Author Topic: Newbie here: how to know when detection found or not found?  (Read 7742 times)

0 Members and 1 Guest are viewing this topic.

Offline The111

  • Newbie
  • *
  • Posts: 8
Newbie here: how to know when detection found or not found?
« on: October 11, 2009, 03:45:12 AM »
Hi, I just switched to Avast from being a longtime Avira user, after reading reviews on av-comparatives.org showing Avast to be far superior (plus I was sick of false positives on Avira).

If I have a certain folder I wish to scan, I right click on it and use the context menu to scan it with Avast.  However, when it is done scanning the info box just disappears.  It doesn't say "scan completed, no detections" or anything like that.  How do I know if the results are good or bad?  All the sections of the log viewer from "emergency" through "warning" are empty so I guess that means I'm ok?

Also, why doesn't this program have an option for daily scan scheduling like Avira did?  And why do scans take so long?  I scanned a single archive file (rar) with Avira and it would only take 10 seconds... the same file with Avast takes a couple MINUTES... apparently there are 50,000+ items inside that archive and I guess Avast is being more thorough about scanning them all (and sub-archives within the rar) than Avira was?  I have nearly 2TB of data on my machine and it's looking like a thorough system scan will take over 10 hours... fortunately CPU usage is minimal on my i7.

Thanks!

Offline .: L' arc :.

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1780
  • Thinking with Portals
Re: Newbie here: how to know when detection found or not found?
« Reply #1 on: October 11, 2009, 03:53:15 AM »
 Welcome to the forums The111,

 Right click context scan window disappears when no virus is found but if you want some report. Follow:
 Program settings > Common > Put a check on 'Show results of Explorer Extension'

 avast is supossed to be a fast scanner, if it takes more time that it is supposed to be, some remnants of avira may be conflicting with avast. Those remnats can be removed using Avira Registry Cleaner. The tool is in German, you’ll have to click on the button called Keys auslesen to search the registry for any issues. Then place checkmarks next to the registry entries you wish to delete and click the Löschen button to delete the keys.

NOTE: Using avira registry cleaner may also delete avast related entries.
« Last Edit: October 11, 2009, 03:57:14 AM by .: L' arc :. »
Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1

Offline The111

  • Newbie
  • *
  • Posts: 8
Re: Newbie here: how to know when detection found or not found?
« Reply #2 on: October 11, 2009, 05:47:39 AM »
Thanks for the reply.  Tell me if you think this is a reasonable scan time.  I put scanning back from thorough to standard, and took archives off, and ran a complete system scan... it took 48min for 2.0TB (wow, my guess was right, I actually have much more than 2TB available but was just guessing how much I was using).  Screenshot below.

Now, if I did it with archive scanning on, and used thorough instead of standard, my guess is it would take 6-8 hours.

What does it mean if a file can't be scanned because it is a decompression bomb?


Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: Newbie here: how to know when detection found or not found?
« Reply #3 on: October 11, 2009, 05:57:36 AM »
Quote
NOTE: Using avira registry cleaner may also delete avast related entries.
It will.  ;)
Fortunately you can select which items to delete; just don't delete anything from Avast. If you're unsure, post the entries concerned here.

Most free versions of commercial AV's have some feature or ability part-"crippled" or reduced. With some it's the detection or cleaning ability. With Avast it's the ability to schedule a scan. And a few other bits and pieces.
(One reason Avast is considered very good; the protection is excellent. In fact "advanced+" according to the latest AV-comparatives.)

A thorough scan will take a long time, it scans inside archives. These can be ignored (skipped) if desired, a virus inside a zip or rar can not activate unless the file is unzipped, at which point the on-access scanner should stop it.
Personally, I'd just do one thorough scan after first install, then a regular scan every month or so.

The scan needs to be (more or less) attended up to the first detection (if there is a detection) at which point the box in the alert window "do not show this next time" can be ticked, and the scan left to complete, while the user goes to bed, or work, or whatever.

You ca place an Eicar (simulated) virus near the beginning of the system folder on the C drive, that should speed the time taken for the first detection. You would need to pause the webshield to download it. http://www.eicar.org/anti_virus_test_file.htm

"A file is a decompression bomb" is alarming terminology. It just means the file is packed using an unknown and/or high compression algorithm. (Sounds fancy, don't it?  ;D). Don't be alarmed, it is no indication the file contains a virus, just that it can't be scanned.
Other similar errors you may get are "...the file is password protected". Once again, don't worry. This could be from the quarantine of another anti-malware scanner, or some program that uses encryption to store some of its data. Moving the column header of the scan report to see the full name and path of the file will usually reveal whether it needs further investigation.
And if you don't know in regard to a particular file, you can always ask here.
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline The111

  • Newbie
  • *
  • Posts: 8
Re: Newbie here: how to know when detection found or not found?
« Reply #4 on: October 11, 2009, 08:33:19 AM »
Thanks for all that Tarq.  So is 48min for a standard (no archives) scan on 2TB reasonable?

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: Newbie here: how to know when detection found or not found?
« Reply #5 on: October 11, 2009, 08:36:20 AM »
I would think very reasonable.
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: Newbie here: how to know when detection found or not found?
« Reply #6 on: October 11, 2009, 08:39:55 AM »
OT, but I'd also suggest MBAM as a demand (second opinion) scanner. The quick scan on this one covers all the likely malware installation locations, and is pretty quick. You would be glad of it if anything sneaked past Avast.

I've found the web shield and network shield in Avast (especially those two) have seemed to help prevent connecting to any nasties, anyway. Scans don't find anything on my system, so far, for a long time.
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline The111

  • Newbie
  • *
  • Posts: 8
Re: Newbie here: how to know when detection found or not found?
« Reply #7 on: October 11, 2009, 09:46:55 AM »
I tried out the Avira registry cleaner and only found 6 entries, all which to me looked related to Avast.  Guess the Avira uninstall got them all. :-*

Thanks again for all the good info all.  Nice to scan my whole system and get no infection results, whereas there were about 2 dozen files (which were admittedly of "questionable" origin) that Avira would flag every time.  The AV comparatives review mentioning false positives on Avira is definitely one of the main reasons I made the switch...

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: Newbie here: how to know when detection found or not found?
« Reply #8 on: October 11, 2009, 10:53:07 AM »
Had you set the Avira heuristics above the default, at all? That would explain a high number of false detections.
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline The111

  • Newbie
  • *
  • Posts: 8
Re: Newbie here: how to know when detection found or not found?
« Reply #9 on: October 11, 2009, 11:02:56 AM »
Had you set the Avira heuristics above the default, at all? That would explain a high number of false detections.

No, I think I had everything set at default.  It wasn't a SUPER high number of falses, considering how much stuff I have overall, and again considering the "questionable nature" of the stuff Avira was raising flags about.

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: Newbie here: how to know when detection found or not found?
« Reply #10 on: October 11, 2009, 11:30:11 AM »
Every time I visit this topic I get an alert from Malwarebytes Anti-Malware (MBAM) that the picture you posted is infected:
http://hosts-file.net/default.asp?s=208.109.78.133

Post pictures using Additional Options...
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline The111

  • Newbie
  • *
  • Posts: 8
Re: Newbie here: how to know when detection found or not found?
« Reply #11 on: October 11, 2009, 11:45:14 AM »
Every time I visit this topic I get an alert from Malwarebytes Anti-Malware (MBAM) that the picture you posted is infected:
http://hosts-file.net/default.asp?s=208.109.78.133

Post pictures using Additional Options...

Woa, woa, woa.  What?

A picture file, infected?

I have hosted my website for years now.  I know how to use forum attachments but I prefer to just host the image on my site and hotlink, for many reasons.  I can assure you there is not an infection in neither the picture file (is that possible?) or anywhere on my site!

But, I would like to get to the bottom of this.  Why is my website www.matthoover.com listed on that link you sent as an "infected site?"  :-* :-* :-* :-* :-*

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: Newbie here: how to know when detection found or not found?
« Reply #12 on: October 11, 2009, 12:46:10 PM »
Did you read the link I gave you?
40 Additional match(es) found for: 208.109.78.
http://hosts-file.net/?s=208.109.78.133&view=matches

GoDaddy is notorius for hosting malicious domains and failing to take action against them.

Read all about them in the MBAM forum:
Malwarebytes Forum > Malwarebytes' Anti-Malware Support > False Positives
http://www.malwarebytes.org/forums/index.php?showtopic=26875
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4130
  • There is no magic, only lost physics
    • spg SCOTT
Re: Newbie here: how to know when detection found or not found?
« Reply #13 on: October 11, 2009, 12:48:00 PM »
The IP that YoKenny is referring to is for GoDaddy, which I presume is your web hosting comany.

http://samspade.org/whois/208.109.78.133

It seems that GoDaddy is not very popular...

http://www.malwarebytes.org/forums/index.php?act=Search&CODE=show&searchid=905f0796cb84a37255b1ce358b7ea299&search_in=posts&result_type=topics&highlite=%2Bgodaddy

Here is a post by MysteryFCM, dated september 17:

Quote
The second is a GoDaddy IP, and currently has 170 problems as of the last check, which is why it's blocked;

[EDIT]Oops, YoKenny posted first...
« Last Edit: October 11, 2009, 12:49:31 PM by spg SCOTT »
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7087
  • Be alert for error code - ID 10T
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM