Newbie here: how to know when detection found or not found?

Hi, I just switched to Avast from being a longtime Avira user, after reading reviews on showing Avast to be far superior (plus I was sick of false positives on Avira).

If I have a certain folder I wish to scan, I right click on it and use the context menu to scan it with Avast. However, when it is done scanning the info box just disappears. It doesn’t say “scan completed, no detections” or anything like that. How do I know if the results are good or bad? All the sections of the log viewer from “emergency” through “warning” are empty so I guess that means I’m ok?

Also, why doesn’t this program have an option for daily scan scheduling like Avira did? And why do scans take so long? I scanned a single archive file (rar) with Avira and it would only take 10 seconds… the same file with Avast takes a couple MINUTES… apparently there are 50,000+ items inside that archive and I guess Avast is being more thorough about scanning them all (and sub-archives within the rar) than Avira was? I have nearly 2TB of data on my machine and it’s looking like a thorough system scan will take over 10 hours… fortunately CPU usage is minimal on my i7.


Welcome to the forums The111,

Right click context scan window disappears when no virus is found but if you want some report. Follow:
Program settings > Common > Put a check on ‘Show results of Explorer Extension’

avast is supossed to be a fast scanner, if it takes more time that it is supposed to be, some remnants of avira may be conflicting with avast. Those remnats can be removed using Avira Registry Cleaner. The tool is in German, you’ll have to click on the button called Keys auslesen to search the registry for any issues. Then place checkmarks next to the registry entries you wish to delete and click the Löschen button to delete the keys.

NOTE: Using avira registry cleaner may also delete avast related entries.

Thanks for the reply. Tell me if you think this is a reasonable scan time. I put scanning back from thorough to standard, and took archives off, and ran a complete system scan… it took 48min for 2.0TB (wow, my guess was right, I actually have much more than 2TB available but was just guessing how much I was using). Screenshot below.

Now, if I did it with archive scanning on, and used thorough instead of standard, my guess is it would take 6-8 hours.

What does it mean if a file can’t be scanned because it is a decompression bomb?

NOTE: Using avira registry cleaner may also delete avast related entries.
It will. ;) Fortunately you can select which items to delete; just don't delete anything from Avast. If you're unsure, post the entries concerned here.

Most free versions of commercial AV’s have some feature or ability part-“crippled” or reduced. With some it’s the detection or cleaning ability. With Avast it’s the ability to schedule a scan. And a few other bits and pieces.
(One reason Avast is considered very good; the protection is excellent. In fact “advanced+” according to the latest AV-comparatives.)

A thorough scan will take a long time, it scans inside archives. These can be ignored (skipped) if desired, a virus inside a zip or rar can not activate unless the file is unzipped, at which point the on-access scanner should stop it.
Personally, I’d just do one thorough scan after first install, then a regular scan every month or so.

The scan needs to be (more or less) attended up to the first detection (if there is a detection) at which point the box in the alert window “do not show this next time” can be ticked, and the scan left to complete, while the user goes to bed, or work, or whatever.

You ca place an Eicar (simulated) virus near the beginning of the system folder on the C drive, that should speed the time taken for the first detection. You would need to pause the webshield to download it.

“A file is a decompression bomb” is alarming terminology. It just means the file is packed using an unknown and/or high compression algorithm. (Sounds fancy, don’t it? ;D). Don’t be alarmed, it is no indication the file contains a virus, just that it can’t be scanned.
Other similar errors you may get are “…the file is password protected”. Once again, don’t worry. This could be from the quarantine of another anti-malware scanner, or some program that uses encryption to store some of its data. Moving the column header of the scan report to see the full name and path of the file will usually reveal whether it needs further investigation.
And if you don’t know in regard to a particular file, you can always ask here.

Thanks for all that Tarq. So is 48min for a standard (no archives) scan on 2TB reasonable?

I would think very reasonable.

OT, but I’d also suggest MBAM as a demand (second opinion) scanner. The quick scan on this one covers all the likely malware installation locations, and is pretty quick. You would be glad of it if anything sneaked past Avast.

I’ve found the web shield and network shield in Avast (especially those two) have seemed to help prevent connecting to any nasties, anyway. Scans don’t find anything on my system, so far, for a long time.

I tried out the Avira registry cleaner and only found 6 entries, all which to me looked related to Avast. Guess the Avira uninstall got them all. :-*

Thanks again for all the good info all. Nice to scan my whole system and get no infection results, whereas there were about 2 dozen files (which were admittedly of “questionable” origin) that Avira would flag every time. The AV comparatives review mentioning false positives on Avira is definitely one of the main reasons I made the switch…

Had you set the Avira heuristics above the default, at all? That would explain a high number of false detections.

No, I think I had everything set at default. It wasn’t a SUPER high number of falses, considering how much stuff I have overall, and again considering the “questionable nature” of the stuff Avira was raising flags about.

Every time I visit this topic I get an alert from Malwarebytes Anti-Malware (MBAM) that the picture you posted is infected:

Post pictures using Additional Options…

Woa, woa, woa. What?

A picture file, infected?

I have hosted my website for years now. I know how to use forum attachments but I prefer to just host the image on my site and hotlink, for many reasons. I can assure you there is not an infection in neither the picture file (is that possible?) or anywhere on my site!

But, I would like to get to the bottom of this. Why is my website listed on that link you sent as an “infected site?” :-* :-* :-* :-* :-*

Did you read the link I gave you?
40 Additional match(es) found for: 208.109.78.

GoDaddy is notorius for hosting malicious domains and failing to take action against them.

Read all about them in the MBAM forum:
Malwarebytes Forum > Malwarebytes’ Anti-Malware Support > False Positives

The IP that YoKenny is referring to is for GoDaddy, which I presume is your web hosting comany.

It seems that GoDaddy is not very popular…

Here is a post by MysteryFCM, dated september 17:

The second is a GoDaddy IP, and currently has 170 problems as of the last check, which is why it's blocked;

[EDIT]Oops, YoKenny posted first…

As for your own site, Matt … it seems clean. See the links below :

Oh, I know it’s clean… I wrote every single bit of HTML by myself, by hand. I just don’t understand why it’s getting flagged. Best I can understand is that it has an IP “near” some other GoDaddy IP’s that are known as being dirty? That seems silly…

I did look at the first link earlier, right now it won’t load again, that site is ridiculously slow. But that doesn’t answer WHY I’m on the list, just that I’m on it.

And the MBAM forum post doesn’t really help either… it just says “that IP is on a range known for exploits, etc.” A “range”? GoDaddy is, last time I checked, one of the largest hosts by numbers. So statistically speaking you’d think they’d also have the most “infected sites” (I never really knew such a thing existed). So I guess now I’m being punished for that?

I don’t have MBAM installed… but does a MBAM user who browses to my site get security notices? If so, is there any way I can go about fixing that?

Please read

Just a note folks, the hpHosts server traffic quadrupled today which completely bogged down the server. I believe this was due to the mention that hpHosts got, in todays Windows Secrets newsletter.

And the MBAM forum post doesn't really help either... it just says "that IP is on a range known for exploits, etc." A "range"? GoDaddy is, last time I checked, one of the largest hosts by numbers. So statistically speaking you'd think they'd also have the most "infected sites" (I never really knew such a thing existed). So I guess now I'm being punished for that?

I don’t have MBAM installed… but does a MBAM user who browses to my site get security notices?

There are millions of users that use MBAM but not with avast! and read this topic on the forum that don’t get security notices.

If so, is there any way I can go about fixing that?
Get GoDaddy to remove their rogue sites.

Late breaking news:

EDIT: It will be updated soon as I just did an update but unfortunatly this topic is still detected.