Author Topic: how to interpret "results of last scan"  (Read 6158 times)

0 Members and 1 Guest are viewing this topic.

nweissma

  • Guest
how to interpret "results of last scan"
« on: August 26, 2007, 01:43:32 PM »
consider the attached..how do i interpret the "unable to scan" readings, are they significant for .bmp and .bin? and how to interpret "error occurred during.."

Offline George Yves

  • Avast √úberevangelist
  • Massive Poster
  • *****
  • Posts: 4095
  • Help you I can
Re: how to interpret "results of last scan"
« Reply #1 on: August 26, 2007, 03:16:23 PM »
We can't "consider the attached". The columns Result and Operation in your screenshot are too narrow to see their contents. Are you experienced enough to widen them or post a text file instead of an image?

May the FOSS be with you!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: how to interpret "results of last scan"
« Reply #2 on: August 26, 2007, 03:23:41 PM »
avast can't scan files that are password protected, it doesn't know the password.
There are many legitimate reasons why a file was password protected. For instance, the ones you're talking about. Lavasoft stores its data in a password-protected ZIP archives (to prevent other similar tools from messing up with them). It's really nothing to worry about - it's normal.

By examining 1) the reason given by avast! for not being able to scan the files, 2) the location of the files, you can get an idea of what program they relate to. You may need to expand the column headings to see all the text.

Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.
The best things in life are free.

nweissma

  • Guest
Re: how to interpret "results of last scan"
« Reply #3 on: August 28, 2007, 02:21:42 AM »
We can't "consider the attached". The columns Result and Operation in your screenshot are too narrow to see their contents. Are you experienced enough to widen them or post a text file instead of an image?

frankly, i never thought it necessary to read the remaining part of the results and operation columns. it's too late now because the quarantine has been cleaned. but can you instruct me how to widen theses columns?

nweissma

  • Guest
Re: how to interpret "results of last scan"
« Reply #4 on: August 28, 2007, 02:35:27 AM »
Quote
There are many legitimate reasons why a file was password protected.
how do i know the password protection is not by a malicious entity -- what prevents a malicious entity from password protecting its handiwork?

Quote
It's really nothing to worry about - it's normal.
are there other reasons - other than password protected - why avast cannot scan a file?


Quote
By examining 1) the reason given by avast! for not being able to scan the files, 2) the location of the files, you can get an idea of what program they relate to. You may need to expand the column headings to see all the text.
please instruct me how to find avast's reasons for not being able to scan, the location of the files, and how to expand the column headings.

Offline George Yves

  • Avast √úberevangelist
  • Massive Poster
  • *****
  • Posts: 4095
  • Help you I can
Re: how to interpret "results of last scan"
« Reply #5 on: August 28, 2007, 05:06:17 PM »
Quote
but can you instruct me how to widen theses columns?

In Windows you can resize almost any programme's window and some other objects (columns and rows in MS Excel, for example) using "drag-and-drop" option for your mouse.

You have two main choices:
1) Move your mouse pointer to any border of a programme's window until it (the pointer) turns into left-right or up-down arrow. Then press the left button and simply drag the window's border in the direction you wish and till the size you wish. If you widen the window, the columns inside it will widen too and you will see the hidden text.

2) Move your mouse pointer to the line between the titles of the columns in your programmes window (for example, between Result and Operation) until it (the pointer) turns into left-right arrow. Then press the left button and simply drag the window's border to the right to reveal the hidden text.

You can combine the two ways of resizing.

And I want to note that the possibility of objects resizing on the screen with the help of the mouse is one of the basic manipulations with the mouse. Till now I was sure that any user, capable to go further than simple typing in MS Word, can do it.
May the FOSS be with you!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: how to interpret "results of last scan"
« Reply #6 on: August 29, 2007, 05:59:10 AM »
It's too late now because the quarantine has been cleaned.
There is no rush to clean the Chest (Quarantine). It's safe to keep files there and even test if they were not detected as false positives.

how do i know the password protection is not by a malicious entity -- what prevents a malicious entity from password protecting its handiwork?
When it is 'decrypted' the on-access scanner should detect them. So, you'll protected. Scanning inside archives is an 'extra' protection.

are there other reasons - other than password protected - why avast cannot scan a file?
File in use, file corrupted, unknown package method, etc.
The best things in life are free.

nweissma

  • Guest
Re: how to interpret "results of last scan"
« Reply #7 on: August 31, 2007, 05:09:50 AM »
Quote
test if they were not detected as false positives.
need clarification again:how do i test for false positives?
Quote
When it is 'decrypted'
what decrypts it - can you tell me something about this decrypting mechanism? i don't recall seeing this even mentioned in the avast user manual; if it is in the avast literature then please direct me there.
Quote
Scanning inside archives is an 'extra' protection.
i infer from this statement that avast automatically unzips? what if avast encounters a compression algorithm that it is not familiar with? or what if a malware says it's zipped with one algorithm but it is actually zipped with another?

Quote
unknown package method
sorry to be a pain: what is "unknown package method"? what can i do - should i do - in those cases where avast cannot scan? are there strategies to analyze the results? what am i looking for - false positives, for example? what else might i find?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: how to interpret "results of last scan"
« Reply #8 on: August 31, 2007, 05:28:09 AM »
Quote
test if they were not detected as false positives.
need clarification again:how do i test for false positives?

Submit the file to virustotal, it's a multi engine online scanner, to see if any other av is detecting the file also.

http://www.virustotal.com/


Quote
When it is 'decrypted'
what decrypts it - can you tell me something about this decrypting mechanism? i don't recall seeing this even mentioned in the avast user manual; if it is in the avast literature then please direct me there.

The program that encrypted it. for example adaware files are encrypted and pass worded by adaware.


Quote
Scanning inside archives is an 'extra' protection.
i infer from this statement that avast automatically unzips? what if avast encounters a compression algorithm that it is not familiar with? or what if a malware says it's zipped with one algorithm but it is actually zipped with another?

Avast can upack several packers. See the packers list in the help files. If avast can not unpack the file, it will report a skipped file with a reason.

Quote
unknown package method
sorry to be a pain: what is "unknown package method"? what can i do - should i do - in those cases where avast cannot scan? are there strategies to analyze the results? what am i looking for - false positives, for example? what else might i find?

I believe that should have unknown packer.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: how to interpret "results of last scan"
« Reply #9 on: August 31, 2007, 02:19:39 PM »
need clarification again:how do i test for false positives?
This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586

what decrypts it - can you tell me something about this decrypting mechanism? i don't recall seeing this even mentioned in the avast user manual; if it is in the avast literature then please direct me there.
The program which encrypts, decrypts.
avast does not use brute force to break the encryption and scan a file. No other antivirus does this.

i infer from this statement that avast automatically unzips?
Yes.

what if avast encounters a compression algorithm that it is not familiar with?
avast reports an error like in your case, can't scan.

or what if a malware says it's zipped with one algorithm but it is actually zipped with another?
avast detects this trick while running throughout scanning.

sorry to be a pain: what is "unknown package method"?
You've wrote before... a compression algorithm that it is not familiar with.

what can i do - should i do - in those cases where avast cannot scan?
Don't worry.

are there strategies to analyze the results?
Learn avast methods and concepts, use the forum like you're doing.
The best things in life are free.