Error:42111 When Trying To Quarantine .Class Files Within A .Dat File Within .7z

[goodjohnjr]

Hello,

I have a .Dat file that has one or more Java Exploits in it that I compressed in/to a .7z file, Avast Free can detect it as malware but fails to quarantine it (the .Class files that it detects within the .Dat file as malicious) during an on-demand scan and during a boot-scan with the Error:42111 saying that this operation is not supported for this type of archive; but programs like AVG Free, Emsisoft Anti-Malware Free, Microsoft Security Essentials can quarantine this file without a problem.



I am curious are there plans to make Avast Free able to quarantine these file types/archives in the future?

Here is the VirusTotal result of the entire file which is the .Dat file compressed in .7z:

https://www.virustotal.com/file/7dd6ec033f8ebfdabc5121869866e2b8c86223e7d75b843f58e57f1c294e84bb/analysis/1341683499/

SHA256:    7dd6ec033f8ebfdabc5121869866e2b8c86223e7d75b843f58e57f1c294e84bb
SHA1:    f473005fee07f505a3664ab4767c4cf64af56bcf
MD5:    511ef886e1f71a744873f0b9dc47a833
File size:    11.8 KB ( 12084 bytes )
File name:    58ea3e2-77f428fd.7z
File type:    7ZIP
Detection ratio:    21 / 42
Analysis date:    2012-07-07 17:51:39 UTC ( 0 minutes ago )

A while back one or more Java exploits were detected on my computer, and so I managed to save one of the files & I compressed it in/to .7z to submit it to various anti-malware companies; the file above is that file, and the one that Avast can detect but not quarantine.

Avast Free Program Version: 7.0.1456
Avast Free Database: 120707-0

Malwarebytes Anti-Malware Free Results:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.07.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
[administrator]

7/7/2012 3:59:26 PM
mbam-log-2012-07-07 (15-59-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 220440
Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Emsisoft Anti-Malware Free Scan/Quarantine Results Of The File:

Emsisoft Anti-Malware - Version 6.6
Last update: 7/7/2012 3:46:54 PM

Scan settings:

Scan type: Custom Scan
Objects: C:\Users\\Desktop\58ea3e2-77f428fd.7z
Scan archives: On
ADS Scan: On

Scan start:   7/7/2012 4:14:27 PM

C:\Users\\Desktop\58ea3e2-77f428fd.7z -> 58ea3e2-77f428fd.dat -> jmennvlywkscqdbp\cuyaafacktruqsfqkjk.class    detected: Java.CVE!E2
C:\Users\\Desktop\58ea3e2-77f428fd.7z -> 58ea3e2-77f428fd.dat -> jmennvlywkscqdbp\phnupm.class    detected: Exploit.MS04.CVE-2004-0210-2012-0507!E2
C:\Users\\Desktop\58ea3e2-77f428fd.7z -> 58ea3e2-77f428fd.dat -> jmennvlywkscqdbp\twtndqmjecgs.class    detected: Exploit.-!E2
C:\Users\\Desktop\58ea3e2-77f428fd.7z -> 58ea3e2-77f428fd.dat    detected: Exploit.-!E2

Scanned   1
Found   4

Scan end:   7/7/2012 4:14:33 PM
Scan time:   0:00:06

C:\Users\\Desktop\58ea3e2-77f428fd.7z -> 58ea3e2-77f428fd.dat -> jmennvlywkscqdbp\twtndqmjecgs.class   Quarantined Exploit.-!E2

Quarantined   1

Thank you,
-John Jr

[Pondus]

and how does these other AV quarantine it....do they unpack and quarantine.....or do they quarantine the hole archive ?


have you checked the settings here....also see help file in lower right corner.......see screenshot 8
http://www.softpedia.com/progScreenshots/Avast-Home-Edition-Screenshot-6474.html


Malwarebytes will not detect.....as it does not scan archives   
http://forums.malwarebytes.org/index.php?showtopic=107405
http://forums.malwarebytes.org/index.php?showtopic=57242

[goodjohnjr]

and how does these other AV quarantine it....do they unpack and quarantine.....or do they quarantine the hole archive ?


have you checked the settings here....also see helpfile in lower left corner.......see screenshot 8
http://www.softpedia.com/progScreenshots/Avast-Home-Edition-Screenshot-6474.html


Malwarebytes will not detect.....as it does not scan archives   

Hello Pondus,

I am not sure exactly how they quarantined it since I no longer have my logs for them, except for Emsisoft Anti-Malware Free (which I still have installed), I copied & pasted the log so that you can see. (Yeah, Malwarebytes can not scan these types of archives, but I reported this file to them in the past though)

I knew about the Processing Of Infected Archives Settings (I tried all three but it still does not work) and I have All Packers Set To Be Extracted (but it still does not work), and I have went through all/most of the settings, I have all my on-demand settings set high & the resident settings set slightly higher than default; but it still does not work, thanks for the screenshots though (I glanced at all of them ).

[goodjohnjr]

I am guessing that the Avast Team fixed the problem or something, because today Avast was able to quarantine the file(s), thank you very much and thank you Pondus.