New to Avast and I'm infected! Please can you help?

Hi there

(Please be gentle with me; I’m new to Avast, and finding ‘infections’)

Due to problems with updating AVG, I removed it and installed Avast.

I just ran my first scan, and the scan results state there are four infections, along with 862 files ‘unable to scan’ (see below)
I have no idea whether there are false postives or not, and moved the ‘infected’ files to the chest. Now I don’t know what to do next!

Can you help please, and tell me where to go from here? :slight_smile:
Many thanks


Scan result:

862 files - unable to scan

Infection: Win 32

C:\Program Files\Common Files\AOL\Backup.…\utility.dll
C:\Program Files\SBMAV Disk Cleaner\dcleaner.exe
C:\System Volume Information.…\utility.dll
C:\System Volume Information.…\A0007163.exe

avast can’t scan files that are password protected, it doesn’t know the password.
There are many legitimate reasons why a file was password protected. For instance, the ones you’re talking about. Lavasoft stores its data in a password-protected ZIP archives (to prevent other similar tools from messing up with them). It’s really nothing to worry about - it’s normal. Many programs (usually security based ones) password protect their files for legitimate reasons such as AdAware and Spybot Search & Destroy, there are others (and avast doesn’t know the password or have any way of using it even if it did know it). Do you use any other security based programs ?

When you run scans with the above programs and you delete harmful entries that they detect, a copy is kept (in quarantine/restore/backup) in case you need to reverse what you did. These are usually password protected, you should do some housekeeping and delete old backup/recovery/quarantine entries (older than two weeks or so), this will reduce the numbers of files that can’t be scanned.

By examining 1) the reason given by avast! for not being able to scan the files, 2) the location of the files, you can get an idea of what program they relate to. You may need to expand the column headings to see all the text.

Files that can’t be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.

You’ve done the right thing: the safer is sending to Chest.
Now you can right click the files into Chest and scan them from time to time (once a week) to be sure they’re infected (not false positives). After two weeks, if your computer is working fine, you can delete them from Chest.

Welcome to avast forums… it’s a different and more friendly place than other antivirus forums :wink:

Thank you :slight_smile:

I use the following regularly:

Super Anti Spyware
Spybot Search & Destroy
SB MAV Disk Cleaner
C Cleaner
Spyware Blaster

Sorry, but I don’t get the bit about programs being password protected though. I don’t use any passwords with them (is that what you meant? :-[)

As for the infected area, I wish I could expand the column headings so I could see more info, but I can’t seem to do this.

So I’m not infected anyway then? Oh, I’m really confused… :cry:

Good.

Don’t know, never heard about…

The program uses the password that it chooses by itself, without your interaction.
That files are safe, don’t worry with them.

Why not? Use the mouse over the column separator and move it to right…

No, I don’t think so…
But to be sure, can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.
If infected files are found, it’s safer to send them to Chest instead of deleting them.
This way you can further analysis them.

Hi again :smiley:

I’ve tried using the column separator, but it doesn’t work for me.

Can I ask, if files are sat in the chest, then they can’t do any damage from there to my computer?

Thanks again :slight_smile:

Files in the chest can do no harm, it is a protected area.

Personally I would check the first two detections you posted (see below), you don’t say what the malware name was, but I suspect win32:trojan-gen (or another name ending in -gen). This is a generic detection

C:\Program Files\Common Files\AOL\Backup\...\utility.dll C:\Program Files\SBMAV Disk Cleaner\dcleaner.exe

Do you actually use an AOHell backup utility ?
If so more reason to confirm the detection.

Since you use a clean-up tool SB MAV Disk Cleaner, it could be what it does that is suspicious rather than a definite infection.

The C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log file contains the data that you view in the avast log viewer, you should be able to see everything in that if you can’t get the column headings trick to work.

Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

No they can’t as David said.
They’re encrypted and protected.