« previous next »
Pages: [1]   Go Down

Author Topic: File found possitive in boot scan but not when scanned normally, a bug?  (Read 4388 times)

0 Members and 1 Guest are viewing this topic.

argos

  • Guest
File found possitive in boot scan but not when scanned normally, a bug?
« on: May 27, 2010, 06:09:16 PM »
I have downloaded several days ago the installation file of an older version of tightvnc. To be precise:
tightvnc-1.3.10-setup.exe (MD5:88088d2a94bb936049b301119cb0a8a3)

Today i schedule a boot-time scan. That showed the above file to be infected with Win32:PUP-gen. I ignored it and when boot-time scan finished (boot scan also found 3 files corrupted and nothing else), i tried to scan this individual file and it showed no thread. Why? Some kind of avast bug? or maybe i have some other not detected virus that interferes with avast scanning procedure?

I think it has to be some kind of strange behavior from avast, probably a false positive on boot-time scan but why only on boot scan?   
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37697
  • F-Secure user
Re: File found possitive in boot scan but not when scanned normally, a bug?
« Reply #1 on: May 27, 2010, 06:25:12 PM »
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html
 
 - A PUP (potentially unwanted program) is a program that may be unwanted, despite the possibility that users consented to download it.
PUPs include spyware, adware, and dialers, and are often downloaded in conjunction with a program that the user wants. 

Quote
I think it has to be some kind of strange behavior from avast, probably a false positive on boot-time scan but why only on boot scan?
not 100% sure but scanning for PUP is not sett by deafult, but it may be in bootscan......



VirusTotal - tightvnc-1.3.10-setup.exe - 6/41
http://www.virustotal.com/analisis/9a6f155bf8e34853a388724cf28408ce5105a614cad24832a187752e03725610-1274933215
« Last Edit: May 27, 2010, 06:28:21 PM by Pondus »
Logged

argos

  • Guest
Re: File found possitive in boot scan but not when scanned normally, a bug?
« Reply #2 on: May 27, 2010, 07:26:31 PM »
Thanks for replying

Quote
Quote
I think it has to be some kind of strange behavior from avast, probably a false positive on boot-time scan but why only on boot scan?
not 100% sure but scanning for PUP is not sett by deafult, but it may be in bootscan......

Actually that was my first thought and i changed the option on "select folder to scan" (Scan PUP:on). But it still didn't find anything. After your post just to be sure i tried it again after i reboot the pc (in case that was needed in order to apply the new scanning option) but yet nothing was found.

May b there is some kind of cache in avast that could explain that? Anyway i understand there is no problem on my pc so it's ok with me, so i just write this in case there is some bug in avast
Logged

randunyogo

  • Guest
Re: File found possitive in boot scan but not when scanned normally, a bug?
« Reply #3 on: May 28, 2010, 12:55:34 AM »
The boot-time scan has better detection than the regular scans because it allows you to scan your computer for infections before the operating system has started and before a virus can be activated. But in this case, it's probably a false positive. Virustotal reports 6 of 41 AVs detected it.

Quote from: Pondus on May 27, 2010, 06:25:12 PM
VirusTotal - tightvnc-1.3.10-setup.exe - 6/41
http://www.virustotal.com/analisis/9a6f155bf8e34853a388724cf28408ce5105a614cad24832a187752e03725610-1274933215
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37697
  • F-Secure user
Re: File found possitive in boot scan but not when scanned normally, a bug?
« Reply #4 on: May 28, 2010, 01:38:25 AM »
Quote
But in this case, it's probably a false positive. Virustotal reports 6 of 41 AVs detected it.
It is detected as PUP / Riskware. Not all virus programs will scan for this

Quote
The boot-time scan has better detection than the regular scans because it allows you to scan your computer for infections before the operating system has started and before a virus can be activated
as far as i know, boot scan will not give better detection only better removal

quote:
Avast Antivirus offers a "boot time" virus scan of your PC. This allows the antivirus engine to scan all of the files on your hard drive before any other programs load - useful in cases where you have an infection which cannot be cleaned because the "file is in use"

If boot scan is the holy grale to better detection, why does not every antivirus vendor use it   ???

« Last Edit: May 28, 2010, 01:48:21 AM by Pondus »
Logged

argos

  • Guest
Re: File found possitive in boot scan but not when scanned normally, a bug?
« Reply #5 on: May 28, 2010, 05:56:30 PM »
Quote
The boot-time scan has better detection than the regular scans because it allows you to scan your computer for infections before the operating system has started and before a virus can be activated

That was my main concern: The case where my pc is infected by a virus which avast cannot detect and this virus doesn't allow avast to scan files properly. Ok that could explain the fact that boot time scan detect the not dangerous PUP threat while regular scan couldn't, but that's not likely the case because my pc works as normal as always. I can think of only 2 alternatives:
a. for some reason boot time scan has a different behavior compare to regular scan (if so, why?), or
b. in scanning procedure avast uses some cache and because my first regular scan of the file was clean (since i had PUP scan unchecked) it didn't rescan it even though i changed scanning options (if that's the case i guess that's a bug)
Logged
Pages: [1]   Go Up
« previous next »