Avast Files Marked as Threat Detected!

[Pholover]

Hi all, so I ran a scan and two avast files are detected as threats.  I'm not sure what action to take with them so if you could advise that would be great.
I' have attached a screenshot of what i'm seeing.

[DavidR]

Well the malware name HTML:Script-inf doesn't really gel with the actual files, as they aren't html files. So I can't even understand how the association would be made, e.g. a script tag inserted into an html file (which is basically want that malware name is saying).

What scan were you running ?
As given the file names these wouldn't normally be scanned in a Quick or possible even in a Full System Scan.

So most certainly an FP, send the samples to avast for correction:
Send the sample to avast as a False Positive:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. A link to this topic wouldn't hurt.

What avast version are you using 5.0.x or 6.0.X as the folder location is ALWIL Software\..., which related to older versions of avast. If you are on avast 6, but updated from the avast 5 user interface, the old locations would have been retained. A clean install of avast 6 would have given Avast Software\...

Whilst that shouldn't be a problem, it is just useful information, as I certainly haven't had any detections on my other system avast 6 on win7 netbook.

[Pholover]

Hi David,

I first ran a quick scan and it detected it immediately with PUP enabled, but I didn't know how long that might take so I turned off PUP scan and then I did a Full Scan to finish and it detected those files.

I tried to move the files to chest by clicking Apply and it gave an error that the process cannot complete because the file is in use (of course).  Thus I couldn't report the files.

I'm using Avast 6.0.1367 the latest I'm sure on WinXP SP3.  It's Avast Free edition.

[DavidR]

The avast self defence would also be protecting them.

You should do as suggested and manually add the file to the chest (it is just copying them not removing them) so the self-defence should allow that, if not temporarily disable the self-defence and add to the chest. Then submit to the labs.

[Pholover]

Ok I've submitted them to the labs and referenced this thread.  Let's see what happens.

[jsejtko]

Hello,

The MailShield works little bit different in case of identifying scanned entities. They are identified by the email subject in the logs (not a filename as usual). And that's the problem in this case, because malicious subject contains script tag pointing to malware domain in your log.

This is a little glitch I'm reporting to the programmers so the will 'sanitize' logged email subjects . You can simply ignore that files in the chest and remove them

Anyway, thank you for reporting this behavior.

Best Regards
Jiri Sejtko

[DavidR]

Is that the same for the Log.db file also (wouldn't think that it is directly related to the mail shield) ?

EDIT: interestingly  can't find this in the C:\Program Files\AVAST Software\Avast folder in either avast6 or avast7 beta on my winXP Pro and win7 netbook systems, respectively.

[Pholover]

I'm wondering the same thing.  If that applies to Log.db.

Also I ran a scan again yesterday and it picked up the two files again.  It requested for a restart to do boot scan as the first time I skipped it.  So I did run that scan then 4 more infected files were found related to Java and some other .exe file program.  I find that odd because shouldn't it have picked this up on the full scan?  It's like I never know if I'm really infected now without doing a boot scan which seems to pick up more.  Can someone explain why that happens?