Avast WEBforum
Other => General Topics => Topic started by: wardjus1 on November 18, 2008, 11:03:49 PM
-
I have a problem...
Recently we switched from Norton to Avast.
My problem is that Avast moved my 007 Spy Software to the Virus Chest.
When I try and open the program (which used to open on it's own)
it says "Windows can not access the specified device, path, or file. You may not have the appropriate permissions to access the item"
Avast says that the file is infected with a Wrm.
In the past with other antivirus software I have had to exclude this program.
My problem is that I have attempted to restore and exclude this program from the
search. And I am still getting the Windows can not access.... message.
What am I doing wrong?
Can I restore my program?
It is still in the folder where it should be.
Thanks!
-
Maybe you need to disable Hide protected operating system files (http://www.xtra.co.nz/help/0,,4155-1916458,00.html) and enable View hidden files and folders (http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp) to manage the file(s).
As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.
After that, boot and try to restore the file that is into Chest.
Also, I do recommend:
1) Remove NAV or Norton 360 through Add/Remove programs from Control Panel. Boot.
2) Use Norton Removal Tool for Windows 2000/XP/Vista (http://fileforum.betanews.com/detail/Norton_Removal_Tool_for_Windows_2000XPVista/1169144666/1) or Norton Removal Tool for Windows 98/Me (http://fileforum.betanews.com/detail/Norton_Removal_Tool_for_Windows_98Me/1169144666/2). Boot.
3) Install avast! (or repair the installation) and boot.
The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
-
Maybe you should read the following before allowing that software to run:
http://www.kephyr.com/spywarescanner/library/007spysoftware/index.phtml (http://www.kephyr.com/spywarescanner/library/007spysoftware/index.phtml)
-
Until you mentioned it in this topic I have never heard of 007 spy software, I tend to steer clear of the unknown or exotic. Now I know it is meant to be an invisible keylogger, not so invisible that avast doesn't find it and believe it is malware (on to that later).
As for getting the error I'm not surprised, if you sent it to the chest, etc. it wouldn't be in the original location so windows wouldn't find it or could it be down to the protection of 007 spy blocking access to its file/folder ???
Don't forget avast doesn't do anything autonomously it scan and alerts to infected files, you choose the action from the list of options.
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (C:\Program Files\Alwil Software\Avast4\ashLogV.exe), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe
Clue, the full path and file name are what you need to enter into both exclusions lists to get the program to work.
add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions (right click the avast ' a ' icon)
####
You should check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451 (http://forum.avast.com/index.php?topic=34950.msg293451#msg293451), how to report it to avast! and what to do to exclude them until the problem is corrected.
-
007 Spy Software
Parental control?
Better will be www.k9webprotection.com
-
***
I do not think this is a program you would want on your computer. From this ScanDoo/google search ...
http://g.s.scandoo.com/search?hl=en&meta=on&q=007+spy+software ... click the image below to enlarge.
***
-
Thanks for the info on 007...
I actually bought it about 4 years ago.
It works great for the purpose I bought it.
I didn't have the file excluded properly.
I did have to re download it as one of it's log
files was missing and it had an error.
http://www.virustotal.com/analisis/62eeee6710f55c016682fa2984978757
Thanks!
-
For me that would be conclusive, there is enough suspicion surrounding it for me to get rid of it.
It isn't unusual to not have avast detect on VirusTotal when it does so on your system. VT isn't able to update the VPS in real time as the user is and this is often the cause. Remember the point of submitting it to VT is to see what the other scanners find. So that would also another detection to the others.
-
wardjus1, as you can see, other antivirus complain about it also.
avast on virus total is not as update as in your computer.