Author Topic: avast! 4.6 Home - user interface error (Read 3692 times)

JasonD · « **on:** September 09, 2005, 03:10:21 PM »

Hi, I am new to the program. I am in the middle of a virus scan, which has found the "Win32:Beagle-gen1 [Mail]" virus in the Deleted Items.dbx file (my Outlook Express delete items folder). Of course, I am not going to delete or move the file, since it may contain emails I'd like to refer to in the future. So, I thought if I could find more information about the virus (such as what the typical subject or body contains), I could find the specific email that contains it, and delete it manually. So, I clicked on "More info..."

However, "More info..." does not take me to a place that describes the virus. It brings me to a report form to be filled out. This is the same result as clicking the "Fill in our virus report to help us improve avast!..." It is possible to have the "More info..." button link to a place that contains information about the virus (i.e. http://www.avast.com/eng/win32beagle.html in this case), rather than have the user need to perform a manual search? The program would be far easier to use. I assume this is what was intended.

(Regarding the report form, I cannot answer "Did you remove the virus on your own?" when the answer to the previous question "How did you get rid of the virus?" is "I didn't succeed in removing it. I am still searching for a solution.")

(edit: spelling correction)

Eddy · « **Reply #1 on:** September 09, 2005, 03:20:53 PM »

"Deleted Items.dbx file" "since it may contain emails I'd like to refer to in the future"
LOL, you always put mails you want to keep in the trash can?

Quote

could fine more information about the virus

GOOGLE can tell you all you want to know.

Too my knowledge, Avast can remove a infected mail from a dbx and leave the rest as it is.
If Avast does so, depends ofcourse on how you told Avast to behave when something is found.

JasonD · « **Reply #2 on:** September 09, 2005, 03:44:57 PM »

Eddy, thanks for your reply.

I do not place emails I want to keep in the deleted items folder. There has been more than a few times I have referred to mail in the trash for reasons totally unexpected, and I can only assume that this may happen again in the future. I can not give you any real examples, since I do not recall why I have ever had to do this. Any reasons in the future will likely be totally unexpected, as well. For example, it may have something to do with an acquaintance needing information that was sent to me that was not important to me, but became important to him. There are 1,000's of possible reasons. I am not going to attempt to list them. Just know that this data may be needed in the future. Just imagine the annoyance of millions of people if the deleted items folder did not exist, and all mail was permanently deleted upon deletion. Or if there were no recycle bin. These things exist for a reason...

Yes, Google does return all I want to know. I am capable of finding the information manually, as I have shown with that URL in my post. This is irrelevant to the fact that the "More info..." button is broken. The point is that this button could lead you conveniently to the information you want, as the button implies it will do.

I have instructed avast! to remove the virus from the dbx file, and it cannot do so. The error message is vague, along the lines of it not being able to process the file.

JasonD · « **Reply #3 on:** September 09, 2005, 05:24:06 PM »

Quote from: JasonD on September 09, 2005, 03:10:21 PM

I am in the middle of a virus scan, which has found the "Win32:Beagle-gen1 [Mail]" virus in the Deleted Items.dbx file (my Outlook Express delete items folder).

I just used the FxBeagle.exe W32.Beagle removal tool available from:
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle@mm.removal.tool.html

It found no results:

Perhaps avast! is producing a false positive?

Also, I have a little DOS program that I compiled way back in 1993 to change the 80x25 text mode into 80x50 (so I wouldn't have to use the mode con: lines=50 command each time), and avast! believes it has the HLLP-3238 [Trj]. I highly doubt this is the case...

Here is my virus chest:

Should I email these files to avast! from the Virus Chest?
What action is recommended to help improve the product?

igor · « **Reply #4 on:** September 09, 2005, 07:32:07 PM »

Did you try to compact the .dbx file (it's called "Compress folders", or something like that, in Outlook Express)? It may help, regarding the Deleted Items.dbx infection.

The detection of the mode-switching DOS program is indeed suspicous, it seems like a false positive. You can submit the file directly from the Chest. Or (maybe slightly better, if possible) you can pack the file into ZIP or RAR archive, protected with a password, and send it to virus@avast.com, with a short description. Thanks.

JasonD · « **Reply #5 on:** September 09, 2005, 09:11:28 PM »

igor, thanks for your reply.

_____________________
1.

Outlook Express compacts folders automatically every once in a while when I exit OE. So, it has been compacted many times in the past, before that initial scan. I just compacted all folders manually, and ran another scan (Quick Scanner) on just this file. It fired 5 alarms:

Deleted Items.dbx\Forum notify.eml#90212\PartNo_0#36938086 ......... Win32:Beagle-gen1 [Mail]
Deleted Items.dbx\Forum notify.eml#90212 ......... Win32:Beagle-gen1 [Mail]
Deleted Items.dbx\Banking Mail From Citibank.eml#1946384\PartNo_0#3153810195 ......... Phish-Bankfraud1-Troj [Htm]
Deleted Items.dbx\Banking Mail From Citibank.eml#1946384 ......... Phish-Bankfraud1-Troj [Htm]
Deleted Items.dbx ......... Win32:Beagle-gen1 [Mail]

This is unlike the full system scan (on thorough setting), which only fired one alarm:

Deleted Items.dbx ......... Win32:Beagle-gen1 [Mail]

It appears as though the Quick Scanner is actually checking each individual piece of email within the .dbx file, where as the thorough system scan did not. Is this correct?

In any case, Avast! recommends moving the file into the Virus Chest, on each alarm. I have done so on the first four, but not on the last. Why? Because it appears it will move the entire .dbx file into the chest, which I do not want to do - I want to keep the deleted items that are not infected. I have made a backup copy of the .dbx file to test this out, and this is the case... Perhaps the program could be more cautious on such a file, and not recommend to have it moved to the chest?

In any case, after I have moved the first 4 alarms into the Chest, I checked the file again, and no viruses were found.

_____________________
2.

I had emailed the mode-switching DOS program (50.EXE) to you from the Virus Chest before I read your note above. I did include a description of the program with the email.

But, just in case the above isn't sufficient, I emailed you the .ZIP file like you said. I also included 40.exe and 80.exe which are two similar programs - almost identical to 50.exe - which Avast! does not trigger an alarm for. I thought this would help resolve the problem.

_____________________
3.

(P.S. Regarding the forums, the default setting is to NOT receive an email notification for replies to topics that you start yourself. Since I had posted this topic before changing my preferences, I had to manually check for replies until I made a reply myself. I thought I'd mention this in case no one was aware.)

Author Topic: avast! 4.6 Home - user interface error (Read 3692 times)

JasonD

avast! 4.6 Home - user interface error

Eddy

Re: avast! 4.6 Home - user interface error

JasonD

Re: avast! 4.6 Home - user interface error

JasonD

Re: avast! 4.6 Home - user interface error

igor

Re: avast! 4.6 Home - user interface error

JasonD

Re: avast! 4.6 Home - user interface error