Well, I’m new here, having downloaded the latest version of AVAST (home) yesterday.
Could anyone explain to the philistine I am in matters of Web 2.0-flavored antiviruses how to parameter the logfiles, if there is such a function at all?
Thanks in advance!
There is a limited amount that you can do relating to log files, right click the avast ‘a’ icon, select Program Settings, Logging. It is however probably best to leave them on the default settings for a while until you get to know more about avast.
You can also right click the avast ‘a’ icon, select avast! Log Viewer, this gives a GUI interface to see what has been logged under the various sections. The log viewer extracts information from text files and collates it so it is easier for the user to find it all.
Wow! Thanx David… The settings seem to be basic indeed…
In fact, I want to perform a complete scan of my good ol’ HDD, now mounted on a rack in slave mode, whose exe-files got “generic-virtob(b)ed” (or “viruted”, depending on the AV who performs the scan…).
Besides, does AVAST effectively restore affected files? Bitdefender was unable to “repair” them, and thus Microtrend office achieved it, it modified the md5-sha sums, which is IMO worse than all…
I’m not entirely sure what you mean by restore, if you mean repair/restore to original pre infected state, it would depend on the infection and if the VRDB had also been run on these files prior to infection.
Well avast can detect virut (344 signatures), but there are new variants constantly created, so how it effective or if it could repair it I don’t really know.
I think any repair whatever attempted it is likely to modify the MD5 as it is unlikely to be exactly as it was before infection (but no longer infected), it would only need to be say 1bit out to essentially change the MD5. This is my best guess as this isn’t something I’m totally familiar with.
“it would depend on the infection and if the VRDB had also been run on these files prior to infection” : Alas, no! 
Regarding the MD5-stuff, it would be interesting to know how AVAST (and other AV) operate. “Virut” seems to add a string of 7 kb at the end of every binary. It seems likely that by substraction of this same string, identified by the AV, you get exactly the same filesize than before infection, or am I missing something?
Besides, do you know where I can find an extensive help/tutorial on Avast 4.8? Their site (FAQ/support) is not very enlightening in this regard…
avast! User Manual http://www.avast.com/files/eng/avast!-user-manual-home-edition.pdf.
Thanx to both of you!
The trick is getting the whole string (a variant could have a different string) that has been added and where it has been added, the entry point. I don’t know if avast has a specific repair option (I’m only an avast user) of the virut infected files (it isn’t on the list of Worm/Viruses in the avast cleaner tool), so it would have to a repair in conjunction with the VRDB.
The problem being if you hadn’t had avast installed before the infection and had run a VRDB generation then there would be no information on the infected files state before infection to attempt a repair.
You’re welcome. Feel free to come back any time you need help or just to change experiences 8)