How to check last event details?

Avast Free Antivirus / Premium Security
1

This morning, my mother started her computer (Win XP SP3, Avast Free 6.0.1367), and after windows started, she found an Avast message saying it had found an object, she says the name started with “robo” but can’t remember the whole name. It recommended to delete it, and after that, to schedule a start scan, and reboot. She did that, and the computer is clean.

But, how can I check what kind of “object” did Avast find? I can’t find any log, the computer has been restarted 2 times since it detected the “object”, and “show last message” is grey.

2

It was probably this False Positive rootkit

http://forum.avast.com/index.php?topic=89963.0

3

Hi faramir,

You can check in Virus Chest. If avast! finds any kinds of infections, it will put them in VC. To open Virus Chest,

avast! GUI → Maintenance → Virus Chest

You can Delete, Restore, Extract, Scan, Report False Positive… etc from there.

4
You can check in Virus Chest. If avast! finds any kinds of infections, it will put them in VC
Not when it deleted
It recommended to delete it, and after that, to schedule a start scan, and reboot.
5

Thanks, I think it is very likely it was that false positive, still, I’m greatly disappointed due to not being able to check the details of that alert… All I can check is the log of the start scan done after the alert, and it didn’t find anything. I’d really want to know what file supposedly was deleted. I still hope there is a log hidden somewhere.

P.S: sfloppy.sys is where it is supposed to be, and a manual scan doesn’t report it as virus.

6

“sfloppy” will still be there, Windows itself replaces it again after deletion and reboot. Avast has now been updated, so no FP now.

About the logs, there is a “report” folder and a “log” folder. In addition, each shield has some “shield log” link.

7

Hi faramir,

You can get the logs and reports from,

C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\ Log and Report folders…

8

I found the log files, and the reports too (txt files), but they didn’t have any info about a virus alert. I was expecting to see something like “date/time alert, c:\somefile infected by somevirus. action: deleted”
???