avast finds more than it has to

good morning/evening!

i just tested a new anti-virus program and so i found avast!4

i have the latest up2date version (version from 17.9.04).

when i set the scan-mode “torough-scan” and “scan within archives” the scanner runs 1hour and 10minutes (!!!) , although i have an AMD 2500+ .

on the log (when the scanner is finished) there stands: “scanned 20,2 GB” although i just have 13Gb’s datas on my HDD.

another problem is that some folders are scanned 2 times or 3 times…

do you can give me some help why

  1. the scanner needs so long
  2. why it scanns some folders twice or 3 times?
  3. why it writes 20gb instead of 13?

best regards
markus0r

before i forget to mention this

i probably got on installing windows xp home the blaster or sasser worm…

and avast doesnt find this worms, maybe they are already gone

but sometimes my cpu runs for 30mins or some hours on 100% usage…

pls urgent help! thx

i have the latest up2date version (version from 17.9.04).
Not up to date. There was a new vps released a bit earlier. Think about 3 hours before you posted this.
when i set the scan-mode "torough-scan" and "scan within archives" the scanner runs 1hour and 10minutes (!!!) , although i have an AMD 2500+ .
So? Speed is not only depending on a cpu, also what cpu with how many cache, what hd with how many cache, how much mem etc etc etc. Since you set Avast to thorough and enabled archive scanning the time is about normal. There are many, many files to be scanned and Avast needs to unpack the archives, then scan the files inside them, then (if needed) remove the infected file(s) and repack them.

I really see nothing out of the ordinary here. You can speed up the scanning by removing all temp files, inet cache files and such, then defrag, then scan.

Or, after cleaning up your system, you can run a boottime scan. Since almost nothing is loaded, Avast can use about the entire potential of the system.

I suggest you start with installing a firewall, downloading/install ALL security patches/update from MS, and then run a boottime scan.

hmmm, so you think 1hour is normal for 13Gb’s to scan? i know that there are lots and lots of files and datas…

hmm, ill update the program when i restart my computer…thx for the hint…

i tested the program…and made a “quick-scan” and “dont-scan-within-arcives” and it needed 15minutes too, (for 13gb datas)…is that normal too?

i already have the servicepack 2 from microsoft (as a firewall)

Scanning inside of the archives needs to unpack them first - which takes a lot of time.

Why do you think anything like that happens?

As already explained - when you selected the archives to be scanned, their content is scanned (and counted) in addition to the real files. So, the actual amount of scanned data may be much bigger (even much more than 20GB in 13GB of real files).

That’s certainly in the right “ballpark”. On my system, a thorough scan of 4 gigs (less the files in use) with archive scanning enabled runs about 13 to 15 minutes depending on how recently I’ve defragged.

Quote from: markus0r on Today at 03:35:22pm 2) why it scanns some folders twice or 3 times?

Why do you think anything like that happens?

because i watched that he scanned F:/Songs and them some C:/ datas and so on and then again F:/songs…

dont know, maybe im paranoid :slight_smile:

what do you think, is 15mins for 13Gb (without scan-archives) and quick-scan-mode normal?

I cannot say anything about the time… it heavily depends on the system (CPU, hard disk), number of files on your disk, type of files, etc.

If you want, you can turn on the creation of the report file in the program settings - and set the OK files to be included there as well. The resulting report will certainly be rather big, but you will see in detail what was scanned (e.g. if anything was scanned twice).

If I’m not mistaken (and of course Igor or whoever is welcome to correct me), avast scans disk sectors as nearly consecutively as it can, rather than working from directory listings. So it’s quite common to see it jumping back and forth between folders.

Oh, I’m afraid it’s really not the case. avast! really browses through the files, not sectors.

Actually, a few people said they noticed avast! scanning the selection twice in the Simple User Interface… but we have never been able to simulate it - so we suspect it was just some kind of misunderstanding.

Mike, while this sounds like a good idea, avast currently doesn’t do anything like this. It follows the folder hierarchy (and fyi I’m not aware of any other AV that would do it differently).

Standard scan without archives is way enough. Scans around 5 minutes on my 200GB Maxtor with 8MB internal cache. 50GB of files. This is very fast and thorough enough to detect all kinds of malware.

Thanks for the clarification, Igor and Vlk. It’s pretty obvious when you run, say, Housecall that it’s rigidly following the directory structure, but there seems to be a fair bit of “jumping” with avast so it seemed like a reasonable assumption.

Admittedly with avast it’s often impossible to see the whole path that’s currently being scanned (at least at 800x600, and possibly depending on which skin), so I just guessed at what I’m seeing.

Well, you are right - the path ellipsis “jumps” often. However, the previous post mentioned C:\data and F:\songs…

Can the path scroll instead of ‘jump’?
Can the font size be changed (or tweaked)?

Well, “jumps” mean that in one directory, the ellipsis covers a different part of the path than in the following one (because the next file name is longer, or something like that) - therefore, it seems like it’s “jumping” (at least that’s what I meant). I think it’s the standard Windows control/algorithms who computes where to place the ellipsis - i.e. we cannot change it. Anyway - how would you like to change it? The text is changing quickly, there’s no time for any scrolling.

I don’t think so - the font is hardcoded into the skin (at least for default skins).

I want to read the text (at least with ‘big’ files when avast ‘stays’ there a little bit more).
What the advantage of seeing half a path? Just the sensation that the computer is doing something very fast…

This is why BifDefender could ‘disable’ this. There you can avoid to show the file being scanned as this worth nothing if you can even read the whole name and path… :cry:

I think that seperated path and filename info would be better.
So it will look something like this:

Currently scanned
File: some_system_file.exe
Path: C:\WINDOWS\system32\

and NOT like this:

Scanned file: C:\WINDOWS\system32\some_system_file.exe

RejZoR
My eyesight can grab the first line with out any problems but,
if it’s seperated as in your example, then it gets confusing. Especially if these files go flying by while they are being scanned.

Does it really matters which file is currently scanned? If its malware,you’ll get warning in any case…