Hi, there. I just got Avast and like what it is doing but I just had one problem. I did a scan of my system that found Alureon-FZ and was able to ‘move to chest’ successfully on the initial scan. The program then asked to restart and do a ‘boot scan’ and found two infected files that it could do nothing with. The files are both listed as Win32:malware Gen but hen the computer started up I could still not do anything with the file (it reads operation is not supported for this type of archive).

I read this forum topic: http://forum.avast.com/index.php?topic=84185.0 and thought about doing the same thing but I did not want to damage my computer accidentially or clean anything without asking for more information and help with the issue. Thank you in advance for you’re time.

you dont say where the file detected was located

i am guessing…in system restore…or inside a zip.file ?

Sorry but reporting just the malware name from the boot-time scan doesn’t help, what helps is the file name and location of that file.

Look in the C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt file (XP location) Or C:\ProgramData\Alwil Software\Avast5\report\aswBoot.txt (Vista, Win7 location), check this file using notepad for info on the scan/detections, etc.

Sorry about that.

The first file location is:

C:\Program Files\EarthLink Setup\Windows\access\SpywareBlocker.msi|>Data1.cab|>ElShowSpyAbout.exe|>[UPX]

The other is:

C:\System Volume Information_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}RP40\A0026432.msi|>Data1.cab|>ElShowSpyAbout.exe|>[UPX]

Thanks again for the response. Sorry for the lack of info.

OK, the first one is buried within 2 archive files, SpywareBlocker.msi then Data1.cab and finally the actual file ElShowSpyAbout.exe is also a packed executable (third archive). So avast is unable to remove the detected file from within the multiple archives. The reason is probably that the removal may corrupt the main .msi file.

The second is essentially the same file but in system restore.

What do you know about this C:\Program Files\EarthLink Setup\Windows\access\SpywareBlocker.msi file/program ?

Nothing really. This computer is about 5 years old and came with some internet options that I never used. The programs did not take up an insane amount of space or pop-up asking to be used so I left them alone. I never have really touched the program since I have had the program.

Then I would suggest that you manually delete it and the one in the system volume information folder.

Avast also has a setting that if the file can’t be removed from an archive that the archive can be removed instead. This however is a pretty big escalation and one I wouldn’t want to have done as an automatic process.

Will do. Both files deleted successfully. Should I run another scan to be sure?

It won’t hurt, but I think you will be fine given that the detections were buried inside archive files, which until run and the data extracted are inert. When an archive/installation file is extracted/run and the data extracted avasts file system shield should be able to scan and deal with the extracted file.