Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: TheRebel on May 16, 2009, 12:59:31 PM
-
Dear Moderator(s),
avast! free home edition is the best free anti virus software undoubtedly, but I've some problem regarding the resident protection (standard shield), (I read someone else was also facing the some problem), anyways the problem is that yesterday when i scanned Documents and Settings Folder, avast! found one threat in it, I uploaded the same file on virustotal, and the results there were 0/40, even avast! on virustotal didn't detect it as a threat.
But when i tried to move that file to virus chest, it continuously failed to do so, gave some error.
And secondly, by mistake i opened that file (double click), and avast's standard shield didn't warn me :(
So, I've two questions:
1. Y did it happen? Is avast! a little weak in moving the files to virus chest as compared to other anti viruses, coz it happened second time with me, that it couldn't move the file to virus chest.
2. If I'm running a shell extention scan or a full system scan, (we know in free version, automatic healing of the threats found is not available), so if during a scan avast! finds any virus, it gives me a warning, can't it happen that it completes it full scan and after it just give me the result and asks for action. Because during scan, if a virus is found, it doesn't scan further, until some action is taken against the threat found.
Thanks in advance :)
Regards.
-
Maybe this tutorial on how to allow viruses of all sizes can help you:
http://www.youtube.com/watch?v=jQIHPIYrGqE&feature=channel_page
-
Dear Donovansrb10,
Thanks for ur response.
But I'm facing a different problem which I've mentioned in my last post.
Regards.
-
Can you tell us exactly what the error message was?
Can you provide us with the File name and location?
Are you using a limited user account? (this may cause problems)
In answer to your second question, I will quote another:
1. These automated options are only available in the Pro version. This is a limitation of the Home (free) version that it has interactive input requirement, there have to be differences in the Home/Pro version and this is one of them, the programmers have to eat ;D
In the Home version you can check the option "Don't show this window again" when the first virus warning appears, select the "No action" button. This way, no action will be taken and you will given the results at the end of the scan (and you can perform actions from there). Over time this will become less of an issue, as the resident, on-access scanners are designed to intercept infection before it gets into your system.
- There was one suggestion to place something like the eicar virus test file at the start of the first drive to be scanned in a file like ~a-eicar.com that should soon be detected and you can do the option "Don't show this window again" when the first virus warning appears, select the "No action" button. So you should have a list of files waiting your action.
Hope this helps,
-Scott-
-
Dear spg SCOTT,
Thanks for ur response.
The virus/malware that I got was from some web site (I had set web shield paused temporarily). The threat was in Documents and settings/Local Settings/mozilla/firefox/profiles...
When I scanned that folder, a threat was detected, but on clicking "move to virus chest", it gave error access denied, and was unable to delete that file too.
When I submitted that file to virustotal, no antivirus (including avast!) detected it as a threat. And so far avast! has found 2 threats in my PC, and with both the threats same problem occured as they should have been easily moved to virus chest.
And regarding "standard shield", I clicked on that infected file, but the standard shield (was active) and didn't warn me.
I was reading the FAQs on avast website, it said Disable system retore feature if u r using windows XP or ME (and facing the same issue as I mentioned above). Y is it so?
And I'm not using a limited account.
Regards.
-
Well in normal windows mode avast (nor other AVs) can deal with access denied notifications, however, avast does have the boot-time scan (need to have admin rights to schedule it) to overcome those times and no other AV does.
It isn't unusual to not have avast detect on VirusTotal when it does so on your system. VT isn't able to update the VPS in real time as the user is and this is often the cause.
-
The 'access denied' error could be a sign that the file is in use, possibly by firefox (as it is in a firefox location)
Also without an exact filename and location (and possibly the location from where you got it) it is hard to tell
And regarding "standard shield", I clicked on that infected file, but the standard shield (was active) and didn't warn me.
This is odd, it should alert you ( I think)
-Scott-
EDIT:Ahh DavidR was quicker, yes the boot time scan will probably help. I didn't know that about VT, you learn something every day ;)
Hey I'm a Full member, When did that happen? -Is that 100 posts?
-
Yes 100 posts ;D
The standard shield and the firefox cache can be a bit of a weird scenario, as the firefox cache uses extensionless file names that are randomly generated. Some time ago on my old system I modified my standard shield settings (I can't recall which one) so that it would scan these firefox cache files.
It is probably in the Scanner (Advanced) tab, if you have the Scan Created/Modified files option checked, you will most certainly have the On;y files with selected extension (note that word) and the Default extension (that word again) set options checked.
So here we fall into an area where firefox's use of extensionless file names comes in, would they be scanned by default. Or would we have to check the All files option to have the firefox cache files scanned. Or would they come under the Scan created/modified files option ???
-
I agree there DavidR, mine is set to scan created/modified -->All files, like the second pic and if I tick the box that says show detailed info... in the advanced tab and browse a bit it tells of the scanning of ..../firefox.../profile..
Damn annoying though, think i'll leave that unchecked :)
What do you think about the standard shield not alerting on open,(especially if it thinks its a virus after a scan)?
-Scott-
-
With zero information on the file and original detection, I can't even hazard a guess.
-
I know, I said that too,
but TheRebel scanned it manually and it alerted to virus, which is where the access denied error occurred and when opened there was no alert
avast! free home edition is the best free anti virus software undoubtedly, but I've some problem regarding the resident protection (standard shield), (I read someone else was also facing the some problem), anyways the problem is that yesterday when i scanned Documents and Settings Folder, avast! found one threat in it, I uploaded the same file on virustotal, and the results there were 0/40, even avast! on virustotal didn't detect it as a threat.
But when i tried to move that file to virus chest, it continuously failed to do so, gave some error.
And secondly, by mistake i opened that file (double click), and avast's standard shield didn't warn me :(
-Scott-
-
Dear DavidR & spg SCOTT,
Thank you for ur response.
Well the infected file was in C/Documents and Settings/(my account name on computer)/Local Settings/Application Data/Mozilla/Firefox/Profiles/(some xb....default folder)/Cache
When I scanned the Cache folder by right clicking, avast! detected a threat in it, which it was unable to move to virus chest(reasons described in the above posts).
But When i (double) clicked the infected file (mistakenly), avast! standard shield didn't warn me at all.
Anywayz thank you guys for ur kind help :)
Regards.
-
The ashQuick.exe (context menu scan) is the most thorough of the scans. Once again this isn't the full path as there is no file name at the end. Check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log as that makes it easier to extract the full details of the alert.
So I don't know if you double clicked on the actual file (firefox extensionless file) or the cache folder. Here is what happens if I double click on an extensionless file in the firefox folder (nothing), see image. So the file isn't executed so there shouldn't be standard shield alert assuming it was infected.
Crucially the malware name it important too but not mentioned.
-
Dear DavidR,
The file name was not cache, it was like 2AD48.... something, and when i double clicked the file, the window (image 1(b2517) in ur post) appeared.
Regards.
-
Ah that explains it, thanks for clearing that up DavidR
-Scott-
-
Dear DavidR,
Yep, it is very much clear now.
THanks a lot :)
Regards.
-
You're welcome, Easy really, when you have the full information ;D
The file isn't executed as there is no file type, windows interrupts with what process to use, so the standard shield never gets a look in so no alert. The ashQuick.exe on the other hand is executing an on-demand scan and doesn't give a stuff if there is no file type, it gets stuck right in and scans, alerting to any infection.
So no mysteries, both ashQuick and the Standard Shield are acting as they should.
-
Dear DavidR,
yep right.
But still regarding the second problem, that why avast! is not excellent in moving the files to virus chest.
As i was reading the FAQs on avast's site, it said if r facing the problem of access denied while moving any threat to virus chest, then Disable system retore... y is it so?
Regards.
-
No, better is schedule a boot time scanning.
-
Dear Tech,
Okay. Thank you.
Regards.
-
Dear Tech,
Okay. Thank you.
Regards.
You're always welcome.
-
But still regarding the second problem, that why avast! is not excellent in moving the files to virus chest.
As i was reading the FAQs on avast's site, it said if r facing the problem of access denied while moving any threat to virus chest, then Disable system retore... y is it so?
I already answered that, not just avast but all AVs will have the same problems with protected files 'access denied' but avast at least has a means to resolve that in the form of the boot-time scan.
There really is little point asking me about what is in the FAQ as I don't work for Alwil software, so I don't know exactly why they put that there.
~~~~
A best guess though, is that this would commonly be for protected files in the system folders or restore points, so disabling system restore is an option, but there are other reasons why a file might be access denied and disabling system restore won't make a blind bit of difference to that. Which is why the boot-time scan is so useful.
-
Dear DavidR,
Thank you very much :)
Regards.
-
You're welcome.