Avast WEBforum

Consumer Products => Avast Mac Security => Topic started by: REDACTED on January 04, 2017, 05:08:52 PM

Title: infection detected during scan but no details in scan report
Post by: REDACTED on January 04, 2017, 05:08:52 PM
Hello:

I've run two full scans (Full System Scan/Scan whole files) on my mac (OS 10.6.8  ) and Avast says I have two infected files each time. When I check the report, there are no details (file name, malware name), so I have no information on the files, nor do I have the option of deleting them or moving them to the chest. Could anyone help with this one? I haven't been able to find anything on the forums, or google, and tech support only can help windows users.

Thanks!
 
Title: Re: infection detected during scan but no details in scan report
Post by: tumic on January 05, 2017, 12:11:55 PM
Do you really mean infected files?! Aren't those two files "unable to scan" files? Infected files are always shown
in the report, "unable to scan" files can be displayed using the context menu (right mouse button click).

In any case, a screenshot would be helpfull.
Title: Re: infection detected during scan but no details in scan report
Post by: REDACTED on January 05, 2017, 05:02:44 PM
Hello Tumic:

Thanks for the reply. Avast does say they are infected. I get the red popup after the scan indicating and infection, and I see in red the number "2" in the report. This is the first time I've had this issue. In past, I got all the information on infections, and therefore the option of either trashing or dumping in the chest the files. I do have lots of "unable to scan" files in orange in my reports.   

I don't have access to this computer, and have had it powered down since getting the scan results. I'll get a screenshot over once I get access to the computer again.

Thanks
Title: Re: infection detected during scan but no details in scan report
Post by: REDACTED on January 10, 2017, 05:19:02 PM
Hello:

Here is a screen shot of the scan report. This is exactly what I've been getting. I didn't already move anything into the trash or chest.

(http://i.imgur.com/wefGJ9i.jpg)

Thanks for any help!


(wrong picture uploaded- made a correction. the above picture is now correct)
Title: Re: infection detected during scan but no details in scan report
Post by: tumic on January 13, 2017, 10:10:31 AM
Hmm, this looks really like a GUI bug. Can you please run a scan from the command line:

Code: [Select]
scan /
so we can see, what the infected files are? (Note, that like the "find" command, "scan" prints
out only infected files, so it may look like nothing is happening. And of course, the scan will take as long
as a full system scan from the GUI)
Title: Re: infection detected during scan but no details in scan report
Post by: REDACTED on January 13, 2017, 09:20:44 PM
Thanks Tumic:

I will get on this. Sorry for the simple question, but would I just open terminal, and then type in "scan /" followed by return?

Thanks!
Title: Re: infection detected during scan but no details in scan report
Post by: tumic on January 16, 2017, 04:41:23 PM
Yes.

You can find more info about the command in its manual page ("man scan").
Title: Re: infection detected during scan but no details in scan report
Post by: REDACTED on February 16, 2017, 07:38:34 PM
Hi Tumic:

I just ran the command in the terminal as you instructed. I'd have done it a long time ago, but realized it had been too long since I backed up everything, so that took a little time. I didn't mean to take so long to get back to you about this.

Looking at the terminal, I get the following types of warnings:

File name too long (twice)
Compressed file is too big to be processed (twice)
LHA archive is corrupted (fourteen times)
Not a directory (three times)
Compressed file is too big to be processed (eight times)
Archive is password protected (lots and lots)
ARJ archive is corrupted (three times)
Compressed file is too big to be processed
HA archive is corrupted
[edit this was a typo]
DEB archive is corrupted (three times)
OLE archive is corrupted (twice)

and finally, some decompression bomb messages:

avast: /System/Library/PrivateFrameworks/MediaKit.framework/Versions/A/Resources/MKDrivers.bundle/Contents/Resources/bootroot.loader|>bootroot.loader.dmg: The file is a decompression bomb

iPod/iPod131.pkg/Contents/Resources/iPod131.pax.gz|>iPod131.pax: The file is a decompression bomb
iPod131.dmg|>iPod/iPod131.pkg/Contents/Resources/iPod131.pax.gz: The file is a decompression bomb
iPod131.dmg: The file is a decompression bomb

As far as I can tell from other forum posts, the decompression bomb warning isn't necessarily an indication of anything serious? Do the other types of warning seem ok? I'd like to double check these with you, as I did get in the GUI report 2 infections, and the preceding red popup indicating an infection. Before this, I had run some scans that turned up some other issues, but I was able to either put those files in the chest, or delete them. I ended up deleting the files, and then ran another set of three scans. And it was these three scans where I got the 2 infections detected warnings, but no option to put these in the chest, or delete them, which is why I started this threat to begin with. Sorry for all that additional information, I don't think I mentioned it before.

Thanks!
Title: Re: infection detected during scan but no details in scan report
Post by: tumic on February 17, 2017, 03:22:37 PM
Hi,
There is nothing suspicious in the report. All the packer warnings are quiet common as
some archives have a very loose format so it is hard to decide whether a file contains such
archive or not (Avast tries to uncompress whatever looks like an archive).

The packer bombs are most often only files with extraordinary high compression ratio, and
no malicious files. In your case, this is IMHO the case.
Title: Re: infection detected during scan but no details in scan report
Post by: REDACTED on February 17, 2017, 05:23:22 PM
Hi Tumic:

Thank you very much for all your help and your quick replies. I hope I can ask just one final question if I may? In future, if I get the same issue of an infection warning but with no information in the report (using the GUI), I should do the following: run the scan again from the terminal, examine what the warnings are, and if they are the same, I can reasonable assume there are no actual infections on my machine?

Thanks