Hello,
thank you for the notification. Do you think you could attach here or send me with an email (krahulik@avast.com) the bootcache files, so our virus lab could investigate them, please? What is your's OSX version?
1) If the file is considered as infected, it would be chested with a File System Shield again. To disable the File System Shield:
# Make sure the filesystem is mounted in read-write mode:
/sbin/mount -wu /
# Edit filesystem shield to disable it, e.g.:
echo "ENABLED=0" > ''/Library/Application Support/Avast/config/com.avast.fileshield.conf"
2) There's a command-line utility distributed with Avast Antivirus handling chest operations
# List the chested files
"/Library/Application Support/Avast/components/chest/com.avast.chest" -I
2 chest items:
Information about chest item ID=08336D6A
file path: /Users/krahulik/Mac_test/VirusesNonMaccpy/eicar2.diet
file size: 2125
last changed: 2014-03-14 11:59:47
insertion time: 2014-03-20 11:04:42
infection: EICAR Test-NOT virus!!!
comment:
Information about chest item ID=5BF463C5
file path: /Users/krahulik/Mac_test/VirusesNonMaccpy/eicar.zip
file size: 186
last changed: 2014-02-28 13:59:23
insertion time: 2014-03-20 11:20:48
infection: EICAR Test-NOT virus!!!
comment:
# Restore the chested file
"/Library/Application Support/Avast/components/chest/com.avast.chest" -r -x 08336D6A
Chest item '08336D6A' extracted from the chest
Thank you in advance,
Martin