quick scan found far more viruses than normal scan

[gnwd]

today, I downloaded a viruses pack. but to my great surprise, the quick scan method found more virused than normal scan.

plz see the figures below: the first one is the result of normal scan.

[igor]

That's interesting, indeed. Can you send me (by PM) a link to this package, if it's downloadable somewhere?
Thanks.

[igor]

I'm unable to simulate that big difference with the package you sent me.

Yes, the Standard scan detected less (3492) files than the quick one (3735), but that can be explained. The Quick scan, selecting the files to scan only by file extensions, detected some of the .zip archives both inside (i.e. the real unpacked content), and outside (i.e. the parent ZIP file - the malware inside was probably "stored", so the plaintext was visible in the original ZIP without unpacking). The Standard scan, inspecting the real file type, ignored the outer ZIP archive (and scanned only the unpacked content).
So, during the Quick scan, some files were actually detected twice - therefore the bigger number.

[gnwd]

Normal scan report: we can see a lot of "skipped".

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on 2006年7月14日 11:11:59
* VPS: 0628-4, 2006-07-13
*

D:\temp\atozvirus\a.zip\a204.zip\A204.COM\ah.com [E] File was skipped because of scanner settings. (42016)
D:\temp\atozvirus\a.zip\a204.zip\A204.COM [E] File was skipped because of scanner settings. (42016)
D:\temp\atozvirus\a.zip\a204.zip [E] File was skipped because of scanner settings. (42016)
D:\temp\atozvirus\a.zip\a_204.zip\A_204.COM [E] File was skipped because of scanner settings. (42016)
D:\temp\atozvirus\a.zip\a_204.zip [E] File was skipped because of scanner settings. (42016)
D:\temp\atozvirus\a.zip\aaron.zip\AARON.COM [E] File was skipped because of scanner settings. (42016)
D:\temp\atozvirus\a.zip\aaron.zip [E] File was skipped because of scanner settings. (42016)
D:\temp\atozvirus\a.zip\ab-429.zip\AB-429.COM [E] File was skipped because of scanner settings. (42016)

[gnwd]

I will reinstall avast and see what will happen

[gnwd]

After reinstallation. I got the same results of igor.

Anyone can give me some explanation about the log file above. Why were so many .com files skipped?

[igor]

That's odd - the .COM files certainly should not be skipped... for the ZIP files (e.g. a204.zip), it's OK, but not for COM (such as a204.zip\A204.COM\ah.com).

It works as expected for me... OK, I'm using the latest internal build, but I don't think it can make any difference.
So, it was a Standard Scan with Archive scanning enabled, using the skinned Simple User Interface? Do you have any custom exclusions in program settings?

[gnwd]

Basically, I kept all settings by default. Since I have reinstalled avast home edition, the strange situation can't be reproduced again.


BTW, windows 2000, avast home edition 4.7.844, the default music player style interface.

After reinstallation, I have tried to turn on/off the simple user interface before test. The test results showed it's none of the bussiness of interface...

 

[avvidro]

today, I downloaded a viruses pack.

Hello, I am not belong to avast team, but anyway, please could you post or send by personal message (to avvidro) the link of this package?

Thanks in advance.

[DavidR]

Neither am I a member of the Alwil team and this is an anti-virus support forum and not a virus distribution service. So I personally don't think this link should be displayed on a publicly available forum, nor would I advise sending it to someone you don't know. Regardless of how well intentioned their purpose might appear to be you just don't know them.

This is not meant as any slight on avvidro or his intention, just a general security precaution.