Avast! Detecting Itself As A Threat?

[SugarD-x]

They say a picture is worth a 1,000 words...and I sure hope so, because I'm at a loss for any right now:



I woke up this morning to my Avast! Full System Scan reporting the above image. For those wondering, I'm using the latest version of Avast! Home Edition with the BSOD patch installed on Microsoft Windows 8 Pro With Media Center Pack. This is the first time I have ever seen this happen before, and I haven't installed anything new lately, visited any questionable sites, or have done anything unusual like that. Avast! scans during the night for me every day, so this has to be something brand new for me.

[DavidR]

Your scanning memory, which will give strange results.

It is seeing the virus signatures loaded by the avastsvc.exe process. There are many such topics on running memory scans.
- Detections in Memory -
My guess is that you are doing a Custom scan in which you have elected to scan Memory and that all these detections are in memory. Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently security applications loading unencrypted virus signatures into memory. Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.

[SugarD-x]

Well, I've had Avast! do full system scans daily for years, including the memory option as long as it has been there. I have never had this pop up before, which is why I'm so surprised by it. If I wake up again tomorrow and it happens again, I'll definitely bring it up, but I'm still a bit uncertain about this specifically. Your response does make a lot of sense, though.

[DavidR]

Have you modified the full system scan as the Memory scan in that (and the Quick scan) generally only monitory startup entries and modules loaded into memory. I have never had an avast detection in memory in the Quick or Full System scans, though I rarely run a full system scan as I feel it isn't really required. I would go so far as to say the Quick one isn't really required either, but I still do it weekly.

- With a resident on-access antivirus like avast, the need for frequent on-demand scans is much depreciated. For the most part the on-demand scan is going to be scanning files that would be otherwise be dormant or inert. If they were active files then the on-access file system shield would be scanning them before being created, modified, opened or executed.

I have avast set to do a scheduled weekly Quick scan, set at a time and day that I know the computer will be on. If for some reason my system wasn't on, no big deal I will catch up on the next scheduled scan.

[SugarD-x]

Have you modified the full system scan as the Memory scan in that (and the Quick scan) generally only monitory startup entries and modules loaded into memory. I have never had an avast detection in memory in the Quick or Full System scans, though I rarely run a full system scan as I feel it isn't really required. I would go so far as to say the Quick one isn't really required either, but I still do it weekly.

- With a resident on-access antivirus like avast, the need for frequent on-demand scans is much depreciated. For the most part the on-demand scan is going to be scanning files that would be otherwise be dormant or inert. If they were active files then the on-access file system shield would be scanning them before being created, modified, opened or executed.

I have avast set to do a scheduled weekly Quick scan, set at a time and day that I know the computer will be on. If for some reason my system wasn't on, no big deal I will catch up on the next scheduled scan.

I'm security-paranoid, so I have the Full System Scan run every day at 2 A.M. local time, as well as have screen-saver scans that run whenever it comes on, which isn't often. I have modified the Full System Scan to scan everything it allows me to, though, yes.

[DavidR]

Then expect to get the same sort of results.

But files that are otherwise dormant/inert and if active would be scanned by the file system shield, so I think that stretches security-paranoia to a whole different level.

The whole point of the Quick and Full System default scans, is just that default settings, so a custom scan allows for anything over and above the default settings of the Quick and Full System scans.

[mchain]

You should know that the most recent high and top testing scores Avast! achieved were done with default settings.  These results correlate with what DavdR is saying here, that deeper and more custom scans are likely to produce more false positive results and other errata.

Running with just the default settings in Avast! Free is sufficient; these settings alone perform better for total protection than many paid a/v's do.

In independent lab testing, false positive results lower the final score; they do not increase it.

There is also a benefit unseen in not scanning every day.  If Avast! should issue a definition update that will cause a false positive report on a file, it usually is fixed by the next streaming update or two; if you routinely scan, you may be more likely to fall a victim to an Avast! mistake.

Trust the program more, and worry less.  Last time I ran a quick scan was a month ago (default settings).  Clean.

A current example of a likely false positive by Avast! here:  http://forum.avast.com/index.php?topic=110809.0  and here:  http://forum.avast.com/index.php?topic=110804.0

[SugarD-x]

I trust it completely. I'm just overly-paranoid!

But in all seriousness, I always review any changes it makes since I'm on the computer pretty much every day after it finishes. I just know a lot of people who don't like me very much and love screwing with me, so it's kind of a "better safe than sorry" scenario for me. Avast! has saved my *** a few times thanks to that.

[Aventador]

Why on earth would you need to run a fulls scan everyday? Thats ridiculous. Once a month is just fine. Quick scan once a week. The real time shields detect live malware.

[DavidR]

I trust it completely. I'm just overly-paranoid!

But in all seriousness, I always review any changes it makes since I'm on the computer pretty much every day after it finishes. I just know a lot of people who don't like me very much and love screwing with me, so it's kind of a "better safe than sorry" scenario for me. Avast! has saved my *** a few times thanks to that.

The idea is that your security applications work for you when you become a slave to your security applications (or start second guessing them), you have the balance wrong, but its your system and your choice.

Avast Software has been in this game for some considerable time and has come up with a balance that provides protection at the same time as not draining system resources.

This is true of both the real-time scanning and on-demand scans, the default settings provide a good balance between balance and performance. The Quick scan is going to be scanning those files and areas more at risk of infection of infection and those that if infected present an immediate risk (.exe, .com, .dll files, etc.). The Full System Scan takes that to one level lower risk of infection and don't present an immediate risk if infected. When you modify those default scans or create a custom scan you are taking to an even lower level of importance (risk of infection or immediacy).

But it is your system and your choice.

[SugarD-x]

No worries. Thankfully my system doesn't seem to mind too much.

[SpeedyPC]

No worries. Thankfully my system doesn't seem to mind too much.

Only if you stop bashing you're PC with a hammer and stop being over paranoid

[SugarD-x]

No worries. Thankfully my system doesn't seem to mind too much.

Only if you stop bashing you're PC with a hammer and stop being over paranoid

Well, I guess I'm lucky seeing how Avast is so efficient!

[mchain]

I trust it completely. I'm just overly-paranoid!

But in all seriousness, I always review any changes it makes since I'm on the computer pretty much every day after it finishes. I just know a lot of people who don't like me very much and love screwing with me, so it's kind of a "better safe than sorry" scenario for me. Avast! has saved my *** a few times thanks to that.

The eight active scanning modules are sufficient protection for me and my purposes.  Every time one of them blocked, intercepted, quarantined, a malicious file was prevented from running at that moment in time on my system.  Prevention is key here, not forensic cleansing after the fact.  I leave the tedious bits of cleaning to the likes of essexboy and others.  Full and quick scans are pretty much useless for me, as most detections are not for live and active malware;  the only part not covered by active scanning is that of rootkits and such.  These are so rare, it is not worth the time and wear and tear on the system to run them, as it is mostly a waste of time to conduct such a search.

Is being proactive better than being reactive?  In the case of running and using Avast!, the answer would be no.  Active shields protect by preventing malicious action; system cannot be infected if malicious agent cannot run on it, same as if Windows was a Linux system, same strategy here.

No change in operative behavior from day to day means no infection.  Malware infections almost always cause changes in booting, calling and running third-party programs, system crashes, BSOD'S, etc.  There can be other causes, such as hardware issues, but if you have been hit by a malware infection, yesterday's clean scan result will be no help for you whatsoever today.