I CAN'T UNDERSTAND SOME PORTIONS OF SCAN REPORT

Hi there

I know this has been asked and replied 1000 times in this forum, still as long as I don’t get a personal answer, i am not satisfied; so please bear with me.

It’s about ‘unable to scan’ files because the files are ‘corrupted’. I would very much appreciate an explanation for this following scan report. Does this need any action to be taken ?

Report:

I’m sorry i’m not able to copy and paste the report here(don’t know why). However, here are a few details of the report:-----

All the files are in C drive

The files are “unable to scan” ones.

Unable to scan because Installer Archive/GZIP/CAB archive is corrupted

In the file path names, it’s showing that some files are…/Software Distribution/Download…files.
One file is … Program Files/Nero/Nero7/NeroBackItUp_Image Tool…file.
One file is … Local Settings/Temp.Internet Files…file.
One file is …Local Settings/Temp./install_flash_player /Flashutil.exe… file.
One file is …Google/Chrome/User Data/FlashUtil.exe…file.

Simple User Interface is showing no.of infected files as 0.

The “Repair” option is disabled in all corrupted files.

I have successfully deleted one…/Software Distribution/Download…file. Will this deletion create problems for my laptop?

Expecting a reply from you ASAP.
If needed, I’ll type my laptop configuration. Plz. tell me if I have to.

O…and finally… you all are doing a great job.

Thanks
Debasish Dey
Book-editor
Kolkata, India

Hi Debasish, welcome to the forum.
There are a few reasons some files can not be scanned by Avast, including the possibility they are password-protected by the program that created them, or use an unusual packing system etc. That they are unable to be scanned is not an indication that they are infected. They should not be deleted.
The file you have deleted is, I believe, part of the “downloaded program files” folder, which is used for Activex controls. (Mini-programs often specific to a particular website, to enable some particular functionality.)
If this is the case, you might notice its absence if you visit the site again and get prompted to install an Activex control.
Deletion of any file is never a good idea. If it was necessary, it becomes difficult or impossible to restore. Always quarantine rather than delete. And investigate it first.
If you take the scan report and maximize it, then move the column headers, you can read the full path and filename (or enough of it to learn more about the file) and thus realize if it needs more investigation or not.

  • Corrupted Archive file, this could simply mean that avast is unable to unpack it to scan the contents of the archive and assuming it is because it is corrupt. Even if it were corrupt there is nothing that a user can do to resolve any corruption, short of replacing the file. This I wouldn’t recommend (especially if this is for archives in the \System Volume Information folder, part of the system restore function) unless you are getting problems relating to that file outside of the avast scan.

The avast Repair option relates to cleaning an infected file and if that isn’t possible it won’t be active and in the case of files that can’t be scanned that option won’t be available. So avast can’t repair corrupt archive files.

See http://forum.avast.com/index.php?topic=35347.msg297170#msg297170 this topic for more information on why files can’t be scanned.

Files that can’t be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.

Hi Tarq

You’re right… I should’ve continued with the same thread… actually I am new to this forum; so using this forum is a learning process for me.

Anyway, here are the full filenames and paths:

  • avast! Report
  • This file is generated automatically
  • Task ‘Simple user interface’ used
  • Started on Tuesday, April 21, 2009 8:45:52 AM
  • VPS: 090419-0, 04/19/2009

C:\Documents and Settings\Debasish\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000041$INSTDIR\NPSWF32_FlashUtil.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Debasish\Local Settings\Temp\install_flash_player.exe$INSTDIR\NPSWF32_FlashUtil.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Debasish\Local Settings\Temporary Internet Files\Content.IE5\VPGW9VVH\main[1].js\main[1] [E] GZIP archive is corrupted. (42129)
C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img\root.img [E] GZIP archive is corrupted. (42129)
C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT7.tmp\jscript.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT7.tmp\jsproxy.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT7.tmp\licmgr10.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT7.tmp\msfeeds.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT7.tmp\msfeedsbs.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT7.tmp\mshtml.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT7.tmp\mshtmled.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT7.tmp\mshtmler.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT7.tmp\msls31.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT7.tmp\msrating.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT7.tmp\mstime.dll [E] CAB archive is corrupted. (42127)
Infected files: 0
Total files: 146213
Total folders: 2555
Total size: 10.6 GB

  • Task stopped: Tuesday, April 21, 2009 9:18:11 AM
  • Run-time was 32 minute(s), 19 second(s)
  • avast! Report
  • This file is generated automatically
  • Task ‘Simple user interface’ used
  • Started on Thursday, April 23, 2009 3:31:13 PM
  • VPS: 090422-0, 04/22/2009

Infected files: 0
Total files: 141851
Total folders: 2819
Total size: 11.2 GB

  • Task stopped: Thursday, April 23, 2009 3:49:50 PM
  • Run-time was 18 minute(s), 37 second(s)

As I can understand from this report, the second scan (Thursday,April 23) didn’t detect any ‘unable to scan’ file (correct me if i am wrong). So does it mean that there are no files in my system now that are unable to be scanned? I’d also like to reiterate my query here, i.e.,if Avast is unable to scan some files at all, then how can this be a guarantee that these files are not suspicious/infected? I believe infection can be detected by Avast only after scanning.

Thanking you in advance

avast can’t scan files that are password protected, it doesn’t know the password.
There are many legitimate reasons why a file was password protected. For instance, Lavasoft Ad-aware and SpyBot store their data in a password-protected ZIP archives (to prevent other similar tools from messing up with them). It’s really nothing to worry about - it’s normal.

Files that can’t be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.
Also, the packaging of the file could have some error, or use a non-standard pattern…

I would estimate that the reporting of said files as “corrupted” means that either they actually are corrupted, or more likely, an unknown compression is used.
The Nero backup is likely to have its own type of file compression, not recognized except by Nero.
The only way for sure to know such a file that is unable to be scanned is clear (a packed file, not a password protected file) is to run it, or more practically, have the program that created it run it, and if it carries an infection (in the Avast database) Avast will then block and alert on it.
In the case of the software distribution files, they are temp files. They’ve probably already had all the action they are going to see, and can probably be deleted.