Hi,
I have recently reformatted my computer (Dell Dimension 9200 w/ Win XP SP3) after it was mutilated by a virus. Naturally I’m being more cautious about virus protection now. Having run a total scan of my computer, avast showed that it had found 16 infections, but offered no solutions? The actions column is empty and the apply button is greyed out. Does this mean that avast isn’t actually doing anything about them?
Scan settings:
Scan all 6 local hard drives, removeable media, memory.
Heuristics sensitivity: High (+Use code emulation)
Do not automatically apply actions during scan.
If necessary, perform the selected action at the next system restart.
Processing of infected archives: Try to remove only the packed file, if it fails, do nothing
Any help would be greatly appreciated!
Regards,
Ellis
Detections in Memory - My guess is that you are doing a Custom scan in which you have elected to scan Memory and that all these detections are in memory. Since they aren’t physical files they can’t be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.
The detections in memory are frequently other security applications loading unencrypted virus signatures into memory, in your case these are loaded by windows defender. Having set off a scan of memory by an antivirus application looking for virus signatures, don’t be too surprised if it finds some in memory.
Thanks for the response, that’s very relieving to hear. I ran a boot time scan shortly after which detected nothing, so you’re right about it being a virus definition loaded on startup. How did you manage to diagnose the cause as being Windows Defender? Is it the ‘mspeng.exe’ process name? And if so, is it safe to ignore all alerts triggered by mspeng in the future?
Yes the mspeng.exe process name belongs to windows defender, not to mention you aren’t the first to query this. It is pretty hard to be the first to ask a question in the forums, so we do get to see these instances regularly ;D
Yes it is safe to ignore them, but the main question was what type of scan were you doing was it a custom scan as I suggested and if so you could drop the memory scan ?
There’s no new questions under the sun are there? Thanks for the info David. In answer to your question, it was a custom scan, where I ticked the boxes for all my hard drives, memory and removable media. I wanted to be as thorough as possible so I checked everything. Would you recommend leaving out the memory check in future then?
Yes, but the chances of being the first one to have reported it are very slim ;D
Personally I would stick with the pre-defined scans, Quick or Full System Scan, these guys at avast know their stuff and those scans are scanning the important, at risk or targeted files, etc.
For the most part a resident anti-virus depreciates the need for an on-demand scan as for the most part what those scans are going to be scanning are either dormant or inert or they would have been scanned by the on-access resident scanners.
For my part I run a standard Quick scan (scheduled) once a week and a Full System scan (scheduled) on the 1st of the month.
