Author Topic: Newbie here: how to know when detection found or not found?  (Read 9184 times)

0 Members and 1 Guest are viewing this topic.

The111

  • Guest
Newbie here: how to know when detection found or not found?
« on: October 11, 2009, 03:45:12 AM »
Hi, I just switched to Avast from being a longtime Avira user, after reading reviews on av-comparatives.org showing Avast to be far superior (plus I was sick of false positives on Avira).

If I have a certain folder I wish to scan, I right click on it and use the context menu to scan it with Avast.  However, when it is done scanning the info box just disappears.  It doesn't say "scan completed, no detections" or anything like that.  How do I know if the results are good or bad?  All the sections of the log viewer from "emergency" through "warning" are empty so I guess that means I'm ok?

Also, why doesn't this program have an option for daily scan scheduling like Avira did?  And why do scans take so long?  I scanned a single archive file (rar) with Avira and it would only take 10 seconds... the same file with Avast takes a couple MINUTES... apparently there are 50,000+ items inside that archive and I guess Avast is being more thorough about scanning them all (and sub-archives within the rar) than Avira was?  I have nearly 2TB of data on my machine and it's looking like a thorough system scan will take over 10 hours... fortunately CPU usage is minimal on my i7.

Thanks!

Offline .: L' arc :.

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1780
  • Thinking with Portals
Re: Newbie here: how to know when detection found or not found?
« Reply #1 on: October 11, 2009, 03:53:15 AM »
 Welcome to the forums The111,

 Right click context scan window disappears when no virus is found but if you want some report. Follow:
 Program settings > Common > Put a check on 'Show results of Explorer Extension'

 avast is supossed to be a fast scanner, if it takes more time that it is supposed to be, some remnants of avira may be conflicting with avast. Those remnats can be removed using Avira Registry Cleaner. The tool is in German, you’ll have to click on the button called Keys auslesen to search the registry for any issues. Then place checkmarks next to the registry entries you wish to delete and click the Löschen button to delete the keys.

NOTE: Using avira registry cleaner may also delete avast related entries.
« Last Edit: October 11, 2009, 03:57:14 AM by .: L' arc :. »
Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1

The111

  • Guest
Re: Newbie here: how to know when detection found or not found?
« Reply #2 on: October 11, 2009, 05:47:39 AM »
Thanks for the reply.  Tell me if you think this is a reasonable scan time.  I put scanning back from thorough to standard, and took archives off, and ran a complete system scan... it took 48min for 2.0TB (wow, my guess was right, I actually have much more than 2TB available but was just guessing how much I was using).  Screenshot below.

Now, if I did it with archive scanning on, and used thorough instead of standard, my guess is it would take 6-8 hours.

What does it mean if a file can't be scanned because it is a decompression bomb?


Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Newbie here: how to know when detection found or not found?
« Reply #3 on: October 11, 2009, 05:57:36 AM »
Quote
NOTE: Using avira registry cleaner may also delete avast related entries.
It will.  ;)
Fortunately you can select which items to delete; just don't delete anything from Avast. If you're unsure, post the entries concerned here.

Most free versions of commercial AV's have some feature or ability part-"crippled" or reduced. With some it's the detection or cleaning ability. With Avast it's the ability to schedule a scan. And a few other bits and pieces.
(One reason Avast is considered very good; the protection is excellent. In fact "advanced+" according to the latest AV-comparatives.)

A thorough scan will take a long time, it scans inside archives. These can be ignored (skipped) if desired, a virus inside a zip or rar can not activate unless the file is unzipped, at which point the on-access scanner should stop it.
Personally, I'd just do one thorough scan after first install, then a regular scan every month or so.

The scan needs to be (more or less) attended up to the first detection (if there is a detection) at which point the box in the alert window "do not show this next time" can be ticked, and the scan left to complete, while the user goes to bed, or work, or whatever.

You ca place an Eicar (simulated) virus near the beginning of the system folder on the C drive, that should speed the time taken for the first detection. You would need to pause the webshield to download it. http://www.eicar.org/anti_virus_test_file.htm

"A file is a decompression bomb" is alarming terminology. It just means the file is packed using an unknown and/or high compression algorithm. (Sounds fancy, don't it?  ;D). Don't be alarmed, it is no indication the file contains a virus, just that it can't be scanned.
Other similar errors you may get are "...the file is password protected". Once again, don't worry. This could be from the quarantine of another anti-malware scanner, or some program that uses encryption to store some of its data. Moving the column header of the scan report to see the full name and path of the file will usually reveal whether it needs further investigation.
And if you don't know in regard to a particular file, you can always ask here.
Windows 10,Windows Firewall,Firefox w/Adblock.

The111

  • Guest
Re: Newbie here: how to know when detection found or not found?
« Reply #4 on: October 11, 2009, 08:33:19 AM »
Thanks for all that Tarq.  So is 48min for a standard (no archives) scan on 2TB reasonable?

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Newbie here: how to know when detection found or not found?
« Reply #5 on: October 11, 2009, 08:36:20 AM »
I would think very reasonable.
Windows 10,Windows Firewall,Firefox w/Adblock.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Newbie here: how to know when detection found or not found?
« Reply #6 on: October 11, 2009, 08:39:55 AM »
OT, but I'd also suggest MBAM as a demand (second opinion) scanner. The quick scan on this one covers all the likely malware installation locations, and is pretty quick. You would be glad of it if anything sneaked past Avast.

I've found the web shield and network shield in Avast (especially those two) have seemed to help prevent connecting to any nasties, anyway. Scans don't find anything on my system, so far, for a long time.
Windows 10,Windows Firewall,Firefox w/Adblock.

The111

  • Guest
Re: Newbie here: how to know when detection found or not found?
« Reply #7 on: October 11, 2009, 09:46:55 AM »
I tried out the Avira registry cleaner and only found 6 entries, all which to me looked related to Avast.  Guess the Avira uninstall got them all. :-*

Thanks again for all the good info all.  Nice to scan my whole system and get no infection results, whereas there were about 2 dozen files (which were admittedly of "questionable" origin) that Avira would flag every time.  The AV comparatives review mentioning false positives on Avira is definitely one of the main reasons I made the switch...

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Newbie here: how to know when detection found or not found?
« Reply #8 on: October 11, 2009, 10:53:07 AM »
Had you set the Avira heuristics above the default, at all? That would explain a high number of false detections.
Windows 10,Windows Firewall,Firefox w/Adblock.

The111

  • Guest
Re: Newbie here: how to know when detection found or not found?
« Reply #9 on: October 11, 2009, 11:02:56 AM »
Had you set the Avira heuristics above the default, at all? That would explain a high number of false detections.

No, I think I had everything set at default.  It wasn't a SUPER high number of falses, considering how much stuff I have overall, and again considering the "questionable nature" of the stuff Avira was raising flags about.

YoKenny

  • Guest
Re: Newbie here: how to know when detection found or not found?
« Reply #10 on: October 11, 2009, 11:30:11 AM »
Every time I visit this topic I get an alert from Malwarebytes Anti-Malware (MBAM) that the picture you posted is infected:
http://hosts-file.net/default.asp?s=208.109.78.133

Post pictures using Additional Options...

The111

  • Guest
Re: Newbie here: how to know when detection found or not found?
« Reply #11 on: October 11, 2009, 11:45:14 AM »
Every time I visit this topic I get an alert from Malwarebytes Anti-Malware (MBAM) that the picture you posted is infected:
http://hosts-file.net/default.asp?s=208.109.78.133

Post pictures using Additional Options...

Woa, woa, woa.  What?

A picture file, infected?

I have hosted my website for years now.  I know how to use forum attachments but I prefer to just host the image on my site and hotlink, for many reasons.  I can assure you there is not an infection in neither the picture file (is that possible?) or anywhere on my site!

But, I would like to get to the bottom of this.  Why is my website www.matthoover.com listed on that link you sent as an "infected site?"  :-* :-* :-* :-* :-*

YoKenny

  • Guest
Re: Newbie here: how to know when detection found or not found?
« Reply #12 on: October 11, 2009, 12:46:10 PM »
Did you read the link I gave you?
40 Additional match(es) found for: 208.109.78.
http://hosts-file.net/?s=208.109.78.133&view=matches

GoDaddy is notorius for hosting malicious domains and failing to take action against them.

Read all about them in the MBAM forum:
Malwarebytes Forum > Malwarebytes' Anti-Malware Support > False Positives
http://www.malwarebytes.org/forums/index.php?showtopic=26875

spg SCOTT

  • Guest
Re: Newbie here: how to know when detection found or not found?
« Reply #13 on: October 11, 2009, 12:48:00 PM »
The IP that YoKenny is referring to is for GoDaddy, which I presume is your web hosting comany.

http://samspade.org/whois/208.109.78.133

It seems that GoDaddy is not very popular...

http://www.malwarebytes.org/forums/index.php?act=Search&CODE=show&searchid=905f0796cb84a37255b1ce358b7ea299&search_in=posts&result_type=topics&highlite=%2Bgodaddy

Here is a post by MysteryFCM, dated september 17:

Quote
The second is a GoDaddy IP, and currently has 170 problems as of the last check, which is why it's blocked;

[EDIT]Oops, YoKenny posted first...
« Last Edit: October 11, 2009, 12:49:31 PM by spg SCOTT »

CharleyO

  • Guest