I cannot get On-Access Scanner Message off
The "Show detailed info on performed action" is off, but the message still appears.
Please see the file attached, for a screenshot
Can someone please help me?
Right click on avast! icon next to the clock, select ‘On-Access Protection Control’, click ‘Details…’ button, select ‘Standard shield’, click ‘Customize…’ button, in appeared window switch to the ‘Advanced’ tab and uncheck ‘Show info on performed action’ button.
This option is turned off by default.
It is unchecked (Sorry, I did try to explain that)
Since this is a ‘detection’ this is I believe not the regular “Show detailed info on performed action” so it has no effect, if it were enabled you would see ‘all’ the clean files that the standard shield is scanning as well.
You should also have had the avast Alert pop-up and an audible alert.
First you get this Blue and Yellow notification followed by the alerts.
I did a test on one of my samples and standard shield (I to have the default setting of no “Show detailed info on performed action” notifications) first displayed the notification, followed shortly by the pop-up and audible alert, so it would appear that avast is working as expected.
Thank you for that explanation, but how do I put it off. It is very irritating.
You can’t it is part of a virus alert, you should take action to eliminate the reason for the alert, the virus/detection. Moving the infected file to the chest, is just one of the actions (and recommended) available in the pop-up alert (that you also get) would remove the file from that location, stopping the alert in the future.
The infected file in this …\mydocuments\Webs\Emo_Backup_0605\files\files.exe.
You really need to confirm the detection is good then either move the file to the chest or if it is a false positive exclude the file from future scans and send a sample to avast to correct the VPS.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.
Thank you David
As you saw it is a Win32:Brontok-I, worm. The problem with this infection, is that the worm makes an entry in almost all my directories. avast pics it up, and deletes it, but it does not stop. That means I can’t work because the messages keeps popping up the whole time. I am not worried about the effect of the virus, and I know avast is busy sorting it out, I just don’t want to see the pop-up message.
Is it always the same file name, files.exe being detected as the folder it was placed in could be a legit backup are you using Emo_Backup ?
The likelihood is there are other elements (undetected) that are restoring the infection.
You only have a limited option in the Home (free) version, to send the infected file to the virus Chest (silent mode, with general answer no, see below).
My own feeling on this is you should use the default interactive action. This way you know exactly what is going on with your system. If you are getting so many warnings, that you want to automate this process, I believe you should review your security practice - filter emails at source, delete from server rather than download them, review the sites they visit, etc.
See the avast help file, Resident Protection: Standard Shield Provider Settings - “Advanced” Page.
Click on Standard Shield and then on Customize.
Go to Advanced tab and select Silent Mode and the General answer No.
What is your firewall ?
It should be capable of blocking unauthorised outbound Internet Connections.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
- AVG anti-spyware (formerly Ewido) If using winXP. or a-Squared free if using win98/ME. Or SUPERantispyware Or Spyware Terminator
It seems that you’ve changed the avast settings without knowing what you were doing…
This is an option disabled by default. You can turn it off going to the Standard Shield provider settings, Advanced tab an unchecking ‘Show detailed information on action performed’. You can do this for the other providers too.
See http://forum.avast.com/index.php?topic=26104.msg213436#msg213436
Welcome to avast. The most configurable antivirus around 8)
But I can’t understand why aren’t you worried to get rid of the cause of the problem and be clean ???
Tech he hasn’t changed the settings, this is the blue/yellow notification of an infected file detected and not the show detailed info on performed action at work. You can’t get rid of this infected file notification, it is the start of the alert process.
Sorry. You’re right. I misread his post.
But, anyway, another reason for me to be worried… why wouldn’t he want to be clean?
Is it a false detection?
No I don’t think it is an FP and I too can’t understand why he is unconcerned about the brontok effects, just get rid of the alert. Easy way don’t use an anti-virus if you are more concerned about alerts than the virus effects.
Let me first start with by thanking you all for your reply’s and obviously your concern about why I am not concerned with the effect of the worm.
I have a avast 4.7 Pro, and it true that I did put it in silent mode - I did this so that I don’t have to see the pop-up message. It is also setup so that it would automatically delete the infected file.
I know exactly what the effect of the Brontok worm is, since it is not something that I could delete very easy, and I had to read through quite an amount of post on different anti-virus providers.
I have managed to get my system clean, and then 2 weeks later, it just starts again. When the worm is active on my machine, avast pics it up, deletes it, but since it creates a new folder, and a exe file in each of my folders in My Documents, it is an ongoing process. So avast pics it up, shows a message, pics it up, shows a message, etc, etc.
I think I got rid of the source, but I just wouldn’t know.
Just for a question? How was it possible for me to get a virus/worm, since my avast is always updated and always running. I could understand if it is a brand new virus/worm out there, but this one is a couple of years old. Shouldn’t avast blocked it from even starting to run on my machine?
You never answered the question about your firewall and this is the most common rout of entry as there could be an undetected trojan downloader that connects to the internet to download this brontok and possibly other stuff, when it arrives avast can detect it but is unable to stop it as what may be downloading it would appear to be just another file with no payload.
That is why we suggest the inclusion of anti-spyware tools which are more likely to find the trojan downloader. However, your firewall should also be playing a part in protecting against unauthorised outbound Internet Connections.
If you have Pro version, the wiser would be ‘repair’ then ‘send to chest’ then ‘delete’ chain of action.
Not an antivirus is perfect and we see, from time to time, avast misses an ‘old’ virus that should have be detected.