Author Topic: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs  (Read 8553 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86671
  • No support PMs thanks
Re: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #15 on: July 07, 2011, 09:20:45 PM »
By default in the Packers only the first three are selected (and ntfs streams), the All packers check box is empty. However that said the thunderbird files certainly the msf files don't appear to be packed just that it uses a lot of special characters (and code), so might well be scanned by default (not because of as I though they were archive files).

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

YXtanyaXY

  • Guest
Re: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #16 on: July 08, 2011, 07:19:41 PM »
Hi and thanks again,
Not sure if should start a new thread...
By default in the Packers only the first three are selected (and ntfs streams), the All packers check box is empty. However that said the thunderbird files certainly the msf files don't appear to be packed just that it uses a lot of special characters (and code), so might well be scanned by default (not because of as I though they were archive files).



The .msf files were not scanned by default. I think I need to change settings because: only found the last threat (dhl.zip#3651267798) in the .msf file with a boot scan (not with the usual scan)

I found the 1st 4 (the dhl.zip#3651267798) files by right clicking the Documents and Settings | "My Documents" and each MozBackUP file for TB (not for Firefox) separately.

Does that mean the .pcv files were benign and not necessary to scan to begin with" (since they are compressed?
(although these were initially found on flash drives by "Trend"



When Avast! was inactivated (AvastUI.exe) after Combofix (a disaster) (I had to install the reg key) I'd forgotten to activate avast! and was on a Web site -> some MS security window popped up with something about spyware, trojans etc. the words "Documents & settings" popped up too.
I ran  before restarting the PC ran Avast! full system scan - nothing.
Then (still before a reboot) ran "Documents & settings" through Avast! (right click (D & S) and it found 4 java \ cache viruses (trojans?)) they are in the chest.

Should I change setting to include the above (.pcv, .msf) by default?

Should these questions belong in another thread?

BTW: I was "told" to run combofix.exe (after finding the first 4 files (dhl.zip#3651267798) in the .pcv files and it found nothing except 2 dell drivers which it removed (although in 2009 "virus total" had already determined the drivers to be benign.)
"Virus Total"
http://www.virustotal.com/

Thanks!




Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86671
  • No support PMs thanks
Re: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #17 on: July 08, 2011, 08:20:52 PM »
Most backup software will be compressing the content, in its compressed state it is benign. Only when the backup is restored would it be uncompressed and even then if it is an infected email attachment, that would have to be run.

I don't know what MS Security window that might be (not something I'm familiar with in XP), but this type of thing is often related to scam/fake security alerts. So it entirely depends on what security software (MS) that you have installed and if the pop-up window is legit for that application.

I personally wouldn't be looking at exclusion, if as you say this is only scanned/found on a boot-time scan as the boot-time scan isn't something that is run on a regular basis.

I don't know who suggested combofix, but this is a powerful tool and one I would say has to be run under guidance. As can be seen from the dell drivers. Normally it would follow using a number of other analysis tools first to get an idea what is on the system and cleaning with targeted fixes and or other tools before breaking out the bigger guns as run on their own it is possible that they could actually make the situation worse.

Whilst I don't specifically use mosbackup or any other email backup function, my tbird profile folder and stuff are on a manual mirror.exe tool that I use. I also do weekly drive image backup and these are pretty big up to 3GB or so, so I don't feel the need to scan then as I do my avast Quick scan before running my drive image backup. Those G:\Drive-Images\*.v2i I have excluded.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

YXtanyaXY

  • Guest
Re: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #18 on: July 16, 2011, 07:35:25 PM »
Hi thanks for reply,

Most backup software will be compressing the content, in its compressed state it is benign. Only when the backup is restored would it be uncompressed and even then if it is an infected email attachment, that would have to be run.
Didn't know that. So if I try to open a compressed file and it is infected, Avast! will activate?
Quote
I don't know what MS Security window that might be (not something I'm familiar with in XP), but this type of thing is often related to scam/fake security alerts. So it entirely depends on what security software (MS) that you have installed and if the pop-up window is legit for that application.
It was legit: Maybe related to Windows firewall? It was not helpful - Avast! warns before the fact: This windows application informed after the fact (and since the text "Documents and settings" flashed across the screen (despite a negative Avast! full scan) I scanned D and S and found the threats). Plus the date and time of when they "came" was accurate.
Quote
I personally wouldn't be looking at exclusion, if as you say this is only scanned/found on a boot-time scan as the boot-time scan isn't something that is run on a regular basis.
Someone suggested a boot scan: I have to find out more about them. But it was certainly more helpful than running combofix.
Quote
I don't know who suggested combofix, but this is a powerful tool and one I would say has to be run under guidance. As can be seen from the dell drivers. Normally it would follow using a number of other analysis tools first to get an idea what is on the system and cleaning with targeted fixes and or other tools before breaking out the bigger guns as run on their own it is possible that they could actually make the situation worse.
I was trying to get an answer as to how worried one should be about 4 threats at that time in virus chests (trend and Avast! different systems) and was instructed by a well known message board to run a number of log-generating software. All I wanted to know is whether I could / should use the system. I know the email had not been opened, and AFAIK all infected code was localized.
I assume the positives (both Trend and Avast!) were code (heuristic) and not actual virus / worm... programs.

I was told by some people the only way to deal with the situation (before the 4 java\cache threats and the 5th email-related code) was to reinstall Windows....
I certainly have learned my lesson about combofix and following directions I am not completely familiar with....


Quote
Whilst I don't specifically use mosbackup or any other email backup function, my tbird profile folder and stuff are on a manual mirror.exe tool that I use. I also do weekly drive image backup and these are pretty big up to 3GB or so, so I don't feel the need to scan then as I do my avast Quick scan before running my drive image backup. Those G:\Drive-Images\*.v2i I have excluded.
I am not familiar with the above software: MozBackUp has been a help (especially with TBird)

Finally: I think I learned another lesson: Several days ago: received a 91 kb email: "from FedEx" - the sender and recipient were completely wrong and Fedex confirmed this: I truncate email on the server (download to 3 systems) so I never had the entire message.
I trashed it immediately on 2 systems and forwarded 1 kb (header info) (that had downloaded) to a center for malware. Then immediately deleted it from the server.
I am afraid to run the trash folder through Avast! and for that matter the inbox.
I guess I shouldn't do anything...

I thank you very much for the help! You gave me a lot of information and I am very grateful!
Thanks!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86671
  • No support PMs thanks
Re: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #19 on: July 16, 2011, 07:59:05 PM »
1. If you try to just open a compressed file nothing happens - the files are still inside it, extract files and they become either newly created or modified (if over writing an existing file) at that point the avast file system shield would be scanning those files considered at risk of infection or are an immediate risk, e.g. executable files.

2. I haven't used the windows firewall in a coons age and in all honesty I can't recall it ever piping up and in relation to security alerts (when the default firewall has no antivirus capability). So I'm none the wiser and can't really say what this was, but I still have suspicions when there is no clear evidence, I'm trusting like that NOT.

3. Generally the reason for running the boot-time scan is if a detection is found that can't be dealt with when windows is running fully. Or when advices by avast! itself.

4. if the files are in the chest, they can do no harm there and nor can they be scanned by other tools (they are encrypted), so combofix wouldn't have found them, whilst it may have found associated undetected elements if present.

4. A reinstall of the OS is the neuclear option and one of final resort and not that frequently needed; there are notable exceptions some mall file infectors, Virut, etc. really can rip through a system if they get established and cleansing of the files could leave some corrupt.

5. I bet you are more familiar with mozbackup than I am, as I have never used it ;D

6. There really are a hell of a lot of FedEx, UPS, etc. etc. fake emails doing the rounds, so I would treat every one with suspicion. Unfortunately you are in the position of expecting some legit emails from them makes your life harder.

For the most part checking the header info should be enough to confirm they are fake, often they contain basic spelling and grammatical errors and not least the greatest majority will have an attachment that they hope you will run.

~~~~
You're welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security