Surely the best AND worst thing about Avast is how ‘sensitive’ the program is…
Over the past few weeks Ive been getting claims off my version that it keeps on finding trojans all over the place on my pc (ok just 4 of them, but still…), yet when I uninstall and try other top of the range antivirus programs such as Norton, and scan the same areas of my pc, I get back the result that my computer is completely free of any such nasties.
Why cant the Avast team make the virus checking process or its virus database far more accurate? Does Avast not scan an entire possibly infected file, and therefore just guess that what could be on your system might just contain a virus?
I don’t want to be sending loads of files to the chest (or deleting them just to be safe), and then finding out in the future that I had no infections whatsoever and have lost some important windows files, for eg??!?
Well many that convert to avast from Norton find that on the first scan they do there are missed viruses that are correct and secondly having had Norton on their system it is harder to get rid of than many viruses. This often causes conflict and need a manual uninstall or the use of a Norton tool to get rid of the remnants.
avast like many other AV is signature based so it is looking for that signature within the file, having found that signature I don’t know if it looks further but there wouldn’t really =be much purpose in that having found the signature. The problem would come if a signature matched a file that wasn’t infected yet had somewhere in it that signature string and that is usually how false positives occur.
As to how do you determine a false positive. Well if after a routine scan (I do a weekly on-demand scan), you find a file that has been on your system for some time without adverse effect is now detected. It may be a false positive and if it is detected by a generic signature (Gen in the name), e.g. Trojan-Gen or xxx-Gen, etc. that may add more weight to checking against another on-line scanner, etc.
This is more likely to occur when a generic signature (designed to detect variants) detects a virus. This isn’t unlike other AVs that use heuristics which are trying to detect new malware by means other than and/or including signatures, trying to detect new or variants are more likely to have occasional false detections.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives
Hi,
I reinstalled soon after the first trojans were detected just to be safe. They were all found via the standard shield in avast. If I remember correctly one was a possible “Win95:SK” found in the ‘C:\My Programs’ installation folder, the other in ‘C:\WINDOWS\Temp’.
The last was found recently in the documents and settings cache folder:
“C\Documents and Settings\User\local settings\application data\mozilla\firefox\profiles\cache\ii1s6euo.default\cache\B98BOA2Ss01”
With firefox, I have all cookies set to manually ask at the moment, with pop up windows disabled. I don’t go on any untrustworthy websites or download product hacks. Looking at Avast, I cannot seem to find the entry in the log as to what kind of trojan it was (this is all avast ever finds), but ‘last infected’ with the program now running lists the above path, with the ‘infected count’ as 1.
I uninstalled avast and ran zonealarm, uninstalled that and finally ran norton, but after scanning my entire pc with a full update with both software the system is stated as being free from any problems. I suppose not all major anti-virus software is accurate, but it is extremely unlikely to be infected as avast has said with so many problems when just about every other software states I am not
ps-I also use Spybot and SpywareBlaster.
thanks for the info!
Rather than having to go through the hassle of uninstalling, clearing registry, etc. with norton, etc. it would probably have been easier to use one of the on-line scanners. Not only that you can google any suspicious or detected file names.
On-line Virus Scanners and other useful Links Security-Ops.eu.tt
Why is it so unlikely to “extremely unlikely to be infected as avast has said with so many problems when just about every other software states I am not” some programs are loking at different things and many of them don’t have the number of unpackers that avast does. So it is difficult to have any direct comparison. That is also why I suggested Jotti and VirusTotal for file inspection as they are multi engine scanners.
Unfortunately AVs and false positives are a fact of life that many others would rather not talk about, here we are a little more open.
Try not to be too quick to uninstall and test with another program (use on-line scaners with standard shield paused), when you do you lose valuable informatio in the avast log viewer (Warning section).
