Boot-Time scan results

First of all , sorry for my english .

Today i did a Boot-Time scan with Avast home latest version (Program ver : 4.8.1351 and VPS ver : 090913-0) .
It found 9 infected files and the scan time was 4 hours .

  1. heres the log of the scan :

09/14/2009 07:22
Scan of all local drives

File C:\Documents and Settings\Aviv\Local Settings\Application Data\Microsoft\Messenger\aviking4@hotmail.com\SharingMetadata\p.i.m.p_star@live.de\DFSR\Staging\CS{87237D21-0AB3-5FA3-7818-90123512E786}\12\12-{63D2C11B-D7FE-4E56-B45F-09C14D318B66}-v12-{63D2C11B-D7FE-4E56-B45F-09C14D318B66}-v12-Downloaded.frx\AFS Explorer 3.7\AFSExplorer.exe Error 42126 {RAR archive is corrupted.}
File C:\Documents and Settings\Aviv\Local Settings\Application Data\Microsoft\Messenger\aviking4@hotmail.com\SharingMetadata\p.i.m.p_star@live.de\DFSR\Staging\CS{87237D21-0AB3-5FA3-7818-90123512E786}\13\1561-{63D2C11B-D7FE-4E56-B45F-09C14D318B66}-v13-{54BEEA54-0A5F-4651-8105-EB387C4476CD}-v1561-Downloaded.frx\cv06.img\unnamed_7801.bin Error 42126 {RAR archive is corrupted.}
File C:\Documents and Settings\Aviv\Local Settings\Application Data\Microsoft\Messenger\aviking4@hotmail.com\SharingMetadata\p.i.m.p_star@live.de\DFSR\Staging\CS{87237D21-0AB3-5FA3-7818-90123512E786}\13\1562-{63D2C11B-D7FE-4E56-B45F-09C14D318B66}-v13-{54BEEA54-0A5F-4651-8105-EB387C4476CD}-v1562-Downloaded.frx\cv06.img\unnamed_7801.bin Error 42126 {RAR archive is corrupted.}
File C:\Documents and Settings\Aviv\My Documents\Aviv’s Folder\Set UP PT server\PT client Making everything tools inside\GS6_0_00-AI.rar.dap\GS6_0_00-AI\client\game 3032 admin.exe Error 42126 {RAR archive is corrupted.}
File C:\Documents and Settings\Aviv\My Documents\Aviv’s Folder\Set UP PT server\PT client Making everything tools inside\ItemEditor.rar\ItemEditor.exe is infected by Win32:Agent-NIU [Trj], Moved to chest
File C:\Documents and Settings\Aviv\My Documents\Aviv’s Folder\Set UP PT server\PT client Making everything tools inside\Items Editing.rar\ItemEditor.exe is infected by Win32:Agent-NIU [Trj], Moved to chest
File C:\Documents and Settings\Aviv\My Documents\Aviv’s Folder\Set UP PT server\PT client Making everything tools inside\stripper_v211rc1.rar_stripperX.exe is infected by Win32:Trojan-gen {Other}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}
File C:\Documents and Settings\Aviv\My Documents\Aviv’s Folder\Set UP PT server\PT client Making everything tools inside\stripper_v211rc1.rar\Stripperv2.07f??\ha-stripper_v207f.exe\loader.exe is infected by Win32:Trojan-gen {Other}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}
File C:\Documents and Settings\Aviv\My Documents\Aviv’s Folder\Set UP PT server\PT client Making everything tools inside\stripper_v211rc1.rar\Stripperv2.07f??\loader.exe is infected by Win32:Trojan-gen {Other}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}
File C:\Documents and Settings\Aviv\My Documents\Aviv’s Folder\Set UP PT server\PT client Making everything tools inside\stripper_v211rc1.rar\stripper_v211rc1_stripperX.exe is infected by Win32:Trojan-gen {Other}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}
File C:\Documents and Settings\Aviv\My Documents\Aviv’s Folder\Set UP PT server\PT client Making everything tools inside\stripper_v211rc1.rar\stripper_v211rc1\Stripperv2.07f??_stripperX.exe is infected by Win32:Trojan-gen {Other}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}
File C:\Documents and Settings\Aviv\My Documents\Aviv’s Folder\Set UP PT server\PT client Making everything tools inside\stripper_v211rc1.rar\stripper_v211rc1\Stripperv2.07f??\ha-stripper_v207f.exe\loader.exe is infected by Win32:Trojan-gen {Other}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}
File C:\Documents and Settings\Aviv\My Documents\Aviv’s Folder\Set UP PT server\PT client Making everything tools inside\stripper_v211rc1.rar\stripper_v211rc1\Stripperv2.07f??\loader.exe is infected by Win32:Trojan-gen {Other}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}
File C:\Documents and Settings\Aviv\My Documents\Aviv’s Folder\דברים לפלאפון\התקנות למשחקים\משחקים רגילים\משחקים לפלא\Counter strike.jar\player.png Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Aviv\My Documents\Aviv’s Folder\דברים לפלאפון\התקנות למשחקים\משחקים רגילים\משחקים לפלא\The Chronicles Of Narnia TheLion,The Witch And The Wardrobe.jar\narniachess\images\bg_tiles.png Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\Electronic Arts\Crytek\Crysis\Game\Levels\harbor\terraintexture.pak\tile5_6.raw Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\Electronic Arts\Crytek\Crysis\Game\Levels\ice\terraintexture.pak\tile2_4.raw Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\Electronic Arts\Crytek\Crysis\Game\Levels\ice\terraintexture.pak\tile2_5.raw Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\Electronic Arts\Crytek\Crysis\Game\Levels\rescue\terraintexture.pak\tile2_5.raw Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\Electronic Arts\Crytek\Crysis\Game\Levels\rescue\terraintexture.pak\tile6_2.raw Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\Electronic Arts\Crytek\Crysis\Game\Levels\rescue\terraintexture.pak\tile6_3.raw Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\Electronic Arts\Crytek\Crysis\Game\Levels\rescue\terraintexture.pak\tile4_4.raw Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\Electronic Arts\Crytek\Crysis\Game\Levels\village\terraintexture.pak\tile4_2.raw Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 23209
Number of tested files: 940178
Number of infected files: 9

I configured in the boot-time scan that every infected file will be sended to the Virus chest , but i see there only 2 infected files .

I sent these 2 infected files to Avast for scan for false positive .

My Questions are :

  1. Why the scan took 4 hours ?
  2. Why there are only 2 infected files in the virus chest ?
  3. How can I know if these files are false positive or not ?

Ty All

  1. Scanning time depends on lots of things- HD speed, amount of data on the HD, number of archived files to be extracted, processing power.
  2. The other detections were inside RAR archives- avast! won’t delete the whole archive- you’ll have to do that yourself if there’s nothing else in the archive you want to keep.
  3. Send them to VirusTotal- extract the files from the chest and upload them- you’ll need to disable avast temporarily to do so.

Here’s the result of the VirusTotal scan : http://www.virustotal.com/analisis/16ebdf54ba8a91dfe3c19392d6b1f7aab25bdd46598b97dcacb40097308d7603-1252922425

File C:\Documents and Settings\Aviv\My Documents\Aviv’s Folder\Set UP PT server\PT client Making everything tools inside\ItemEditor.rar\ItemEditor.exe is infected by Win32:Agent-NIU [Trj], Moved to chest
This is the file you’ve submitted to VirusTotal. What more do you want to know.
Seems that avast detected everything (the other files are not infected).
You can schedule a boot time scanning.

Ty for the fast helping :slight_smile:

I have removed all these corrupted archives (checked if I need them before)

Now I gonna schedule a boot time scanning again after I have disabled system restrore and removed Temp files and I will check how much time the scaning will be .

Be used to avast forum speed :wink:

There was no need to do that, though no serious harm done if you don’t use them.

  • Corrupted Archive file, this could simply mean that avast is unable to unpack it to scan the contents of the archive and assuming it is because it is corrupt. Even if it were corrupt there is nothing that a user can do to resolve any corruption, short of replacing the file.

Files that can’t be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.