Author Topic: Moving the threat to Virus Chest:  (Read 10755 times)

0 Members and 1 Guest are viewing this topic.

TheRebel

  • Guest
Moving the threat to Virus Chest:
« on: May 16, 2009, 12:59:31 PM »
Dear Moderator(s),

avast! free home edition is the best free anti virus software undoubtedly, but I've some problem regarding the resident protection (standard shield), (I read someone else was also facing the some problem), anyways the problem is that yesterday when i scanned Documents and Settings Folder, avast! found one threat in it, I uploaded the same file on virustotal, and the results there were 0/40, even avast! on virustotal didn't detect it as a threat.

But when i tried to move that file to virus chest, it continuously failed to do so, gave some error.

And secondly, by mistake i opened that file (double click), and avast's standard shield didn't warn me :(

So, I've two questions:

1. Y did it happen? Is avast! a little weak in moving the files to virus chest as compared to other anti viruses, coz it happened second time with me, that it couldn't move the file to virus chest.

2. If I'm running a shell extention scan or a full system scan, (we know in free version, automatic healing of the threats found is not available), so if during a scan avast! finds any virus, it gives me a warning, can't it happen that it completes it full scan and after it just give me the result and asks for action. Because during scan, if a virus is found, it doesn't scan further, until some action is taken against the threat found.

Thanks in advance :)

Regards.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Moving the threat to Virus Chest:
« Reply #1 on: May 16, 2009, 03:09:33 PM »
Maybe this tutorial on how to allow viruses of all sizes can help you:
http://www.youtube.com/watch?v=jQIHPIYrGqE&feature=channel_page
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

TheRebel

  • Guest
Re: Moving the threat to Virus Chest:
« Reply #2 on: May 16, 2009, 04:26:32 PM »
Dear Donovansrb10,

Thanks for ur response.

But I'm facing a different problem which I've mentioned in my last post.

Regards.

spg SCOTT

  • Guest
Re: Moving the threat to Virus Chest:
« Reply #3 on: May 16, 2009, 04:38:20 PM »
Can you tell us exactly what the error message was?
Can you provide us with the File name and location?

Are you using a limited user account? (this may cause problems)


In answer to your second question, I will quote another:
1. These automated options are only available in the Pro version. This is a limitation of the Home (free) version that it has interactive input requirement, there have to be differences in the Home/Pro version and this is one of them, the programmers have to eat ;D

In the Home version you can check the option "Don't show this window again" when the first virus warning appears, select the "No action" button. This way, no action will be taken and you will given the results at the end of the scan (and you can perform actions from there). Over time this will become less of an issue, as the resident, on-access scanners are designed to intercept infection before it gets into your system.

- There was one suggestion to place something like the eicar virus test file at the start of the first drive to be scanned in a file like ~a-eicar.com that should soon be detected and you can do the option "Don't show this window again" when the first virus warning appears, select the "No action" button. So you should have a list of files waiting your action.


Hope this helps,

-Scott-

TheRebel

  • Guest
Re: Moving the threat to Virus Chest:
« Reply #4 on: May 16, 2009, 04:50:11 PM »
Dear spg SCOTT,

Thanks for ur response.

The virus/malware that I got was from some web site (I had set web shield paused temporarily). The threat was in Documents and settings/Local Settings/mozilla/firefox/profiles...

When I scanned that folder, a threat was detected, but on clicking "move to virus chest", it gave error access denied, and was unable to delete that file too.

When I submitted that file to virustotal, no antivirus (including avast!) detected it as a threat. And so far avast! has found 2 threats in my PC, and with both the threats same problem occured as they should have been easily moved to virus chest.

And regarding "standard shield", I clicked on that infected file, but the standard shield (was active) and didn't warn me.

I was reading the FAQs on avast website, it said Disable system retore feature if u r using windows XP or ME (and facing the same issue as I mentioned above). Y is it so?

And I'm not using a limited account.

Regards.



Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Moving the threat to Virus Chest:
« Reply #5 on: May 16, 2009, 05:09:43 PM »
Well in normal windows mode avast (nor other AVs) can deal with access denied notifications, however, avast does have the boot-time scan (need to have admin rights to schedule it) to overcome those times and no other AV does.

It isn't unusual to not have avast detect on VirusTotal when it does so on your system. VT isn't able to update the VPS in real time as the user is and this is often the cause.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

spg SCOTT

  • Guest
Re: Moving the threat to Virus Chest:
« Reply #6 on: May 16, 2009, 05:13:25 PM »
The 'access denied' error could be a sign that the file is in use, possibly by firefox (as it is in a firefox location)

Also without an exact filename and location (and possibly the location from where you got it) it is hard to tell

And regarding "standard shield", I clicked on that infected file, but the standard shield (was active) and didn't warn me.

This is odd, it should alert you ( I think)

-Scott-


EDIT:Ahh DavidR was quicker, yes the boot time scan will probably help. I didn't know that about VT, you learn something every day ;)
Hey I'm a Full member, When did that happen? -Is that 100 posts?
« Last Edit: May 16, 2009, 05:18:23 PM by spg SCOTT »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Moving the threat to Virus Chest:
« Reply #7 on: May 16, 2009, 05:36:11 PM »
Yes 100 posts ;D

The standard shield and the firefox cache can be a bit of a weird scenario, as the firefox cache uses extensionless file names that are randomly generated. Some time ago on my old system I modified my standard shield settings (I can't recall which one) so that it would scan these firefox cache files.

It is probably in the Scanner (Advanced) tab, if you have the Scan Created/Modified files option checked, you will most certainly have the On;y files with selected extension (note that word) and the Default extension (that word again) set options checked.

So here we fall into an area where firefox's use of extensionless file names comes in, would they be scanned by default. Or would we have to check the All files option to have the firefox cache files scanned. Or would they come under the Scan created/modified files option ???
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

spg SCOTT

  • Guest
Re: Moving the threat to Virus Chest:
« Reply #8 on: May 16, 2009, 06:09:21 PM »
I agree there DavidR, mine is set to scan created/modified -->All files, like the second pic and if I tick the box that says show detailed info... in the advanced tab and browse a bit it tells of the scanning of ..../firefox.../profile..

Damn annoying though, think i'll leave that unchecked   :)

What do you think about the standard shield not alerting on open,(especially if it thinks its a virus after a scan)?


-Scott-


Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Moving the threat to Virus Chest:
« Reply #9 on: May 16, 2009, 06:11:35 PM »
With zero information on the file and original detection, I can't even hazard a guess.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

spg SCOTT

  • Guest
Re: Moving the threat to Virus Chest:
« Reply #10 on: May 16, 2009, 06:17:05 PM »
I know, I said that too,

but TheRebel scanned it manually and it alerted to virus, which is where the access denied error occurred and when opened there was no alert
 

avast! free home edition is the best free anti virus software undoubtedly, but I've some problem regarding the resident protection (standard shield), (I read someone else was also facing the some problem), anyways the problem is that yesterday when i scanned Documents and Settings Folder, avast! found one threat in it, I uploaded the same file on virustotal, and the results there were 0/40, even avast! on virustotal didn't detect it as a threat.

But when i tried to move that file to virus chest, it continuously failed to do so, gave some error.

And secondly, by mistake i opened that file (double click), and avast's standard shield didn't warn me :(

-Scott-

TheRebel

  • Guest
Re: Moving the threat to Virus Chest:
« Reply #11 on: May 16, 2009, 08:30:53 PM »
Dear DavidR & spg SCOTT,

Thank you for ur response.

Well the infected file was in C/Documents and Settings/(my account name on computer)/Local Settings/Application Data/Mozilla/Firefox/Profiles/(some xb....default folder)/Cache

When I scanned the Cache folder by right clicking, avast! detected a threat in it, which it was unable to move to virus chest(reasons described in the above posts).

But When i (double) clicked the infected file (mistakenly), avast! standard shield didn't warn me at all.

Anywayz thank you guys for ur kind help :)

Regards.


Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Moving the threat to Virus Chest:
« Reply #12 on: May 16, 2009, 08:50:30 PM »
The ashQuick.exe (context menu scan) is the most thorough of the scans. Once again this isn't the full path as there is no file name at the end. Check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log as that makes it easier to extract the full details of the alert.

So I don't know if you double clicked on the actual file (firefox extensionless file) or the cache folder. Here is what happens if I double click on an extensionless file in the firefox folder (nothing), see image. So the file isn't executed so there shouldn't be standard shield alert assuming it was infected.

Crucially the malware name it important too but not mentioned.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

TheRebel

  • Guest
Re: Moving the threat to Virus Chest:
« Reply #13 on: May 16, 2009, 08:54:57 PM »
Dear DavidR,

The file name was not cache, it was like 2AD48.... something, and when i double clicked the file, the window (image 1(b2517) in ur post) appeared.

Regards.

spg SCOTT

  • Guest
Re: Moving the threat to Virus Chest:
« Reply #14 on: May 16, 2009, 08:56:40 PM »
Ah that explains it, thanks for clearing that up DavidR


-Scott-