCs are not for ordinary people.

nice strawman... few people here would agree that pc's are not for
ordinary people... most would agree, however, that ordinary people have
to adapt and learn how to properly use new tools - and in our society a
computer is still very much a new tool...

 

[skydiver]

Your response is totally false, a lie...

 

[skydiver]

It is you who doesn't understand. I understand perfectly!

 

[Martin, VK2UMJ]

Your response is totally false, a lie...

No, and I'd like to see your evidence of that too, or are you in the habit
of calling people liars whenever they show you up for the moron you are??

What part do you feel is "a lie"?

Avast certainly does clear any real infection, as well as any other AV
software. If it can't clean the file, it will isolate it in the virus chest
or delete it - your choice - but either way it is rendered safe. Any other
Avast user (that doesn't expect the impossible) will tell you the exact same
thing.

Even the new users that know nothing about computers that have had me
install Avast for them seem to be able to understand it, and are happy with
the way it works. Perhaps your skills are lower still?

Best wishes finding any AV software that will remove a false positive for
you - bit hard to remove something that doesn't exist.... Perhaps you just
need something that doesn't detect anything and therefore wont upset you
with any warning messages?