Deleted files, no log?

[fkj]

Hi,

I just made a full scan og my HD, and when I was done, I had 1,4 Gb more space

I think I know what happened. Before the scan I had approx. 1,4 Gb in my C:\_RESTORE folder. Now it's a few Mb. (I use Win ME)

While scanning it found a virus in some (maybe all) .cab files in C:\_RESTORE\ARCHIVE, I chose to repair all files, but why did it delete them? It also found another virus in a .zip fil and this was not deleted.

I would like it to repair files if it can and quarantine if not. And I would like it to continue for all files in the scan. After the scan I would like to see a log of what it found and what it did do.

Also, the log (not the one that's shown after a scan) doesn't show anything (i.e. it's empty), and I have played around with eicar fake virus file. Why is that?

~Frank

[igor]

What you write is rather strange...

First, are you saying the avast found a virus in a big number of .cab files? That's suspicious... what was the virus name? (and an example of the .cab name)?

Second - I think that the files within the _RESTORE folder cannot be deleted - Windows would not permit it. I.e. I sort of doubt avast! could delete the files - to me it looks like Windows deleted the files themselves, for some reason (though I could be wrong, of course). Didn't you turn off the system recovery feature or played with the "recovery points" (or whatever it's called)?

As for the log (I guess you mean "report", right) - do you have the "report file creation" switched on in the program settings? What log file are you looking at?
Besides, how exactly did you "play around" with eicar?

[Lisandro]

fkj, just few more questions:

1. What version of avast! you are using? Home or Professional?

2. How do you perform the scan: by Single User Interface (skin) or by a task into Enhanced User Interface.

3. How is avast! set (Virus Page) to handle the virus into Enhanced User Interface: what actions is avast! allowed to do with them?

4. avast! won´t be able to delete a file into recovery folder of ME (access denied). Disabling the recovery feature could help. But more than this, what virus and what files bring you trouble?

[fkj]

Hi guys, and thanks for your time

I'm using the home edition, and hence the simple interface.

Here are some stuff from the report:
-----
c:\_RESTORE\ARCHIVE\FS138.CAB\A0817136.CPY [L] Win32:CIH-Monaa (0)
c:\_RESTORE\ARCHIVE\FS138.CAB\A0817137.CPY [L] Win32:CIH-Monaa (0)
c:\_RESTORE\ARCHIVE\FS138.CAB\A0817141.CPY [L] Win32:CIH-Monaa (0)
c:\_RESTORE\ARCHIVE\FS138.CAB\A0817148.CPY [L] Win32:CIH-Monaa (0)
c:\_RESTORE\ARCHIVE\FS138.CAB\A0817149.CPY [L] Win32:CIH-Monaa (0)
During the file repair, error occurred: The file was not repaired.
During the file repair, error occurred: The file was not repaired.
During the file repair, error occurred: The file was not repaired.
During the file repair, error occurred: The file was not repaired.
During the file repair, error occurred: The file was not repaired.
-----

As you can see, virus is called Win32:CIH-Monaa, But I can't find any information about it...?

My sytem was running a bit low on disk space (approx. 250 Mb), so maybe windows deleted the files when it ran out of disk space, while unpacking some files?

As for the log, i do not mean the report from the "on demand scanner", which I have turned on, but a log from the "on access scanner", which I thought should be in the "avast! log viewer". I downloaded the eicar test file, clicked on it, mailed it to myself, just to see how the program works, but still nothing in the "log viewer".

~Frank

[Lisandro]

Hi guys, and thanks for your time

I'm using the home edition, and hence the simple interface.

Here are some stuff from the report:
-----
c:\_RESTORE\ARCHIVE\FS138.CAB\A0817136.CPY [L] Win32:CIH-Monaa (0)
c:\_RESTORE\ARCHIVE\FS138.CAB\A0817137.CPY [L] Win32:CIH-Monaa (0)
c:\_RESTORE\ARCHIVE\FS138.CAB\A0817141.CPY [L] Win32:CIH-Monaa (0)
c:\_RESTORE\ARCHIVE\FS138.CAB\A0817148.CPY [L] Win32:CIH-Monaa (0)
c:\_RESTORE\ARCHIVE\FS138.CAB\A0817149.CPY [L] Win32:CIH-Monaa (0)
During the file repair, error occurred: The file was not repaired.
During the file repair, error occurred: The file was not repaired.
During the file repair, error occurred: The file was not repaired.
During the file repair, error occurred: The file was not repaired.
During the file repair, error occurred: The file was not repaired.
-----

As you can see, virus is called Win32:CIH-Monaa, But I can't find any information about it...?

My sytem was running a bit low on disk space (approx. 250 Mb), so maybe windows deleted the files when it ran out of disk space, while unpacking some files?

Probably yes. Why don't you disable the system restoring and run a full scan of avast! to see what is going on?

As for the log, i do not mean the report from the "on demand scanner", which I have turned on, but a log from the "on access scanner", which I thought should be in the "avast! log viewer". I downloaded the eicar test file, clicked on it, mailed it to myself, just to see how the program works, but still nothing in the "log viewer".

~Frank

Log viewer has less functionality than the reports (see the files at report folder of avast: C:\...\Avast\Data\Report).

[igor]

Yes, I think that's quite a likely scenario - if you were running out of disk space, Windows deleted some files from the _RESTORE folder. It could be caused indirectly by avast! - if it was unpacking some archives to scan their content, it used some space for the temporary files.

I think there is a little misunderstanding here - the Log Viewer displays various important avast! "runtime events" - such as errors occurred. It's meant for troubleshooting - checking what went wrong.
However, it doesn't display the "results" of the scanning - that's what the report files is for. The report files (either TXT or XML files, according to the settings) are not "viewed" using the Log Viewer.

[Lisandro]

I think there is a little misunderstanding here - the Log Viewer displays various important avast! "runtime events" - such as errors occurred. It's meant for troubleshooting - checking what went wrong.
However, it doesn't display the "results" of the scanning - that's what the report files is for. The report files (either TXT or XML files, according to the settings) are not "viewed" using the Log Viewer.

No, igor, I don't think so... Look at WISHLIST, Log viewer has indeed a poor functionality: why don't Log Viewer stores all the logs, just the one choosed by the user? It's always empty for the most of users...  :'(

[igor]

Well, as I understand the Logs store information about unusual events / errors. So, having an empty log means that everything is working as it should...

[Lisandro]

Well, as I understand the Logs store information about unusual events / errors. So, having an empty log means that everything is working as it should...

Thank you igor, you give a k@rma! But, could you give me one too and, more than this, could you answer my question?
why don't Log Viewer stores all the logs, just the one choosed by the user?  

[igor]

I don't understand the question much... are you asking why it is configurable, i.e. why the user is free to decide what he/she wants to store?

[Lisandro]

I don't understand the question much... are you asking why it is configurable, i.e. why the user is free to decide what he/she wants to store?

No, I want all logs stored simultaneously and not just one  
Windows events are stored this way...

[igor]

I believe avast! events are stored this way... I may be wrong of course, but I rather think we're talking each about different things maybe

[Lisandro]

I believe avast! events are stored this way... I may be wrong of course, but I rather think we're talking each about different things maybe

No, we are talking about the same... Is it posible that never I saw any log into Log Viewer? As you say, it stores and displays various important avast! "runtime events" - such as errors occurred. It's meant for troubleshooting - checking what went wrong...

I never saw any log, not Emergency, not Alert, not Critical, not Error, not Warning and not Info... Maybe I'm a lucky guy  

I just have Notice log!

[fkj]

It's a bit confusing  

Ok, I get the report, it's for the an demand scanner, and thats just fine, but what is the log viewer for? And where can I se a log/report from the an access scanner?

~Frank

[Lisandro]

It's a bit confusing  

Ok, I get the report, it's for the an demand scanner, and thats just fine, but what is the log viewer for? And where can I se a log/report from the an access scanner?

~Frank

Sorry for the 'confusing' terms. Igor explained what is the Log viewer for:
Displays various important avast! "runtime events" - such as errors occurred. It's meant for troubleshooting - checking what went wrong.

The reports, however, display the "results" of the scanning.

The access scanner is reported at Resident Protection.txt file, that is stored - as all other reports - at the default folder C:\Program files\...\Avast\Data\Reports, for instance:

* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Wednesday, September 24, 2003 6:17:05 PM

Although, the report does not include the accessed files...