I just downloaded Avast! Free Antivirus the other day and I am very pleased with this excellent product.
Just one question: Every time I do a scan, I get a message at the end that not all files were scanned and it says: Error 267 Directory Name is Invalid. The directory name is C:\WINDOWS: 2B2696B30AD92EF4. There is no indication of how to correct this and I do not see any such directory in my c:\windows folder.
Hopefully, someone technical from Avast! will see this post and enlighten me on what this error means and how I can get rid of it.
Try a forum search for Directory Name is Invalid as this has cropped up recently, I think it was either in this forum or the viruses and worms forum.
By all accounts, this is pointing to the ADS address the colon : after c:\windows, so technically there is nothing to correct, but why it is saying it is an invalid name is strange.
I just tried a forum search like you suggested but nothing came up about this (maybe) problem.
I should mention that this did not happen when I did a Boot Scan this morning. It only appears at the end of full or quick scans within the Avast! environment. So maybe I should just forget about it and stop worrying but I guess in the back of my mind I do get concerned when there is some kind of message that might indicate a problem.
I did a search and found a few, but didn’t find the one that I referred to by one of the Alwil team members. But basically this path is to an Alternative Data Stream (ADS), this is no NTFS formatted hard disks and as the name implies is an alternative data stream to the file or folder name.
This can contain additional information, etc. but could also harbour malware, which is why avast scans the ADS area of files/folders. See http://en.wikipedia.org/wiki/Fork_(filesystem) and scroll down to Windows for more information on this.
Technically the error is correct, as if you try to create a folder with a : colon in it, windows won’t let you create it as that character isn’t allowed.
Further to that, this isn’t an indication that it is infected/suspect, just that avast can’t scan it, but the reason is as I said strange if the directory file name was not valid it has still found it.
I just did a full scan with Malwarebytes and no infections were found. Some of what you have stated is a bit above my head (ADS). But why Avast! is giving me this “not all files were scanned” message at the end of a scan is puzzling. I never got it with Symantec, CA, Ad-Aware, VIPRE, or any other anti-virus software that I had used in the past.
I cannot even find this so-called invalid directory. So is there any setting I can make in Avast! so that this message will not appear in future scans?
But the situation there is different than mine if you look at the folder(s) in question. Mine was a wierd C:\WINDOWS: 2B2696B30AD92EF4 which makes no sense since I could not find any such thing in explorer.
I just want to get rid of this message at the end of the scan where it says that some files could not be scanned. The Error 267 and above invalid file name shows up in details with no mention whatsoever about how to handle it.
The situation is exactly the same in both cases.
I must say I don’t know what to think about it… either there’s a problem somewhere in avast! engine - but I’m not aware of any recent changes to the related pieces of code, or… there’s a rootkit/malware spreading, manifesting with these symptoms.
Well, I’m sure there are other explanations, but these two look the most likely to me at the moment.
Can you find (e.g. in the scan logs) what was the first time this was reported (which, in your case, probably means when you installed avast!)? I’m looking for the first version of the virus database (if there was a new problem there, it would be easier to find knowing when the change happened).
No, as in the reply it explained that this was an ads stream not a physical folder but the ads stream of that folder location.
As Igor mentions it is possible that malware can use the ads stream of files/folders and that is why avast scans the ads stream in NTFS formatted drives. But why the error is reported is the mystery, which hopefully now Igor is aware we may get a resolution.
@ mdubin
You could also run a scan using SuperAntiSpyware (SAS) as that also scans alternative data streams, so it would be looking in the same areas and see if there are any reported issues there. However I don’t know if SAS reports things that it has been unable to scan.