OK. In case someone now looks up this topic - the subject is a false positive… avast! positives were ACCURATELY discovering the Win32:Tenga virus.
Still VERY puzzling how it got in but I have checked every log I can check and can see no trace of where and how it got in NOR did I ever discover the actually source.
After my last post, I isolated the networked PCs from each other and isolated them from the internet (after updating the VPS files of course).
Then on each of them I did the following:
I disabled system restore on ALL partitions on ALL drives. Interestingly enough this did NOT remove all restore points so I manually deleted the restore folders from all partitions (deleted - not moved to Recycle Bin).
Then the long wait while avast! did a complete “Thorough including compressed archives” scan on all partitions.
I did the partitions in groups to minimise the possibility of disaster if there was a power cut (it’s lightning season here in Georgia) did the OS partitions first then the data partitions (where ALL of the infections were found bar some oddities which are not worth worrying about).
I cannot think why I would do this in some sort of silent mode so I didn’t look it up to see if possible.
I am still a little puzzled why it insists on alerting some viruses for me to choose the action during the scan (which means you could leave it on overnight and find it had stopped after 5 minutes unattended) and yet most of what it finds is left until the report stage after the scan is finished. Can’t find an explanation in Help so any ideas on that one and can you include it in Help some time on an upgrade?
avast! found different things on each PC and LUCKILY I seemed to have created a sort of trap for viruses in that I had a complete copy of an old drive with WinMe on it in one of the partitions and Win32:Tenga wasted most of its efforts harmlessly infecting all the exe files on that copy all of which could simply be deleted. So it never actually affected any of the working partitions despite both WinXP PCs having multiboot capability into Win98SE. This isn’t telling the virus writers anything that helps them as there is no way a virus could be expected to know that it was a “dummy” it was infecting (I think!)
Anyway, apart from LOTS of Win32:Tenga infections, it found some other stuff which seems to be older viruses which were never scanned with later updates (somehow) plus a LOT of very old email archives which were thrown up as Decompression Bombs. I searched avast! site, forum and the web and can’t find out exactly what this does. I understand what it IS, but as far as I can tell, unless there is a virus in the tail-end of it, it doesn’t really DO anything except maybe crash a piece of software once. Am I right?
In each case where a virus alert arose, I attempted repair, then chest then delete (if the others didn’t work). If THOSE all failed, which happened a lot, I manually deleted the entire file containing the virus - which avast! was unable to know about.
Once scans were complete, I did the same with each occurrence of anything except “unable to scan” - those were for two reasons “password protected” and “file corrupted”. While avast! can tell you that, it can’t actually do anything with them. So I removed the corrupted files manually and opened the password protected files later to let avast! in to scan them.
While the VRDBs were right up to date, remarkably few of the files could be repaired despite being totally unrelated to the operating system partitions. Many of the “Move to chest” operations failed too and a few of the deletes. Not sure about that - I thought an up-to-date VRDB meant that nearly ANYTHING non-OS could be repaired…
After completion of ALL scans and doing SOMETHING with ALl the infections (repair/chest/delete or manual delete), I scheduled a boot-time scan of ALL partitions and was amazed to discover that avast! then discovered even more infections - many of them appeared to be the same as the ones found during the previous scan. Can’t work that out at all but at least I know it’s clean.
One of the files infected and which couldn’t be repaired was the download of Ad-Aware install file so I downloaded the latest version, installed it and ran it and lo and behold, the first thing it threw up were Malware occurrences. I guess the definition of Malware is different or something.
Anyway, once all partitions on all PCs were clean, I re-enabled the network and things seem ok.
Several questions up there, but this one is my MAIN reason for posting again. If I get another alert, how do I discover where the ORIGIN of the infection is so that I can check it was sorted out? I mean after dealing with hundreds of infected files, I still have no idea which one was the active virus which then did it’s parasitic best.
If you can answer that one, you are a hero 
Additionally, I wouldn’t mind discovering:
a. whether a decompression bomb is, on its own, as harmless as I suggest.
b. Why an up-to-date VRDB does NOT mean that you get the majority of files repaired (especially with a parasitic “add-on” like Tenga).
c. Why the boot-time scan finds viruses apparetnly already dealt with by the scans run within the OS.
Apart from that, I am still using avast! 