avast! free home edition is the best free anti virus software undoubtedly, but I’ve some problem regarding the resident protection (standard shield), (I read someone else was also facing the some problem), anyways the problem is that yesterday when i scanned Documents and Settings Folder, avast! found one threat in it, I uploaded the same file on virustotal, and the results there were 0/40, even avast! on virustotal didn’t detect it as a threat.
But when i tried to move that file to virus chest, it continuously failed to do so, gave some error.
And secondly, by mistake i opened that file (double click), and avast’s standard shield didn’t warn me
So, I’ve two questions:
Y did it happen? Is avast! a little weak in moving the files to virus chest as compared to other anti viruses, coz it happened second time with me, that it couldn’t move the file to virus chest.
If I’m running a shell extention scan or a full system scan, (we know in free version, automatic healing of the threats found is not available), so if during a scan avast! finds any virus, it gives me a warning, can’t it happen that it completes it full scan and after it just give me the result and asks for action. Because during scan, if a virus is found, it doesn’t scan further, until some action is taken against the threat found.
The virus/malware that I got was from some web site (I had set web shield paused temporarily). The threat was in Documents and settings/Local Settings/mozilla/firefox/profiles…
When I scanned that folder, a threat was detected, but on clicking “move to virus chest”, it gave error access denied, and was unable to delete that file too.
When I submitted that file to virustotal, no antivirus (including avast!) detected it as a threat. And so far avast! has found 2 threats in my PC, and with both the threats same problem occured as they should have been easily moved to virus chest.
And regarding “standard shield”, I clicked on that infected file, but the standard shield (was active) and didn’t warn me.
I was reading the FAQs on avast website, it said Disable system retore feature if u r using windows XP or ME (and facing the same issue as I mentioned above). Y is it so?
Well in normal windows mode avast (nor other AVs) can deal with access denied notifications, however, avast does have the boot-time scan (need to have admin rights to schedule it) to overcome those times and no other AV does.
It isn’t unusual to not have avast detect on VirusTotal when it does so on your system. VT isn’t able to update the VPS in real time as the user is and this is often the cause.
The ‘access denied’ error could be a sign that the file is in use, possibly by firefox (as it is in a firefox location)
Also without an exact filename and location (and possibly the location from where you got it) it is hard to tell
This is odd, it should alert you ( I think)
-Scott-
EDIT:Ahh DavidR was quicker, yes the boot time scan will probably help. I didn’t know that about VT, you learn something every day
Hey I’m a Full member, When did that happen? -Is that 100 posts?
The standard shield and the firefox cache can be a bit of a weird scenario, as the firefox cache uses extensionless file names that are randomly generated. Some time ago on my old system I modified my standard shield settings (I can’t recall which one) so that it would scan these firefox cache files.
It is probably in the Scanner (Advanced) tab, if you have the Scan Created/Modified files option checked, you will most certainly have the On;y files with selected extension (note that word) and the Default extension (that word again) set options checked.
So here we fall into an area where firefox’s use of extensionless file names comes in, would they be scanned by default. Or would we have to check the All files option to have the firefox cache files scanned. Or would they come under the Scan created/modified files option ???
I agree there DavidR, mine is set to scan created/modified -->All files, like the second pic and if I tick the box that says show detailed info… in the advanced tab and browse a bit it tells of the scanning of …/firefox…/profile…
Damn annoying though, think i’ll leave that unchecked
What do you think about the standard shield not alerting on open,(especially if it thinks its a virus after a scan)?
Well the infected file was in C/Documents and Settings/(my account name on computer)/Local Settings/Application Data/Mozilla/Firefox/Profiles/(some xb…default folder)/Cache
When I scanned the Cache folder by right clicking, avast! detected a threat in it, which it was unable to move to virus chest(reasons described in the above posts).
But When i (double) clicked the infected file (mistakenly), avast! standard shield didn’t warn me at all.
The ashQuick.exe (context menu scan) is the most thorough of the scans. Once again this isn’t the full path as there is no file name at the end. Check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log as that makes it easier to extract the full details of the alert.
So I don’t know if you double clicked on the actual file (firefox extensionless file) or the cache folder. Here is what happens if I double click on an extensionless file in the firefox folder (nothing), see image. So the file isn’t executed so there shouldn’t be standard shield alert assuming it was infected.
Crucially the malware name it important too but not mentioned.
You’re welcome, Easy really, when you have the full information ;D
The file isn’t executed as there is no file type, windows interrupts with what process to use, so the standard shield never gets a look in so no alert. The ashQuick.exe on the other hand is executing an on-demand scan and doesn’t give a stuff if there is no file type, it gets stuck right in and scans, alerting to any infection.
So no mysteries, both ashQuick and the Standard Shield are acting as they should.
But still regarding the second problem, that why avast! is not excellent in moving the files to virus chest.
As i was reading the FAQs on avast’s site, it said if r facing the problem of access denied while moving any threat to virus chest, then Disable system retore… y is it so?