where can i find this option?

[dragonboy]

i want avast to be able to move infected files automatically to chest or delete but couldn't find that option. can someone help me?

[DavidR]

These advanced automated options are only available in the Pro version.

You only have a limited option in the Home (free) version, to send the infected file to the virus Chest (silent mode, with general answer no, see below).

My own feeling on this is you should use the default interactive action. This way you know exactly what is going on with your system. If you are getting so many warnings, that you want to automate this process, I believe you should review your security practice - filter emails at source, delete from server rather than download them, review the sites they visit, etc.

See the avast help file, Resident Protection: Standard Shield Provider Settings - "Advanced" Page.
Click on Standard Shield and then on Customize.
Go to Advanced tab and select Silent Mode and the General answer No.

Leave the file in the chest for a week or two (it can do no harm from there) to ensure no adverse effect from being moved to the chest. Then scan the file again in the chest to ensure it is still detected as infected and if so delete it from the chest.

[dragonboy]

thanks for the info. unfortunately the scanning process takes up a lot of time and i was just trying to leave avast running overnight.

[DavidR]

You don't mention what the settings or type of scan you are trying to do ?

However, I suspect it is a Thorough scan with Archives enabled (see below). Once you have overcome this initial hurdle of the first thorough scan, the resident scanners should keep the malware from getting on to the system, this will mean thee is less of a likelihood of detecting a virus on the on-demand scans.

Archive (zip, etc.) files are by their nature are inert, you need to extract the files and then you have to run them to be a threat. Long before that happens avast's Standard Shield should have scanned them and before an executable is run that is scanned. Thorough is also by its design very thorough and perhaps a little overkill for routine use, were a Standard scan without archives should be adequate.

I have only ever done a through scan with archives once shortly after installation just to ensure a clean start state, but with XP for example avast will do a boot-time scan after installation if you select it, this I believe will be quicker and reasonably effective. Like everything in life things are a compromise.

[dragonboy]

yes i was using thorough scan. I have in fact all protection settings on HIGH level but yet was able to find a virus after a recent thorough scan. I'm going to disable system restore & do a scan once again. I'd rather be taking a longer time to do a throuogh scan than to risk not picking up something it should.

[DavidR]

I have standard shield set to the default, Normal and no problems, I don't have a slow system, but High can for some compromise performance. High has no effect on a number of providers, Network Shield, P2P Shield and Instant Messaging (I believe).

With the update of VPS signatures, new detections can be expected on occasion. However, it is important to confirm all detections, by investigation, especially if it wasn't previouslt detected after a thorough scan.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a week or two. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

[dragonboy]

i'm not front of my computer and don't recall the filename but it was in the System restore folder. I either deleted it or moved it & restarted the computer, did a full scan and found something again. Not sure if it was the same file or not. I recall one of them being either "iexplorer.exe" or "iexplore.exe". But i can't remember which file avast picked up. My guess would be the one with the "r" since iexplore.exe is just the IE. I don't know how it is possible that avast would pick up the IE file as a virus.

[DavidR]

That is the problem of dealing with infections in the system folders, if system restore isn't disabled at the time, a restore point is created, saving a copy of the file. Any time you use system restore in the future it could restore that infected file.

The c:\System Volume Information folder is a part of the system restore function and as such is protected by windows, the only way to clean infected _restore points is to disable system restore and reboot. This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.
Win XP-ME - How to disable System Restore

When you get to your system check the avast Log Viewer (right click the avast icon), Warning section, this should contain all the relevant information.

[dragonboy]

this is my recent log, do these look like real threats? why was iexplore.exe picked up as a virus?


9/10/2006 3:11:53 PM   SYSTEM   780   Sign of "Win32:Small-BJR [Trj]" has been found in "http://www.googlecaches.com/install/crack.exe" file. 
9/26/2006 12:28:21 AM   SYSTEM   868   Sign of "Win32:Adloader-DQ [Trj]" has been found in "C:\Documents and Settings\Eric Tong\Local Settings\Temp\drsmartload1118a.exe.nb4.tmp" file. 
11/7/2006 8:26:00 PM   SYSTEM   1044   Sign of "Win32:MicroJoiner-C [Trj]" has been found in "D:\torrent\Usenext_client.rar\Usenext_client.scr" file. 
11/13/2006 9:23:21 PM   Eric Tong   1308   Sign of "Win32:Small-CER [Trj]" has been found in "C:\Documents and Settings\Eric Tong\Local Settings\Application Data\Identities\{E8565914-4018-435F-86F1-C70B31D0FF73}\Microsoft\Outlook Express\Deleted Items.dbx\Re- I ts me.eml#19383932\KODAK_FOTO_DC009.zip#110695288\KODAK_FOTO_DC009.JPG__________________________________________________________________jpg.exe\[FSG]" file. 
11/13/2006 9:30:21 PM   Eric Tong   1308   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll" file. 
11/13/2006 9:38:46 PM   Eric Tong   1308   Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP312\A0025330.exe" file. 
11/13/2006 9:39:15 PM   Eric Tong   1308   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP313\A0025412.dll" file. 
11/14/2006 1:06:37 AM   SYSTEM   1424   Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011. 
11/14/2006 1:06:37 AM   SYSTEM   1424   An error has occured while attempting to update. Please check the logs. 
11/14/2006 1:58:32 AM   SYSTEM   952   Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011. 
11/14/2006 1:58:33 AM   SYSTEM   952   An error has occured while attempting to update. Please check the logs. 
11/14/2006 6:12:00 AM   SYSTEM   952   Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011. 
11/14/2006 6:12:00 AM   SYSTEM   952   An error has occured while attempting to update. Please check the logs. 
11/14/2006 6:26:48 PM   SYSTEM   952   Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011. 
11/14/2006 6:26:49 PM   SYSTEM   952   An error has occured while attempting to update. Please check the logs. 
11/15/2006 1:03:42 AM   Eric Tong   3240   Sign of "Win32:VB-BLW [Trj]" has been found in "c:\windows\iexplore.exe" file. 
11/15/2006 1:04:32 AM   Eric Tong   2976   Sign of "Win32:VB-BLW [Trj]" has been found in "c:\windows\iexplore.exe" file. 
11/15/2006 1:57:06 AM   Eric Tong   3080   Sign of "Win32:VB-BLW [Trj]" has been found in "C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP315\A0025621.exe" file. 

[Lisandro]

this is my recent log, do these look like real threats?

Yes... they look like. You should:

1) Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405
2) Clean your temporary files.
3) Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
4) Use a-squared, Free AVG Antispyware, SUPERantispyware or Spyware Terminator (trojan removers).

why was iexplore.exe picked up as a virus?

Because the clean one is on C:\Program Files\Internet Explorer\iexplore.exe

[DavidR]

Yes the detections look OK but see below if you want to check them out, assuming you didn't delete them.

The problem with files in system folders, when moved/deleted, etc. unless system restore is disabled a copy of the file is saved in a restore point of the C:\System Volume Information folder.

The c:\System Volume Information folder is a part of the system restore function and as such is protected by windows, the only way to clean infected _restore points is to disable system restore and reboot. This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.
Win XP - How to disable System Restore

The usual location for iexploer.exe isn't the windows folder, mine is in the C:\Program Files\Internet Explorer\ and C:\WINDOWS\ServicePackFiles\i386 folders.

If you are in any doubt about a detection you can check it out, that is why deletion isn't a good first option.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.

@ Tech
Welcome back.

[Lisandro]

@ Tech Welcome back.

Thanks 
In fact, a litlle off-topic, but I could walk fast and will be able to run soon... my leg is getting better and better. Thanks God