Author Topic: How to check last event details?  (Read 2993 times)

0 Members and 1 Guest are viewing this topic.

Offline faramir

  • Newbie
  • *
  • Posts: 8
How to check last event details?
« on: December 06, 2011, 11:31:15 PM »
This morning, my mother started her computer (Win XP SP3, Avast Free 6.0.1367), and after windows started, she found an Avast message saying it had found an object, she says the name started with "robo" but can't remember the whole name. It recommended to delete it, and after that, to schedule a start scan, and reboot. She did that, and the computer is clean.

But, how can I check what kind of "object" did Avast find? I can't find any log, the computer has been restarted 2 times since it detected the "object", and "show last message" is grey.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37608
  • Not a avast user
Re: How to check last event details?
« Reply #1 on: December 06, 2011, 11:54:10 PM »
It was probably this False Positive rootkit

http://forum.avast.com/index.php?topic=89963.0

iyogisolutions1

  • Guest
Re: How to check last event details?
« Reply #2 on: December 07, 2011, 12:01:28 AM »
Hi faramir,

    You can check in Virus Chest. If avast! finds any kinds of infections, it will put them in VC. To open Virus Chest,

avast! GUI -> Maintenance -> Virus Chest

   You can Delete, Restore, Extract, Scan, Report False Positive.. etc  from there.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37608
  • Not a avast user
Re: How to check last event details?
« Reply #3 on: December 07, 2011, 12:04:01 AM »
Quote
You can check in Virus Chest. If avast! finds any kinds of infections, it will put them in VC
Not when it deleted



Quote
It recommended to delete it, and after that, to schedule a start scan, and reboot.
« Last Edit: December 07, 2011, 12:05:33 AM by Pondus »

Offline faramir

  • Newbie
  • *
  • Posts: 8
Re: How to check last event details?
« Reply #4 on: December 07, 2011, 12:15:34 AM »
Thanks, I think it is very likely it was that false positive, still, I'm greatly disappointed due to not being able to check the details of that alert... All I can check is the log of the start scan done after the alert, and it didn't find anything. I'd really want to know what file supposedly was deleted. I still hope there is a log hidden somewhere.

P.S: sfloppy.sys is where it is supposed to be, and a manual scan doesn't report it as virus.
« Last Edit: December 07, 2011, 12:17:33 AM by faramir »

ady4um

  • Guest
Re: How to check last event details?
« Reply #5 on: December 07, 2011, 12:23:33 AM »
"sfloppy" will still be there, Windows itself replaces it again after deletion and reboot. Avast has now been updated, so no FP now.

About the logs, there is a "report" folder and a "log" folder. In addition, each shield has some "shield log" link.
« Last Edit: December 07, 2011, 12:29:37 AM by ady4um »

iyogisolutions1

  • Guest
Re: How to check last event details?
« Reply #6 on: December 07, 2011, 12:27:44 AM »
Hi faramir,


    You can get the logs and reports from,

C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\ Log and Report folders..

 
 

Offline faramir

  • Newbie
  • *
  • Posts: 8
Re: How to check last event details?
« Reply #7 on: December 07, 2011, 02:28:32 AM »
I found the log files, and the reports too (txt files), but they didn't have any info about a virus alert. I was expecting to see something like "date/time alert, c:\somefile infected by somevirus. action: deleted"
 ???