Avast gone worse with time, I dont understand what it says and I was infected.

[DavidR]

You're welcome, as you say it is stupid 'not' to ask, 'stupid' is not to ask and 'never' know.

I hope your life has calmed down a lot from last week.

[gero]

Thanks David for your personal support, my life gradually returns to normally:
i recover my wallet with the money!!! It was fallen behind my stand and I couldn't saw it. I had to go to police to cancel the robery complaint cause I saw a man walking around my house and I let open my door, so I thought that was him...
I repair my bike but two breakdowns more appear after spent 1400€ in a repair! I hate mechanics!!! Im gonna inform in intenret about do it youself.
Im still dont have a job and Im arguing with my mother but my father deposit some money in my account, thanks dad! .
I know that forum is for Avast support (not emo) only and Perhaps some people dont interest this, but writing it makes me feel better, Im human....

Back to here ill say that the reason I post what appears after 1st scan:

the file is a decompression bomb
The file RAR/ZIP is corrupted
the compressed file is protected by password
the file pointer? cant settle? in the device or file specified.

was that perhaps the virus is in one of that files avast can't scan.Can be?

[Lisandro]

the file is a decompression bomb

Decompression bomb is a file that may be rather small, but decompresses to an enormous amount of data (when processed as a packed archive). Such file are not malicious per se, but they may block an antivirus program when it tries to scan them.
This kind of files is rather hard to detect (and avoid) precisely - so, it is possible that there are some false alarms. It's not a big problem in this case, however - the "decompression bomb" announcement actually means something like "The file has a very high, maybe even suspicious, compression ratio and the AV is not going to scan the archive content".

I'd suggest to ignore these files.
But you can change values into avast4.ini file to configure how avast should work with these files. Click 'Settings' in my signature for more info 

The file RAR/ZIP is corrupted

Maybe just avast can't unpack that file. Don't worry, corrupted or not the file won't harm your system.

the compressed file is protected by password

avast can't scan files that are password protected, it doesn't know the password.
There are many legitimate reasons why a file was password protected. For instance, the ones you're talking about. Lavasoft stores its data in a password-protected ZIP archives (to prevent other similar tools from messing up with them). It's really nothing to worry about - it's normal.

the file pointer? cant settle? in the device or file [/i]specified.

I don't know this one

[gero]

The file RAR/ZIP is corrupted
Maybe just avast can't unpack that file. Don't worry, corrupted or not the file won't harm your system.

Avast unpack compressed folders before scan them? So in general how can we know if this files contain a virus? Im intrigued...
Hey! 1 month of this thread! Max time in a thread and max time infected ever!

[greyowl]

This is a very informative thread to read.

I have a question for Tech:  you mentioned a couple of apps to use and I am wondering if they are free--Trend Micro Rootkit Buster and Avast Antirootkit.  The Trend Micro app mentions registration but does not mention cost.  Neither are listed on the main sites.  I just downloaded your links.

Thanks

[Lisandro]

Avast unpack compressed folders before scan them?

I was talking about compressed files into an archive one (rar, zip, cab).
But avast can access Windows compressed folders and scan them if you want to know it.

I have a question for Tech:  you mentioned a couple of apps to use and I am wondering if they are free--Trend Micro Rootkit Buster and Avast Antirootkit.  The Trend Micro app mentions registration but does not mention cost.  Neither are listed on the main sites.  I just downloaded your links.

Both are free, I'll check if Trend Micro Rootkit policy changed...
...
Seems ok and free http://www.trendmicro.com/download/rbuster.asp

[gero]

My God! whats the difference of file and archive? Are not the same? I dont understand what your saying.. The only X-File here is the cause of the infection and how avast can scan 132 GB if I only have 120 in 2 HDs. Can these compressed files have somethinf to do? incredible..

Davidr (April 15, 2008, 09:37:21 PM- more than 1 month!  ):

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

Investigate means search info in google about the virus? I red that the chest feature was created on antivirus for some virus have caused malfunction to the system if deleted, is it true?

If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

But I dont want to let it there all the time not? Sometime i will have to erase them!

To neiby:

No antivirus is invincible. Don't blame Avast! for you getting infected. Blame your own unsafe browsing practices.

what you mean with unsafe browsing practices? visit webs with shocking content like porn or fight videos? In this case I've to admit that sometime i visit one. Who not? Im a single man and sometimes visiting webs like this are a good way to let off of the stress created by a stressing society (traffic, work, parents or wife..). It must to be some kind of outlet of so much stress. Let's face it, we're adults. In Japan or America there are specializaed companies that sees to this, thay have rooms in with destructable things can be broken, Ive saw in TV. Precisely yesterday I found this web in wich anybody can let off the steam in honar to Mdouglas movie Falling Down (in spanish): http://www.undiadefuria.org/.
That's why internet its so vast, intriguing and amazing, for the great variety of its contents, some are good and some bad/dangerous, like the world. But imagine that you do a travel to a jungle, and in this travel you want to RISK to go into a dangerous part of the jungle, so you ask for a weapon and go into. A lion suddenly surprise you and when you fire your weapon this don't work so you get harmed. Obviously it is your fault to enter this part of the jungle but you wouldnt blame the weapon for not work in that moment? Think about it. I think in it like your walking across the street or going to disco and you view a group of suspiciuous guys at the entrance, you will go back home thinkin "oops is dangerous enter here"? Noo, you want to enjoy yourself so you enter! 

[neiby]

All I was saying was that if you're getting infected this many times, it's probably for downloading things from the Internet. I was referring more to the emule files you mentioned earlier. If you download executables on purpose, you're bound to get infected at some point. I don't download executables and I have never been infected. The last time I even got a virus warning was years ago and it as from a website that had been hijacked. Web Shield blocked it.

[DavidR]

Investigation means google as one to get some idea of what the information about the file name, not malware name as there is no standardisation of naming and you will generally get more information based on the file name. You will probably see that it is associated with different malware names (because there is no standardisation of naming).

Investigation may also mean reporting it here and uploading to somewhere like virustotal to get not just a second opinion but 31 other scanners checking the file for infection.

The chest (or quarantine in other AVs) is primarily there to stop anything accessing the infected file, but it gives the opportunity to do other things, like restore it if found to be a bad detection, where deletion is final. Which leads on to when do you delete from the chest.

You didn't quote the full text because it states leave it in the chest for a few weeks (I believe). Then you follow the text you quoted, then scan again if it is still infected then delete them from chest.

This is normally what I post:

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

[gero]

All I was saying was that if you're getting infected this many times,

Do you read my first post? This is the first time I got infected in 2 years! And I dont changed my browsing habits, i entered susicious webs before.

it's probably for downloading things from the Internet. I was referring more to the emule files I mentioned earlier. If you download executables on purpose, you're bound to get infected at some point. I don't download executables and I have never been infected. The last time I even got a virus warning was years ago and it as from a website that had been hijacked. Web Shield blocked it.

I use emule to download films difficult to find in Spain (I buy/rent DVDs too) and music. But now that you say it some films you download with a name and when you play it appear a porn movie (fakes). Can be this fakes have a virus? Some times before plying this shit shows a windows saying "donloading rights blblba " and ask me for register and put my email and when closing the window and WM Player a web porn appear informing me about register and Pay ways. When this app is downloading this "rights" caan be downloading a virus? Im tired of this cause its difficult to know when you download one of this fakes, and appears several times. I dontt usually download programs executables as I prefer to download it directly from the author web to avoid precisely this:virus.
But, anyway there isnt a spefic p2p module to avoid that?


David: I was wanting to say what to do if chest DONT detect the file as a virus.

[MiguelAngelXP]

TO THE MODS : MAYBE THIS IS OFF TOPIC SUBJECT, BUT PLEASE LEAVE IT

I agree with gero in some points about browsing practices, browsing in some sites can be like an escape valve for a stressing job or just because you're a lonely person, they're plenty of reasons, but also they are inherently a cultive virus.  So what can we do, the less dangerous tging we might do is go to a cybercafe, ask for closed cabin , download our dangerous material, copy to our pen drive, comeback home, scan our open drive and voilà. Or the best secure thing, all we have a friend that has that kind of material and ask him a copy.

Thanks

Kindly regards
MiguelAngelXP 

[oldman]

[qoute]<snip?the less dangerous tging we might do is go to a cybercafe, ask for closed cabin , download our dangerous material, copy to our pen drive, comeback home, scan our open drive and voilà.<snip>[/quote]

A very common method of infection. Pendrives+cybercafe=autorun infection.

[MiguelAngelXP]

[qoute]<snip?the less dangerous tging we might do is go to a cybercafe, ask for closed cabin , download our dangerous material, copy to our pen drive, comeback home, scan our open drive and voilà.<snip>

A very common method of infection. Pendrives+cybercafe=autorun infection.
[/quote]

You got a point yes, but IMHO at home you scan you pen drive. Don't you ??. Sometimes I have get my hands soiled to get I want, and thus I don't compromise my data, and in fact I first check if in that cybercafe has a antivirus software

Kindly regards
MiguelAngelXP 

[MiguelAngelXP]

TO THE MODS : MAYBE THIS IS OFF TOPIC SUBJECT, BUT PLEASE LEAVE IT

I agree with gero in some points about browsing practices, browsing in some sites can be like an escape valve for a stressing job or just because you're a lonely person, they're plenty of reasons, but also they are inherently a cultive virus.  So what can we do, the less dangerous thing we might do is go to a cybercafe, ask for closed cabin , download our dangerous material, copy to our pen drive, comeback home, scan our open drive and voilà. Or the best secure thing, all we have a friend that has that kind of material and ask him a copy.

Thanks

Kindly regards
MiguelAngelXP 

[Lisandro]

My God! whats the difference of file and archive? Are not the same?

File is a single one, like .doc, .xls, .txt.
Archive is a set of files, compressed. Usually .zip, .cab, .arj are archive files.