AVAST 4.8 HOME trojan-gen detection !?

hello,

I have 2 issues to adress.

First, avast suddenly detects “trojan-gen” in a vcredist_x64.exe file! The file is partial from my logitech dinovo cordless keyboard driver package i have extracted i obtained at logitech site officially !

I know these files which were detected arent harmfull according to totalvirrus and another site i have scanned the file in question. That and the fact the package came from an official trusty source “logitech” for as far i know!

Some other files whitin an execute archive i have had for years have been detected as infected aswell sudden !?

Even though avast detected some trojans/worms, i couldnt find anything back in the logs section !?

i have set logging to debug to get every possible info though !?

The second issue i have is, when i scan that logitech software package it’s exe . avast doesnt sound an alarm and therefor seems not to scan that vcredist file i spoke of earlier !!??

Why didnt avast scan the files whitin some self-extracting exe’s !??

thank you,

cheers,

Hello kabster

it is fixed in VPS version 091119-1 , please update avast!

thanks
nmb

@nmb

yes, not soon after i have started this thread i noticed avast updated the virus database and fixed a few of my mentioned problems !

One thing though !!

Iam still not sure if avast home will do an deep level scan of self-extracted files. Like, it seems not to scan the numerous files from a exe whitin an .execute file !!!??

I noticed that when avast detected the so called “infection” ONLY when i extracted the content of the exe package !!! As long i scanned the 1 exe file containing the few infected files (false positives so it seems) avast didnt allert me !!??

What is that all about >?

Do i have to go Pro and buy avast to get it work torough ?

Many thanks for the support :wink:

cheers,
kabster,

Hello kabster,

avast! settings by default is not to scan all files but to scan only those “accessed” files - which results in use of less resources. it doesn’t mean that avast! doesn’t protect. there is no meaning in scanning the files which are not executed, isn’t it?

when you opened the downloaded exe file, avast scanned all the accessed files which is nothing but the extracted files. with out the user opening the downloaded file if avast! scans, then it results in poor performance isn’t it?

but, you can increase sensitivity of the resident shields. just click the avast! tray icon once and there you will see list of shields(click more details at the bottom). you can increase the sensitivity of the shields by sliding the bars. if you are not a power user or someting like that, then you can leave the default settings as it is.

avast pro! has one more feature. the script blocker. it blocks the malicious scripts from executing and of course the advanced user interface where you can configure the settings such as scan scheduling etc.

you can help avast by buying avast pro.

you are welcome.

nmb

That’s just it…! AVAST didnt detected anything when i either downloaded the file , or even opened = executed the file (to install) !!

Avast only alerted me AFTER i EXTRACTED all the files from the xxx.exe package and after i have scanned that directory whit the extracted files MANUALLY / or automatically by screensaver you see!!

So i have already executed the file in several way’s and avast didnt alerted me back then. But it did allert me when i manually scanned the map whit the extracted files ???

Even though i changed avast settings to do an intensive scan !!

So, wot i want to know is. Is avast capable to do an deep level scan. I mean, does it scan the .exe files whitin an .exe whitin an .exe package where the so called infected files are stored you know!??

p.s: Sorry for the late reply kabster,

Hello kabster,

false positive can occur even when the exe is not executed. but the same applies the other way. avast may detect the whole exe as a false positive but may not detect the extracted files as fps. it depends on the technology avast! devs have used in the engine. not only that but the signature of the whole exe file and the signature of the extracted files are not the same.

nothing to worry.

nmb

nmb,

So, basically avast might aprove A package.exe at one hand but once extracted that “package.exe” its contents it just might suspect A file from whitin that “package.exe”!?

If so, why didnt it allert me the first time i scanned that package.exe containing that so called infected file unless it didnt scanned that package torough in the first place ofcourse!!! Even though i have scanned that package over and over whit the tightest and securest setting !!

Thats wot “worrie” me and thats wot i want to find out!

thank you,

kabster

Hello kabster,

the signature of the particular exe file is different and the signature of the files in that file is different, may be. so individual files may be detected but not the whole exe. I don’t know how avast! works. and you should not be worried. I mean there is nothing to be worried.

btw did you update to the new version 4.8.1367?

thanks
nmb

I see… Well i leave it just at that then !
You sure the current and latest build is 4.8.1367 ? My avast current version is still 4.8.1356 !!
And avast should be up to date as its set to automatic update both virus database and program core !!

But you are right, in the meanwhile when i wos typing thins message i manually updated and now avast is up to date whit the latest program version!

So, is the automatic update feature broken in some way !?
It seems the automatic Virus database update work like a charm.

kabster,

Hello kabster

Its not broken actually. it works that way so that there is no overhead on avast! servers. generally it will be pushed to all within a week. but the manual update is always available. :wink:

thanks
nmb

I agree with nmb, based only on my experience of seeing similar things, not from any formal learning.
It seems to me that a file can change in the process of being extracted from a package. It seems to be more frequent in the case of a self-extracting archive (say, an installer) than a package opened by a zip program.

Just my 2cents worth.

So, the auto program update does indeed work but is push forward/sheduled for each and one of use sort of speak to prevent flooding.

That sound reasonable clear to me ::slight_smile:

Thanks for the support , appreciated :wink:

kabster,

hello kabster,

not actually pushing to everyone. instead a message is sent to avast! on your machine which will be in turn displayed on the screen saying a new version is available.

Thanks for the support , appreciated

you are welcome

nmb