Author Topic: MAJOR program dysfunction  (Read 4266 times)

0 Members and 1 Guest are viewing this topic.

Oxa

  • Guest
MAJOR program dysfunction
« on: April 19, 2012, 10:04:05 PM »
Avast detected a virus on my external hard drive. It was a false alarm. I've had that installation file on my hard drive for ~8 years and no program, including Avast, has ever detected anything wrong with it. But that's not my problem. After Avast detected the "malware," it moved it to the chest, and I have been unable to restore it. In the Avast UI, I went to Maintenance>Virus Chest, highlighted the file, and asked Avast to scan it again. This locked up my computer so badly that Ctl-Alt-Del wouldn't even bring up the task manager so I could shut down Avast, and clicking on the Windows Start menu wouldn't bring up the dialogue to shut down the computer. After rebooting by hitting the computer's on button, I tried to restore the file, instead of scanning it (knowing full well that nothing was wrong with it). The same thing happened - my computer locked up big time. Now how can I get this file back?  :'(

To add to the problem, I've tried changing my file system shield settings to first ask when a virus is found, but the settings won't stick. They keep reverting to "move to chest." :'(

WinXP SP3
« Last Edit: April 19, 2012, 10:17:32 PM by Oxa »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: MAJOR program dysfunction
« Reply #1 on: April 19, 2012, 10:40:22 PM »
Calm down. The file will be safe into Chest, but, please, do not uninstall avast! or the file within Chest will be automatically removed irreversible.
If it is an installation file, is there a link for us to download and check? Which is the program you're trying to install?
The best things in life are free.

Oxa

  • Guest
Re: MAJOR program dysfunction
« Reply #2 on: April 19, 2012, 10:45:47 PM »
Here is the file:
http://support.wdc.com/product/download.asp?groupid=405&sid=51&lang=en
Avast won't let me download it, and as I said,  changing the settings to "Ask first" doesn't work.

But as I explained, this is really not an issue with a false alarm; those things happen. The issue is with Avast locking up my computer when I try to restore a file from the chest and with the inability to select the settings for actions when a suspicious file is found.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: MAJOR program dysfunction
« Reply #3 on: April 19, 2012, 11:42:09 PM »
Yes, the web shield is intercepting that and the only action is abort connection. You would have to stop the web shield to be able to down load it, but the file system shield would alert when downloaded, but you can elect

Avast isn't alone in finding this at least suspect, https://www.virustotal.com/file/ff07e1e7ba41b7816138311ab5dbd40f8335dc2dbde680df9f4448c6f7de2bac/analysis/1334870394/, but the majority of detections are generic or heuristic that are more prone to FP.

On the WDBMInst.exe file not the zip, https://www.virustotal.com/file/f95c92ac1161b13d95835f4929f97a19990c0aea095ba266b754ad0bbf4cd36c/analysis/1334871014/

The zip file isn't scanned by default in the FSS, so it will download, but if you try to unpack it the FSS will alert.

So I suspect it may be an FP and I have submitted it for analysis.

- In the meantime (if you accept the risk, otherwise wait for it to be resolved, I would wait), add the full path to the file to the exclusions lists (see Note below):
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

Note: When using the Browse button it only goes down to folder level accept that. Now open the entry in the exclusions and change the \* to \WDBMInst.exe.
« Last Edit: April 19, 2012, 11:44:12 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Oxa

  • Guest
Re: MAJOR program dysfunction
« Reply #4 on: April 19, 2012, 11:52:18 PM »
Yes, the web shield is intercepting that and the only action is abort connection. You would have to stop the web shield to be able to down load it, but the file system shield would alert when downloaded, but you can elect
yada yada yada

You just don't get it, do you?  ??? Did you even read my posts? The problem is NOT:
1. that Avast reported a false positive

The problems are:
1. Trying to scan the file from within the Avast UI caused my computer to lock up;
2. Trying to restore the file from within the Avast UI caused my computer to lock up;
2. It is impossible to change the settings for the actions Avast is to take when a suspicious file is found. The settings always revert to "Move to chest" no matter what option is selected.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: MAJOR program dysfunction
« Reply #5 on: April 20, 2012, 12:13:22 AM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Nesivos

  • Guest
Re: MAJOR program dysfunction
« Reply #6 on: April 20, 2012, 12:52:21 AM »
I was able to download the file.  I scanned with with Slim Cleaner Cloud scan


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: MAJOR program dysfunction
« Reply #7 on: April 20, 2012, 01:43:36 AM »
Yes, the web shield is intercepting that and the only action is abort connection. You would have to stop the web shield to be able to down load it, but the file system shield would alert when downloaded, but you can elect
yada yada yada

You just don't get it, do you?  ??? Did you even read my posts? The problem is NOT:
<snip>

Well excuse me for even bothering.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security