I’ve run two full scans (Full System Scan/Scan whole files) on my mac (OS 10.6.8 ) and Avast says I have two infected files each time. When I check the report, there are no details (file name, malware name), so I have no information on the files, nor do I have the option of deleting them or moving them to the chest. Could anyone help with this one? I haven’t been able to find anything on the forums, or google, and tech support only can help windows users.
Do you really mean infected files?! Aren’t those two files “unable to scan” files? Infected files are always shown
in the report, “unable to scan” files can be displayed using the context menu (right mouse button click).
Thanks for the reply. Avast does say they are infected. I get the red popup after the scan indicating and infection, and I see in red the number “2” in the report. This is the first time I’ve had this issue. In past, I got all the information on infections, and therefore the option of either trashing or dumping in the chest the files. I do have lots of “unable to scan” files in orange in my reports.
I don’t have access to this computer, and have had it powered down since getting the scan results. I’ll get a screenshot over once I get access to the computer again.
Hmm, this looks really like a GUI bug. Can you please run a scan from the command line:
scan /
so we can see, what the infected files are? (Note, that like the “find” command, “scan” prints
out only infected files, so it may look like nothing is happening. And of course, the scan will take as long
as a full system scan from the GUI)
I just ran the command in the terminal as you instructed. I’d have done it a long time ago, but realized it had been too long since I backed up everything, so that took a little time. I didn’t mean to take so long to get back to you about this.
Looking at the terminal, I get the following types of warnings:
File name too long (twice)
Compressed file is too big to be processed (twice)
LHA archive is corrupted (fourteen times)
Not a directory (three times)
Compressed file is too big to be processed (eight times)
Archive is password protected (lots and lots)
ARJ archive is corrupted (three times)
Compressed file is too big to be processed HA archive is corrupted [edit this was a typo]
DEB archive is corrupted (three times)
OLE archive is corrupted (twice)
and finally, some decompression bomb messages:
avast: /System/Library/PrivateFrameworks/MediaKit.framework/Versions/A/Resources/MKDrivers.bundle/Contents/Resources/bootroot.loader|>bootroot.loader.dmg: The file is a decompression bomb
iPod/iPod131.pkg/Contents/Resources/iPod131.pax.gz|>iPod131.pax: The file is a decompression bomb
iPod131.dmg|>iPod/iPod131.pkg/Contents/Resources/iPod131.pax.gz: The file is a decompression bomb
iPod131.dmg: The file is a decompression bomb
As far as I can tell from other forum posts, the decompression bomb warning isn’t necessarily an indication of anything serious? Do the other types of warning seem ok? I’d like to double check these with you, as I did get in the GUI report 2 infections, and the preceding red popup indicating an infection. Before this, I had run some scans that turned up some other issues, but I was able to either put those files in the chest, or delete them. I ended up deleting the files, and then ran another set of three scans. And it was these three scans where I got the 2 infections detected warnings, but no option to put these in the chest, or delete them, which is why I started this threat to begin with. Sorry for all that additional information, I don’t think I mentioned it before.
Hi,
There is nothing suspicious in the report. All the packer warnings are quiet common as
some archives have a very loose format so it is hard to decide whether a file contains such
archive or not (Avast tries to uncompress whatever looks like an archive).
The packer bombs are most often only files with extraordinary high compression ratio, and
no malicious files. In your case, this is IMHO the case.
Thank you very much for all your help and your quick replies. I hope I can ask just one final question if I may? In future, if I get the same issue of an infection warning but with no information in the report (using the GUI), I should do the following: run the scan again from the terminal, examine what the warnings are, and if they are the same, I can reasonable assume there are no actual infections on my machine?