Repairing infected files

[paulom]

Maybe I should have posted this question in another board. But I am evaluating Avast in a corporate environment managed by ADNM, so here it goes.
I have installed Avast in several machines, servers and workstations. Avast has detected a lot of infected files in these machines, mainly because the antivirus we are presently using is quite inefficient, and probably there are viruses running in our network. I have configured Avast to first try to repair infected files, if this fails move them to chest, and if this fails delete.
It happens that Avast hasn't been able to clean not even a single file!
Firstly I had disabled VRDB creation. When Avast began detecting infections and moving files to chest I enabled VRDB, hoping things would change. But this was of no use, and I've just read in the forum that VRDB will be dropped in version 5.
Am I doing something wrong? In what cases can Avast repair an infected file?
I know that repairing files is a difficult task. Sometimes our antivirus claims to have done it an leaves the file corrupted and useless. I have seen even cleaning tools for specific viruses doing this.
But as I said, Avast hasn't cleaned no files at all. We are wondering if we should buy it or not, and I'm afraid some information is missing for this decision.

[Tarq57]

I use Avast on a personal desktop, and have little idea about networks.
But the basics (in principle) as regards this question probably aren't too different.
1) The VRDB takes a while to gather the required information about the files it will store info on; it is not an instant process. (And if the files were infected to start with, it wold actually be useless. It needs clean files to store.) I've seen it take well over an hour.
2) Not all files that belong to the OS are stored. Only a select few of the "then" commonly- attacked ones, when the VRDB concept was invented.
3) The only way Avast could repair a file, is if (a) it had a bit of viral code attached to it and was previously a legitimate file; (b) it was one of the files present in the VRDB store; and (c) if a clean copy of that file was actually present in the VRDB.
4) It's old technology, which is one reason it is being dropped in version 5. Most infections in todays environment are trojans, worms, rootkits etc. The entire body of the file is an infection; there is no point in attempting to clean them, quarantining or deletion should be the only options.

On your network, are the detections mainly viruses? Or trojans etc? If the latter, Avast should, in most cases, be able to move them to the chest (quarantine). If the former, repair would have to be carried out, (I think) manually, using current clean files from an OS disk or similar, for the reasons stated above.
I would actually be fairly surprised if your network has a large number of actual viruses, unless an extremely inefficient AV had been used since the time viruses were more common. (Say, 4 - 7 years back).
It is more likely they are actual trojans etc, ie: unable to be repaired (and no point trying to.)

[Yanto.Chiang]

Hi Paulom,

I don't think avast woldn't able to delete or repair your infected files, we should look back what is the varian virus/malware has infected your files or system.
Sometimes malware could attacked .jpg or .sys or other extension files which could attached by malware and change in to .exe file.

Have you check out what is the kind of virus/worm which attacked your existing network?
Today, the famous attacked is conficker. I have faced it with some company in my country too, and sometime could make server down.
And normally if your found malicious attackers and couldn't make i clean, you could submit to avast tech team to define a new database.

Hopefully your keep trying avast antivirus to know deeply about avast antivirus.

Regards,
Yanto Chiang

[paulom]

Tarq57 and Chiang, thank you for answering.

I have attached a text file with the results of Avast Top 50 viruses report. Most of these occurrences where in a file server, remotely accessed by unprotected workstations where viruses where running.
As I said before, in no one of these cases Avast was able to clean the infected file.
Maybe you can take a look at it, and tell me if you think this sounds reasonable or not.

[Yanto.Chiang]

Hi Paulom,

Sorry if i missed this case,

Logically, if you could generated this report from avast. avast should be detected those attackers on your network.
So why you mentioned that avast couldn't clean, meanwhile could detected those infected files?
Or if you feel not sure with existing protection, you could combine with others malware engine like Malware bytes or Super AntiSpyware to double protect your system as well. Because nobody is perfect in this world.

Anyway, if you have any issues regarding with malware/virus attacked and avast couldn't clean or detect it. You could compress your infected file and give password and then sent to : virus at avast dot com

Regards,
Yanto Chiang