\This is regarding an older \Gateway laptop with XP on it. I got it going for my grandson to play games on & haven’t had it on for a while. Turned it on and updated, did a scan tonight \and got a whole page full of stuff it says it can’t scan. Malwarebytes scan turned out fine. Can someone tell me where to find this log so I can attach it for someone to take a look at?
There are many different logs (in different locations), and I’m not 100% which one exactly you are looking for.
Maybe avast main GUI → Scan Computer → scan logs? (extend the width of the columns.)
Some test logs are in the application data → avast (or alwil) → avast(5) → log → then you have several logs.
Or maybe you want the reports, which is almost the same: application data → avast (or alwil) → avast(5) → report → then you have several reports.
The above path is of course not exact, but you should be able to find it in your system (the exact path depends on the OS language and the exact versions of Avast updated in your system).
In any case, when the result says that the file is “password protected” and that Avast can’t scan it, it does NOT mean that you have some malware. It just mean that Avast doesn’t know the password, so it can’t scan the specific file deeper.
In any case, please report back.
First, I want the location of the log of this scan which will show someone who knows more than me what was found. I want someone to look at my scan log.
“In any case, when the result says that the file is “password protected” and that Avast can’t scan it, it does NOT mean that you have some malware. It just mean that Avast doesn’t know the password, so it can’t scan the specific file deeper.”
I understand your statement above, but there is something wrong. When I last had this machine on regularly everything was fine. I turned if off on October 29 and it has been off since then. I turned it on last night, updated Avast Internet Security and Malwarebytes and did scans and, as I explained, I’ve got a whole page full of stuff on the Avast scan. Why? Nothing had changed so what has happened? Why didn’t these “password protected” items show up in any of my daily scans with Avast previously? Again, the machine has been turned off and there have been no changes made to anything.
Also, what does a person do with all of these items? I really need someone to look at the log of this scan.
You are basically repeating your first post. I told you where in the main GUI of Avast the logs can be seen.
The other 2 locations are for reports and logs. Each file is related to a certain type of scan.
If you can provide which specific scan you ran, then maybe we can tell you which file to open so to view the results. Then knowing the correct file, you could attach it here in your next post so someone here can review it and give some answer.
So, if you could provide more specific information, we can try our best to help you answer your doubts.
Please post a screenshot.
To Asyn: I finally found within A|vast where you can request a report of your scan. I am attaching that and hope it works. It took me 6 or 7 screenshots to get everything that came through. If this doesn’t work I can attach those.
Yes, it worked. 
These files are all related to password protected Adobe files. So nothing to worry about.
Looks like you have done something with Adobe, updated it etc. and that has created the system restore (SR) point (now renamed by SR to A0007239.exe) ?
Something within the A0007239.exe are a number of password protected files in the adobe_js and images folder, this isn’t unusual as some applications as it appears to be protecting that folder and other files within the A0007239.exe file itself, perhaps to prevent the content being infected/changed, etc. This is to me very understandable given the target that Adobe reader, etc. is to malware.
Essentially you have nothing to be concerned with.
@Nikilet,
So, essentially it is exactly what I already told you. And you respond as if you “happen to find” those reports, while I told you where to look for them. If something was not clear, you should had said so.
In addition, you previously said “nothing changed” for this to happen. Well, “something” happened. As mentioned, those were files for an update. There is a reason for me to have asked you to post the report.
I’m glad all is clear, and this is not the end of the world for anyone, but I would say your attitude was “not nice”.
No, it is not essentially exactly what you told me. Go back and read your answer to me and try to put yourself in the shoes of a novice computer person. You jumped all over the place and confused me and when I tried to write back and nail you down to something then you told me I was repeating myself. I thought the same as you, that your attitude was not very nice. For instance, you did not tell me that to get a log file of the scan I had to go into the scan settings and check the box to request one. And to the best of my knowledge, nothing had changed. I did update Adobe Shockwave today, but this first scan came through Yesterday.
I know these items aren’t infections, but I still don’t understand why they did not show up in all the scans done previously, and now they do.
Not sure I understood DavidR’s comments about a restore point, but there is nothing in my System Restore which would refer to this A0007239.exe
Is there any way to stop this big, long list from coming up every time I scan?
We just see it differently. Let’s move on.
What David said was based on your report. The specific path shown there just shows that there is some Restore Point. Yet, there is a possibility for a Restore Point to be still in the system, but not listed in the respective list (For example, CCleaner deletes the list, not the files).
Adobe has an “autoupdate” feature. It may have been activated “sometime”, and in rare cases this could happen really “automatically” (with no notification to the user). I don’t know if this is the case of your system. I’m just offering a possible case that fits your description and the report attached.
So is there anything I can do to keep all this from coming through every time I do a scan?
- Because they weren’t there before.
- Either you just ignore it, as it is no threat at all, or you have to clean your restore point.
If you can’t find any reference to A0007239.exe then perhaps avast won’t find it later.
However, I rather doubt System Restore refers to file names as such as such generally it is by RP number RP48 (in this case) or by date, etc.
There would be little point in referring to the A0007239.exe file name as that in itself is a name assigned by SR and not the original file name. Only the file type .exe is retained so you know the file type (which isn’t a great deal of help); you/we are only getting an idea of what it was because of the information the avast log produced as to what is inside the A0007239.exe file.
So what can you do, A) keep ignoring, B) set an exclusion for that RP48\A0007239.exe or C) manually delete restore point RP48.
The full path being C:\System Volume Information_restore{EA9CB5E9-A5F1-4370-B918-FB61F50F4DE8}[b]RP48[/b].
Generally I give this advice for detections in the system restore points, it could equally be applied (manual removal if you don’t want to follow A or B above) in your case.
-
Infected/suspect Restore Points:
There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore. -
Worst case scenario it isn’t infected and you delete it, you can’t use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
-
So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.
####
Obviously I can’t make that choice for you but I have laid out your options.
Short answer: not really.
Explanation: The “long list” shouldn’t bother you, specially if those “password protected” files are coming from old restore points. Any file downloaded could potentially have such result, simply because it doesn’t depend on you, but on the manufacturer / producer / developer of the file.
Specifically in the case of restore points, they are automatically deleted according to the settings (in Windows). New restore points replace older ones, and free space in your HDD is also a factor (according to your percentage of free space, Windows reserves more or less space for restore points).
Many little settings can be changed in Windows to affect restore points. In general, it’s not worth to get onto those little settings, unless you really know what you are doing and the consequences of that.
That’s on Windows side. On Avast side, you have some configurations, like maximum size of logs and / or reports (but not all the logs and reports are affected by this general setting), or max date to save an old log. As you can see from the specific folders (“log” and “report”), each text file is related to the type of scan or the specific shield that was triggered, so some of them also have some possible configuration.
The bottom line, IMHO, is that the only reason to review a full report is when there is at least one potential problem or infection. The “password protected” result is not such a case.
I have no Adobe on my machine. There is nothing in Revo Uninstaller, no folder in Program Files. A reminder that this laptop runs XP.
I did just go in and shut System Restore off, thus removing all restore points. Will let you know what happens when I run the next scan. If I understood correctly, these files should no longer show up.
- Are you sure…?? ;D
- Correct.
Yes, I have Adobe Shockwave and Flash, but no Adobe Reader in Revo, and there is no Adobe folder at all in my C/Program Files.
An update to any of those could result in the creation of a restore point and that is really what we are talking about. It is within the RP48\A0007239.exe that the Adobe and other internal file folders are mentioned (that is where the elements are contained that are going to be used in an update).
Remember we have to best guess what is going on as there really is little to work with other than what is shown in the avast log.