avast! Boot Scan Switches

Are there any boot scan switches that can be used to modify the boot scan behavior?

Here are some of the “switches” (command line options):
“C:\Program Files\Alwil Software\Avast4\SCHED.EXE” /?
usage:
sched /A:area [/RA:action [/RS:reply] ] [/archives] - schedules launching
area = * or folder1;folder2 …
action = delete or move or chest or repair or ignore
reply = yes or no
sched /D - unschedules boot-time scanner launching
sched /F:“file” - schedules delayed file operations (listed in given file)
sched /U - unschedules boot-time scanner and any scheduled file operations

You could use these in a batch file.

Found this from here:

Thanks for the reply.

Can you tell me what the reply switch does (/RS:reply) and
the delayed file operations (/F:“file”) switch?

The /RS switch selects the default answer (= confirmation) for infected files found inside of the system folder.

The /F switch makes it possible to perform delayed file operations (i.e. deleting/renaming of files after restart) using the boot-time scanner. It’s currently used internally in avast! and it actutally doesn’t have anything to do with an antivirus scan (i.e. you can safely ignore it ;)).

Thanks igor,

Is there an option to create a log file of the actions that occur during the boot time scan?

I believe the report file is created automatically in \Data\Report\aswBoot.txt

Under action,
It has: action = delete or move or chest or repair or ignore
How would you specify move to a specific file or is it actually misworded and should say “move to chest”?

Yeppers, it reports the find.

Is there a way to set the boot time scan to automatically (no prompt) delete or move infected files that reside in the system directories. The command line I am using below is removing everything but the infected system files.

“C:\Program Files\Alwil Software\Avast4\SCHED.exe” /A:* /RA:delete /RS:no

“Move” means the same as in Windows GUI - move to a specific folder (by default \Data\Moved, possibly appending .vir extension to the filename; don’t know if the boot-time scanner performs the rename as well or not).

I believe (though I’m not 100% sure, didn’t really try that one) that /RS:yes should do it.

That did the trick!!!

Thanks

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest, check the aswBoot.txt/chest and investigate.

“C:\Program Files\Alwil Software\Avast4\SCHED.exe” /A:* /RA:chest /RS:yes

Thanks, I made the change.

No problem, welcome to the forums.

Like David, I will never delete system files without manual confirmation…
I want to boot my system and false positives could occur :wink:

When you say “I want to boot my system and false positives could occur” does this mean that moving “system” files to the chest instead of deleting would still allow the operating system to boot?

Kind Regards and thanks for the welcome,

Jim

No, the system won’t boot IF I do not restore the system file. Even infected, I need it to boot.
Then, you can manage some infections, using the SFC Windows command to restore the original system files back. Otherwise, deleting the file, you can’t restore them (delete is NOT the same as send the file to Recycle bin, delete is caput, erase, no more file…).
Did I make myself clear this time? ::slight_smile:
Sometimes I spoke a too technical speech… ;D

Not too technical, just want to verify avast capabilities.

How much luck have you had using SFC to replace infected system files?

With System Restore disabled, I see no reason for it to fail with drivers and libraries (.sys and .dll).
With executables, you can extract it from the CD as well.
I have restored system files using SFC command before, no trouble. Although (thanks God!) not because an infection.

Thanks