Can Avast be infected and how to tell

If I have a virus can Avast be infected and compromised and how can I tell? Can a virus control Avast and the scan results?

No, a virus can’t infect a modern anti-malware tool.
Viruses are (almost?) extincted.

Can malware infect anti-malware tools/files ?
Ofcourse it can if it is able to breach the protection of the software.

you can use several second opinion scanners to scan your PC
1/ zemana antimalware portable (free)
2/ HitmanPro (trial)
3/ Norton Power Eraser
4/ (optional) Emsisoft emergency kit

I recommend scanning with the first 3 tools. Be careful with the third one because many of the results may not be malwares

How can I tell if Avast is infected and what to do? I reinstalled it several times but it keeps on showing me errors…

Also what if the malware is a password-protected file or a corrupted archive, they go unchecked by avast don’t they?

I’m suspicious that this file might be infected and I can’t scan it with Virustotal because it says the file is in use: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl

Please help :frowning:

What error(s) does avast show ?
How exactly did you reinstall avast ?
What OS/SP ?
What exact version of avast ?
Any other security (related) software installed ? (or was there)

The directory C:\Windows\System32\LogFiles\WMI\RtBackup stores ETW trace files (extension .etl) for real time event trace sessions.
You can create copy of it and submit it to VT, or boot in safe-mode and submit it from there.

Several Error 3 when scanning certain folders inside Steam’s, I made a thread about it earlier.
I deinstalled it and then after a reboot downloaded it again and installed.
Windows 7.
The latest?
Nope just Avast.

Oh I didn’t know I could copy it… How does that work? I just copy the file and upload it on VT? If it’s infected will the malware remain in the copy?
Does boot scan work for those files too? Since you told me in another thread that boot scans don’t scan all files?

The error doen’s say there is a problem/thread, just that avast can’t scan the files.
https://blog.avast.com/2014/02/28/how-do-i-handle-files-that-avast-cant-scan/

I don’t see any reason at all to reinstall avast nor to scan that file.

I know but when I try to scan “C:\Program Files (x86)\Steam\steamapps\common\Unturned”

I get this among the Error 3: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl@\common\Unturned\Maps\Russia\Foliage\Tile_-57_40.foliage [E] Системата не може да намери указания път (3)

Doesn’t that sound like malware?
Does it make sense? And furthermore the @ is sometimes replaced by chinese symbols and I have no folders or files in chinese…

No, it doesn’t look like malware at all.
Stop worrying.

I ran a scan of the same path some days ago: C:\Program Files (x86)\Steam\steamapps\common\Unturned

And here is what I got: C:\ProgramData\AVAST Software\Avast\lsdb2.json.old\ॾ쪒ǒ搉ॾ쪒ǒ搉ॾ\common\Unturned\Maps\Hawaii\Foliage\Tile_-62_-42.foliage [E] Системата не може да намери указания път (3)

See the symbols? I deleted Avast and now it shows me the same error for those ETL files. I can’t delete those files cause I worry I might break windows so why does it show me such weird errors with chinese and paths that have nothing to do with the one I chose to be scanned?

How can I tell if Avast is infected and what to do?
Have never ever heard of a infected AV program
Also what if the malware is a password-protected file or a corrupted archive, they go unchecked by avast don't they?
It would have to unpack to run, and then it will be scanned by the realtime protection ;)

I suggest you attach FRST diagnostic logs and let a expert have a look inside

Can I really copy a file and then upload it to Virustotal if it’s in use? I mean does the malware inside (if any) also copy with the file?

Can I really copy a file and then upload it to Virustotal if it's in use?
You find out if you try

No I mean if there’s a file in use by the system and I can’t upload it to VT can I make a copy of it and upload it? I mean if it has malware does it copy too?

Ofcourse if it is malicious the malicious content will be copied also.
But that doesn’t matter and won’t do any harm as it not a executable file.

Besides that, it wouldn’t make any sense to submit it to VT if the malware is removed from it before sending it.
But I bet that there is no malware in that file as it just a realtime trace log.

Most malware is not inside a file, the hole file is the malware

Only files that has been injected with malicious code from a real virus (file infector) would be like that.
But they are rare these days and if you had one your avast program would go bananas with warnings

I think your issue is related to you have fiddled around with lots of stuff you should not, something that the FRST diagnostic logs may find out

I see, thank you!

What about my earlier post:

"I ran a scan of the same path some days ago: C:\Program Files (x86)\Steam\steamapps\common\Unturned

And here is what I got: C:\ProgramData\AVAST Software\Avast\lsdb2.json.old\ॾ쪒ǒ搉ॾ쪒ǒ搉ॾ\common\Unturned\Maps\Hawaii\Foliage\Tile_-62_-42.foliage [E] Системата не може да намери указания път (3)

See the symbols? I deleted Avast and now it shows me the same error for those ETL files. I can’t delete those files cause I worry I might break windows so why does it show me such weird errors with chinese and paths that have nothing to do with the one I chose to be scanned?"

Can you guess why I get this weird path when scanning a folder that has nothing to do with that path? Also the chinese letters?

Thank you for the info!