Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Lars-Erik on February 29, 2004, 02:21:29 PM
-
A friend of mine (using Outlook) got a virus in the mail, and even though she did not start it she got a warning (that's good). BUT when she tried to delete og repair the file she gets a "unable to process" (or something) mesage, and the virus-warning reappear. I got the same problem myself a while back (when I accidentally clicked a attachement). It seems like the mail-program is locking the file, and avast! is not able to access it. And this is not a good situation (you got a virus trying to start, and can't delete it). We tried stopping the mail program (to free the file-lock) but of course avast! is preventing any actions (freezing Windows).
Any ideas?
-
Is it Outlook Express or full Outlook? What is the operating system, and most importantly, what is the name of the virus?
Was the infected file wrapped in an archive (e.g. ZIP)?
thanks
-
Full Outlook, preview on
Windows 98se
It was win32:Netsky-B[Wrm]
Filname: textfile.exe
-
Can you run a scan at boot-time? ::)
Sorry, I did not read you are using the 98...
Can you use the avast! Cleaner (standalone application)?
-
Technical, this won't help - it's in the Outlook store.
What you could do is let the message be delivered and then delete it... But I understand this is not exactly what you wanted to hear... :-\
What was the name of the virus, again? (If you remember)
Does this happen often, or it only happened once?
Did she react immediately after she saw the virus warning (e.g. try the button 'Delete') or did she first call you -- I'm asking because it may be a timing thing -- if the warning is on the screen for a longer period of time, some extra actions are taken to prevent lockups...
-
When doing a full scan after boot no viruses was found. Then she started Oulook again (still with preview on :-) and looked at the message again - virus warning again :-) BUT this time she was allowed to delete the virus attachment!
Seems like there is a problem when a process on the computer is locking the file. Can avast! do somthing to "unlock" the file before trying to delete/clean it ?
(btw: I'll try to help her setting up mail scanning, she's
obviously only running normal file scanning right now)
-
I posted a message further up with the details :-)
She called me first (they always do :-)
-
But isn't Internet Mail module better than Outlook/Exchange?
As i understand this Internet Mail catches virus at entry point (as soon as downloaded from mail server,Outlook/Exchange catches it when it already enters the system and stores itself in Outlook mailbox files (mail archive). And localhost can be also set for Outlook as for any mail client. Or am i wrong somewhere?
-
BTW: Found the posting a while ago where I had some similar problems. The URL for the post is:
http://forum.avast.com/index.php?board=2;action=display;threadid=2068;start=msg14145#msg14145
-
Lars, to see what is locking (using) the file, try this nice and small application: http://mstsoftware.com/Files/mstIsUsedBy13e.exe
It's perfect to see what is locking the file (but your system could not be 'lock' at that time, of course...) ;)
-
OK. If it happends again I'll try it. But still, could avast! be made to forcefully unlock the file when it contains a virus?
-
I don't think the 'locking theory' is correct. While the virus warning is on the screen, the file should be somewhere in the %TEMP% folder, with a name in the form AvOxxxx.tmp (xxxx is some number). You can check if it's there, and if it's locked or not...
-
But was it then the problem? As you saw in the link I had a similar problem. And sometimes avast! can delete the infected file OK, sometimes not (just a message that it's unable to access the file, and if you then click OK you get a new virus warning). For a novice user it a TERRIBLE situation to get a virus-warning and not beeing able to neither delete, repair or move to chest. You really don't want to clik OK on a virus-warning message box :-((((
-
But was it then the problem? As you saw in the link I had a similar problem. And sometimes avast! can delete the infected file OK, sometimes not (just a message that it's unable to access the file, and if you then click OK you get a new virus warning). For a novice user it a TERRIBLE situation to get a virus-warning and not beeing able to neither delete, repair or move to chest. You really don't want to clik OK on a virus-warning message box :-((((
Lars is correct Vlk, in my opinion.
Sometimes I had the same situation even with eicar.com test file... We cannot delete the temporary file and the user feeling is to be unprotected, left behind by the av :'(
-
Try turning preview pane off, then delete the file/message.
-
If the file locking is the problem:
1) Is it possible for avast! to "unlock" the file before trying to delete, repair or move it
2) KILL the process locking the file (that IS possible) if the file is locked - and then delete, repair or move it - to be sure that the infection is dealt with. If it's infected the issues with killing a process is a minor issue (my opinion anyway).
3) Or at least; give the user a possibility at the "unable to access file" to KILL the application locking the file, and then try again (with some explanation about what to do).
-
Vlk, seriously, if avast! for DOS is 'out' (see http://forum.avast.com/index.php?board=1;action=display;threadid=2989;start=0#msg21393), it's a pitty that the user cannot have any other chance to get rid from virus...
I do not think that the Cleaner is a panaceia but, why doesn't the Cleaner run in a DOS environment or handle the same virus as avast! for Windows?
-
I do not think that the Cleaner is a panaceia but, why doesn't the Cleaner run in a DOS environment or handle the same virus as avast! for Windows?
The Cleaner is a tool that has a special piece of code for each virus, to clean up its registry entries, temporary files, etc. This requires special processing of each virus (more thorough than just adding the detection to avast!; besides it has to distinguish more variants than avast!) - I'm afraid I won't be able to add all the avast! detected viruses in the following 1000 years (even if no new viruses were added to avast!).
Cleaner doesn't run in DOS environment, because it's not a DOS program. In fact, making it a DOS program would require to rewrite most of its code. Besides, you don't have access to the windows registry from DOS - i.e. fixing the registry entries (which was one of the main reasons to create the Cleaner) would not be possible.