Boot scan detected file but cannot take action

OK I’m a little confused at this point.

First of all Avast completed a scan earlier and showed me 10 infected files, which I moved to the chest. Unfortunately I am to inept to figure out how to reproduce a log of that particular scan, though all the files were dated as being last modified sometime back in 07 or 06, whatever that means. Avast then told me to run a boot scan, to which it found 1 file but it could do nothing about it for some reason. I tried deleting it and moving it to the chest and all I got was something to the effect of “file does not support this action”. The log shown in Avast’s interface shows that the boot scan found 1 infected file, but the log also states that no virus was found and does not show any files in the results, completely contradicting it’s self. But luckily I figured out how to find the boot scan log somehow so I can post that much here.

03/30/2012 14:26 Scan of all local drives

File C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Snapfire\snapfire.msi|>Binary.PreloadedMessages_FR is infected by Win32:Trojan-gen, Move to chest: Error 42111 {The operation is not supported for this type of archive.}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}, Delete: Error 42111 {The operation is not supported for this type of archive.}, Repair: Error 42060 {The file was not repaired.}
Scanning aborted

Number of searched folders: 773
Number of tested files: 34762
Number of infected files: 1


Sorry if I’m completely violating forum etiquette, I’m pretty tired right now.

You can find the logs for regular scan in:

Avast! > Scan Computer > Scan Logs ( Pick the scan log you want to see ) > View results

Expand that windows for us to look at and get a screenshot of it then attach it here.

See my Screenshot.

Simple enough.

Is the comp behaving out of the ordinary ? Would you like for a specialist to take a deeper look ?

Not really. Or at least I don’t think so. This computer has always been a bit slow and I don’t use it that much.

I’m actually wondering if these might be false positives. Since ten of them are in a Sony update file (I use a VAIO) and the one is in Corel Snapfire’s installer. :-\

Ah I found the directory and scanned the other file it couldn’t do anything about. Still can’t.

Vic all those files belong to legits programs, but you never know until an expert sees them. You can send the files in the chest to Avast! virus lab to be analized. Just right click on them and report them as F/P. then once in a while after new VPS updates go again into Avast! chest an analize them from there to see if they are still detected.

About the file in the boot scan that Avast! does not take any action. There are certain files that Avast! does not touch, as system files or files that can make a program inoperable.

Submitting a false positive requires information I’m not aware of.

Version can leave it blank. Your e-mail can be the one you used to register Avast!. In additonal Info you can give the link to this topic. That’s all.

Just keeps telling me “Please make sure all fields are filled with correct data”.

I think I’ll just uninstall Corel. I never use it anyway.

Must be version. Write " I do not know " or " 000 ". :wink:

Submitted all of them. Still a little weirded out by the file inside that a old Corel installer. But I cannot even move it to the chest so there’s not much that can be done about it. None of my other scanners are catching anything. ???

Ok Now you wait. After each VPS update go into the chest and reanalize the files and see if they are detected. If they are not, Avast! included the exclusions in the VPS so you can return the files back. Also Avast! can contact you here or e-mail and tell you that they are indeed infected, hope not.

I will advize to download Malwarebytes’ and have it in your PC as a second on demmand scanner. Since it is free you should keep it updated manualy. Just a quick scan a week is enough.

Have a nice weekend Vic.

Thanks for the help.

I use Malwarebytes, ESET Online Scanner and Super Anti Spyware as my on demand scanners. I’ll be running all of them this evening to see if they believe anything is wrong.

You are welcome.

If you notice something funny or believe you are still infected, you can open a new topic in Viruses and Worms here:

http://forum.avast.com/index.php?board=4.0

You must read and download these progs first: MBAM, OTL, and aswMBR.exe:

http://forum.avast.com/index.php?topic=53253.0

and attach their logs to the post you oppened.

Have a nice one.