I have been running AVG Free Edition for a couple of years and found it fantastic

However, it is now running the most recent update, I ran a full scan and it found no infected files

I then go to Housecall and it finds no less then 13 infected files

I'd like to change from AVG to something else. I would expect there to be some inconsistencies between two virus checkers (that's why I ran AVG and Housecall!) but not 13 infected files difference!

Any recommendations?

And just how did you get 13 infected files?
What sort of files, what sort of infection?
Were they email attachments?
Had they already been put in the recycle bin?
Had AVG quarantined them already?
If AVG had moved them into it's quarantine folder, Hosecall would still see them and thin they were still active, so this may NOT be anything to worry about.
Before jumping off the deep end about AVG not doing it's job, I suggest a little more research.

I'm now running AVAST AV, I have used AVG in the past. I would really like to hear the answer to reboot's question?

Thanks for the replies

OK, a couple of the files were from SubSeven and Back Orifice installer files which I had in my downloads folder. I used to use them as legit network admin things for my LAN until I discovered VNC. AVG should have picked these up

One was from another zip file I had in my Downloads folder which has been there for about a year, AVG didn't pick this up. Called TROJ_ANAKHA.A

Another was an IRC virus called BAT_WOMANIZ.A, and another was a variation of this called BKDR_WOMANIZ.A

Haven't been on any dodgy sites, not sure how these came onto the machine tbh. Any ideas?

No they weren't mail attachments

No they weren't in the recycle bin

No they weren't in AVG's Virus Vault.

Anything else? Thanks,

Jim

They're probably all from IRC.
The bat_womaniz.a is an IRC flood bat.
Because it's a .bat file, AVG may not see it, although the latest definition I have says that it will, as well as the anakha one.
Are you positive that you have the latest update?
The anakha version you have is an ancient one, the latest being Win32.Anakha.a mutation.
These are both .bat or .vbs type trojans, and not viruses...which is why I always recommend a good trojan scanner as well, such as SwatIt! www.swatit.org

In that case, sorry for any confusion

Yes! I have the latest update


How did I pick these up from IRC then? Is there a way to stop them from coming through?

Nope, unless you stop accepting ALL files from anyone.
If you have your client (mIRC?) set up to send and recieve files, then these will get through, no matter what.
If you're behind a router, close the ports.
If not, get a firewall, and make sure everything is closed.
If you open one or two ports for IRC's DCC, you'll get them again.
No matter what folder's you've allowed sharing on in mIRC, DCC is a license to kill. It's far too easy to start a DCC with one person, and have another detect that transfer, and piggyback a trojan on it. Opening ports for DCC is like giving your computer to a hacker. It's just too vulnerable, even if you mask your IP.
BTW, IRC trojans can be in the form of .dll's and will download into the c:\windows\system, or system32 folder without your knowledge! AVG, Avast, Housecall, and even the much touted Norton Bloatware may not be able to find (and eradicate) them. SwatIt will, and has found more than one IRC trojan that all the anti-virus progs missed.
Welcome to IRC ;)

Oh, now that you mention it I have accepted a few files (three at the max)

I won't bother going on IRC until I get broadband and a router I think.

I'll get swatit then, thanks for the tip

But still, AVG didn't pick up the stuff that housecall did. Any recommendations for a good virus checker?

Thanks

I recommend PC-Cillin (the virus program that housecall is based on)

I second PC-Cillin

How about NAV? What are the different versions like compared to each other?

NAV is the biggest piece of bloatware on the planet. Do some searching and find all the problems that everyone is having with it. OK, maybe not everyone, but enought that it's not worth paying for, nor installing.
PC-Cillin, or just about anything else, except NAV and McAfee will do you nicely.
I still think that AVG does it's job spendidly, and there is no need for a different AV. Run in conjunction with a trojan scanner, adaware, and spybot, there's nothing else you need to do.

Hi Jim,

What do you recommend for a good, free trojan scanner? TIA

Oh, the other Jim? :P

SwatIt at www.swatit.org

Thanks,

Jim

Yup, swatit will do what you want. It's what I use.

Let's not condemn IRC in general - I've been on it almost every day for 8 years, and I have YET to pick up a nasty through DCC - I just dont accept files from anyone unless I know WHO it is and WHAT it is. If you have autoaccept enabled, that's your problem, and if you frequent the warez and fileswapping channels that's asking for it too. I'd recommend a firewall even if you are only on dialup.

I hope I didn't come across as condemming IRC, definitely not. It's an excellent way to communicate, and I find it easier, and more fun than the IM things that everyone seems to swoon over.
As with any program that accesses part of the internet, you need to learn something about it, before jumping in the deep end. Knowledge is power, and in this case, protection.
mIRC has one of the most extensive help sections of any program around. I suggest everyone thinking about using IRC, get mIRC, and read the help files. mIRC is truly a wonder. It has the power to do far more than just type and hit enter.

This comment was the one which worried me:

"It's far too easy to start a DCC with one person, and have another detect that transfer, and piggyback a trojan on it."

Is that really true? I have only ever accepted two files from one person in the entire time I've been using mIRC and they were MP3s

Jim

Originally posted by fatboyjim

Is that really true? I have only ever accepted two files from one person in the entire time I've been using mIRC and they were MP3s

Jim


Quite true, it's hijacking of DCC clients is nothing new, am sure you can find the source codes to "utilities" that will do it for you.

Here's why I find IRC a rather easy target for a lot of users; you have this whole community crawling with people, the funny thing is that most of them, like yourself use Windows. Now am not saying that Windows clients are ill-equipped, no they are rather pretty and featured, unfortunately, they cant hold a candle to Linux (for example) clients and utilities out there that can let a user weild ungodly power. By design, most IRC servers like to broadcast the live-IP's of its patrons, which makes it rather easy. You've now got 3 very important pre-requisites for an exploit already established:
1) the presence of a door to get in
2) the exact location of that door
3) the specific in/vulnerability of that door

The same can be said of IM's; but at least most IM's are favorable (from a security standpoint) at least in one respect - the IP addresses are masked (till there is a DCC) / it is still used as a contact method of known-person-to-known-person. For example, my Linux IM's will allow me to add and identify people whether they want it or not, etc etc.

Of course there is always the risk vs reward judgement that should be done for IRC (as well as for anything that wants to run on a dedicated/identifiable port) - is it worth taking the risk of going in with an IRC client to talk to friends - for a lot of people it is; is it worth downloading files with an IRC client - for a lot of people, it shouldn't ;)