avast! quick scanner help

In the avast v4.6 Home Edition I found no information in the program’s Help section in regard to “Quick Scanner”.

On a number of quick scans (right click a file or a folder and select scan) I get zero statistical results.

For instance: I scanned an .exe file and the avast! Quick Scanner gui showed 1 file tested along with the name of the file, however, the “Final statistics for last scan:” gui reported all zeroes for files scanned, folders scanned, size of files, and infected files.

I get the same results on a number of files and folders (but not all) that I scan using the Quick Scanner. It in effect suggests to me that there was no scan done on the selected files and folders.

Why are the statistics all zeroes in the “Final statistics for last scan:”? Can this be changed/corrected?

As far as I know any quick scans are not recorded because all they are, are quick a scan and not a full scan. I have my download manager use ashquick to check downloads and I have no log that I have found for them. Yet I know it works 'cos I have no viruses…

Welcome to the forum

Perhaps you misread my message. I’m not looking for any “log” results.

I want to know why, after the “Quick Scanner” runs, in the “Final statistics for last scan:” the resulting gui (a pop-up) reports;

“Number of scanned files: 0
Number of scanned folders: 0
Total size of scanned files: 0
Number of infected files: 0”

The program’s gui (avast! Quick Scanner) reports:
“Number of tested files: 1
Tested file:” (name of the selected file).

Why then would the “Final statistics for last scan:” have all zeroes when in fact it should have reported,
Number of scanned files: 1 (the exe selected)
Number of scanned folders: 0
Total size of scanned files: 27.1 MB (the selected exe size)
Number of infected files: 0

This is an image of an ashquick.exe (right click context menu scan of one of my exe files), “Final statistics for last scan:” and the “avast! Quick Scan” it is working fine for me using XP Pro.
What is your OS?

Try a repair of avast. Add Remove programs, avast! Anti-Virus, Change/Remove button and scroll down to Repair, click next and follow. You need to be on-line to do this.
If that doesn’t work try, uninstall, reboot, install, reboot.

My operating system is the same as yours, XP. The image you posted is what I am referring to, right click a file and select scan (or, ashquick.exe, as you referred to it) and the images are then as you have shown.

I did the avast repair as you suggested, then I scanned the exe in question, and the statistical results where then correct, 1 file searched, file size 27.1 MB, 0 infected files. Thank you for the repair suggestion.

However, there is now cause for concern because avast did not detect a “suspicious” file that a RAV online scan found within the same exe.

When I use the online RAV scan ( http://www.ravantivirus.com/scan/ ) it finds a “suspicious” file within the exe, reported as:
“exe->(CABSfx)->\UTILITY\WINDOWS\MBRutil.exe - Backdoor:Win32/Poebot.E → Suspicious”, but avast reports no such “suspicious” file when scanning the same exe. This suggests to me that should I launch the exe in question there is the potential that the trojan downloader “Backdoor:Win32/Poebot.E” might be installed.

I’ll have to decide whether I want to launch the exe to see if anything undesirable might happen.

Your help is appreciated.

Obviously if there is any doubt you shouldn’t run the exe.

If this is a winRAR (self extracting executable) archive, avast! may not have been able to extract/unpack it in order to scan it, hence the 0 files scanned, etc. This would however, need to be confirmed by the Alwil team.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.

If it is detected by multiple AVs then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces).
Give a brief outline of the problem, the fact that you believe it to be an undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

Some FYIs.

  1. As I previously noted the file in question that was scanned is an exe not an rar.
  2. Zeroes in “Final statistics for last scan:” have been corrected with a repair of avast as per DavidR’s suggestion.
  3. File in question is 27.1 MB, there is a 15 MB limit per file on the Jolti site you recommended.
  4. False positives generally do not identify a specific trojan downloader as is the case here (Backdoor:Win32/Poebot.E).

Should I decide to launch the exe I would first create a partition image with Acronis True Image. I generally do that the first of each month so tomorrow I’ll decide if I want to try the installation. If I do so, after the installation I’ll run the RAV online scan and an avast scan on the partition were the program with the supposed trojan will be installed.

However, if the trojan downloader is in fact part of the exe, as RAV suggests, it is my hope that if I decide to launch the exe avast would detect it during the installation of the program.

If I do decide to try the installation I’ll post the results. If I don’t continue this thread in the next 2 days it will mean I decided not to do so.

  1. As far as I’m aware, like winzip, RARs can be self extracting and in which case are usually seen as .exe files.
  2. Glad that at least the scan stats are corrected (which would negate my possible theory of not being able to examine a RAR self extracting .exe file).
  3. Sorry about the file limitation on Jotti I haven’t used it for some time.
  4. Just looked at your post, Reply #4 and the key may well be the word “suspicious” (not necessarily infected) so RAV may well be using some form of Generic or Heuristic detection and it may not like the references or editing, whatever of the MBR. So many other AVs not using the same generic or heuristics won’t detect it. In a similar way avast! heuristic check in the email scanner warns as suspicious when it encounters the