Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Oxa on April 19, 2012, 10:04:05 PM

Title: MAJOR program dysfunction
Post by: Oxa on April 19, 2012, 10:04:05 PM: Avast detected a virus on my external hard drive. It was a false alarm. I've had that installation file on my hard drive for ~8 years and no program, including Avast, has ever detected anything wrong with it. But that's not my problem. After Avast detected the "malware," it moved it to the chest, and I have been unable to restore it. In the Avast UI, I went to Maintenance>Virus Chest, highlighted the file, and asked Avast to scan it again. This locked up my computer so badly that Ctl-Alt-Del wouldn't even bring up the task manager so I could shut down Avast, and clicking on the Windows Start menu wouldn't bring up the dialogue to shut down the computer. After rebooting by hitting the computer's on button, I tried to restore the file, instead of scanning it (knowing full well that nothing was wrong with it). The same thing happened - my computer locked up big time. Now how can I get this file back? :'(

To add to the problem, I've tried changing my file system shield settings to first ask when a virus is found, but the settings won't stick. They keep reverting to "move to chest." :'(

WinXP SP3
Title: Re: MAJOR program dysfunction
Post by: Lisandro on April 19, 2012, 10:40:22 PM: Calm down. The file will be safe into Chest, but, please, do not uninstall avast! or the file within Chest will be automatically removed irreversible.
If it is an installation file, is there a link for us to download and check? Which is the program you're trying to install?
Title: Re: MAJOR program dysfunction
Post by: Oxa on April 19, 2012, 10:45:47 PM: Here is the file:
http://support.wdc.com/product/download.asp?groupid=405&sid=51&lang=en
Avast won't let me download it, and as I said, changing the settings to "Ask first" doesn't work.

But as I explained, this is really not an issue with a false alarm; those things happen. The issue is with Avast locking up my computer when I try to restore a file from the chest and with the inability to select the settings for actions when a suspicious file is found.
Title: Re: MAJOR program dysfunction
Post by: DavidR on April 19, 2012, 11:42:09 PM: Yes, the web shield is intercepting that and the only action is abort connection. You would have to stop the web shield to be able to down load it, but the file system shield would alert when downloaded, but you can elect

Avast isn't alone in finding this at least suspect, https://www.virustotal.com/file/ff07e1e7ba41b7816138311ab5dbd40f8335dc2dbde680df9f4448c6f7de2bac/analysis/1334870394/ (https://www.virustotal.com/file/ff07e1e7ba41b7816138311ab5dbd40f8335dc2dbde680df9f4448c6f7de2bac/analysis/1334870394/), but the majority of detections are generic or heuristic that are more prone to FP.

On the WDBMInst.exe file not the zip, https://www.virustotal.com/file/f95c92ac1161b13d95835f4929f97a19990c0aea095ba266b754ad0bbf4cd36c/analysis/1334871014/ (https://www.virustotal.com/file/f95c92ac1161b13d95835f4929f97a19990c0aea095ba266b754ad0bbf4cd36c/analysis/1334871014/)

The zip file isn't scanned by default in the FSS, so it will download, but if you try to unpack it the FSS will alert.

So I suspect it may be an FP and I have submitted it for analysis.

- In the meantime (if you accept the risk, otherwise wait for it to be resolved, I would wait), add the full path to the file to the exclusions lists (see Note below):
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

Note: When using the Browse button it only goes down to folder level accept that. Now open the entry in the exclusions and change the \* to \WDBMInst.exe.
Title: Re: MAJOR program dysfunction
Post by: Oxa on April 19, 2012, 11:52:18 PM: Quote from: DavidR on April 19, 2012, 11:42:09 PM
Yes, the web shield is intercepting that and the only action is abort connection. You would have to stop the web shield to be able to down load it, but the file system shield would alert when downloaded, but you can elect
yada yada yada

You just don't get it, do you? ??? Did you even read my posts? The problem is NOT:
1. that Avast reported a false positive

The problems are:
1. Trying to scan the file from within the Avast UI caused my computer to lock up;
2. Trying to restore the file from within the Avast UI caused my computer to lock up;
2. It is impossible to change the settings for the actions Avast is to take when a suspicious file is found. The settings always revert to "Move to chest" no matter what option is selected.
Title: Re: MAJOR program dysfunction
Post by: polonus on April 20, 2012, 12:13:22 AM: Here given as benign: http://zulu.zscaler.com/submission/show/b3d31f4e7dce768425b08e7992adaf61-1334873530

polonus
Title: Re: MAJOR program dysfunction
Post by: Nesivos on April 20, 2012, 12:52:21 AM: I was able to download the file. I scanned with with Slim Cleaner Cloud scan

(http://3.bp.blogspot.com/-3r0MuZiA2e8/T5CWasb17HI/AAAAAAAAAHQ/UF7U2AmoopU/s1600/ScreenHunter_01+Apr.+19+15.47.jpg)
Title: Re: MAJOR program dysfunction
Post by: DavidR on April 20, 2012, 01:43:36 AM: Quote from: Oxa on April 19, 2012, 11:52:18 PM
Quote from: DavidR on April 19, 2012, 11:42:09 PM
Yes, the web shield is intercepting that and the only action is abort connection. You would have to stop the web shield to be able to down load it, but the file system shield would alert when downloaded, but you can elect
yada yada yada

You just don't get it, do you? ??? Did you even read my posts? The problem is NOT:
<snip>

Well excuse me for even bothering.