@rigz,
..it was on my netbook,and it does not have a constant internet connection ,and i just connect it on my home..via wireless..
-- Wireless is still a connection.
actually i just killed the first one virus Paiqe.exe manually..i dont know why Avast 6 cant detect it,i used a Pro one version ..
-- Using only one AV setup there. No on-demand/2nd opinion checker.
then i just notice the "paiqe.exe"..which i tried to end process but it states: it was in used,so i suspected it was a virus i tried a boot scan..but still it was there. .so i looked for its location run in safe mode and run the Altap Salamander to view where it is.then i deleted it.. it happpened last march.. then just last week i run msconfig... i saw again the Paiqe.exe..with other one suspicious file "Herss.exe"..
-- You cannot just delete a trojan even in safe mode. Altap Salamander is just a file manager. You should have placed the suspicious file in Avast's Virus Chest. Strains was still left and due to it's behavior..resurfaced as Herss.exe or you just missed Herss.exe in the first place.
AvastPro user. Why did you choose AvastPro? While it is one of the best user-friendly AV's around it still is "not" a "install and leave" application. User input is needed as well as settings beyond the defualt. I have AIS(without the firewall so it's function is same as AvastPro and also have used AvastPro till end of 2010).
Well imho in the very least it's quite effective especially with a low level trojan. Something is wrong with your settings. I can't imagine non-detection there File System Shield and Behavioral Shield or at least the AutoSandbox should have alerted it (well okay maybe not Behavioral Shield).
Either you or your relative has disabled something there or definitely "settings". If the borrower has a freehand to disable Avast or something in your shield settings or allow/ignore alerts then "game over".
as mentioned,
Honestly, the biggest flaw(including those who have no clue what they're doing) is most people want to have his/her way. Doesn't want to be inconvenienced or something..at the expense of being vulnerable.
That is classic example of how a user wrongly uses his security app especially one like AvastPro.
Yes you trusted the AV but the AV cannot do it alone for you. User input is needed.
File system shield has a tendency to make opening/closing/reading files slow so I think there was something done there plus definitely settings are not to par. Instead of disabling a shield some advice to exclude it in the File System Shield>Exclusions, that is "if" you will exclude a file/folder/app, make sure it's clean. Then go and use that file/folder/app.
In the first place you should have password protected Avast (See files.avast.com/files/manuals/user-manual-pro-eng.pdf) so the whole disabling or changing some settings should not have occurred. (I know how Filipino's are when it comes to relatives so better that it's you who will takes steps).
As far as many are in doubt as to the effectiveness of the Behavioral Shield of Avast(I call it urban legend) I still believe that it should have alerted the user or you about this. This is just a low level trojan. What happened is an example of not using security app properly. A "flaw' exists there.
..i dont know why Avast 6 cant detect it,i used a Pro one version ...i tried a boot scan..but still it was there. .
This is a cry-wolf syndrome. Not entirely the fault of non-detection by Avast. Just to make a point, I am not a die-hard fan of Avast (among my top 5 AV's, Avast is the last for me) but in fairness here..not entirely their fault until proven otherwise. The least you could have done was to:
a) place it in the virus chest, and then
b) submitted the files to avast for verification. (or checked it at VT or Jotti's)
Then you "wolf-cry" them for non-detection at the avast forums. Lot of good guys there, like British guy "essexboy" for me I think he's the top-gun for malware removal there.
im using now Malwarebytes and MSE..it was now ok for me for the mean time.
MSE/MBAM..maybe...I can't say I'll take that as "enough" security. If you have a default-deny settings and light virtualization like Sandboxie/Bufferzone, yes definitely..but just them and considering the behavior when you got infected..(plus MBAM scanning a measely 160gb/250gb drive for long stretches of 2-3hours...----tendency of not finishing it looms..this will be close to "game over" again).
AvastPro is good + you need a good HIPS program (MBAM as on-demand or the light HitmanPro --
Prevx/GData/Emsisoft/Dr.Web/Ikarus cloud fast scanners) but that's just me.
I be he and
CanIHaz has a point there also. What is needed
IS a review of your security settings/how you use it/what to do..etc.
The links given above are worth reading to be better informed so this "event" to not happen again. But in all honesty/as stated also, no amount of security will be effective if you do not consider what really went wrong there (the main reason for being infected with non-detection) and take steps to correct that.
Stay safe dude (at least try and take actions to learn from this)and give your relative a whacking
"pitik sa tenga" , netbooks aren't cheap there in your country.
damien
