Pop-Up Detail Log?

I’m running the latest version of Avast Premiere (11.1.2245) with the latest virus definitions.

Periodically, I get a pop-up complaining about a file in a directory that really shouldn’t be in use - it’s on a backup drive, in a “windows.old” directory, pointing to an old cache for IE. This is starting to sound like a bad Douglas Adams book.

Here’s the pop-up:

http://i67.tinypic.com/9knlhc.jpg

Now, I can hover over the truncated item, and view the HUGE path, but I cannot copy and paste the path. Also, the pop-up goes away after a certain period of time, which is probably good in normal situations but right now, it’d be nice to have it up, seeing as I brought it up manually. In fact, if a pop-up appears, I should be able to click it, to bring up more detail - detail I can copy and paste. If I manually bring up a pop-up, it should STAY up until I dismiss it.

My question is this: where is this information kept? I see a PID (9900) which is not currently running on my system. I don’t have a process name, and I see “Infection: HTML:iframe-inf”. The object, as mentioned before, is a deep link into a backup directory. I’m not sure why any process would be in there. My last backup happened at 0100 today, and completed a few minutes later.

I’ve gone through MANY other posts, describing where to find logs and reports, and I am unable to locate this information. I’d expect, as a command-line guy, to be able to find ALL of this information in a report, or a log, or somewhere. I want this information easily accessible, just in case I need to do a deep dive into a filesystem. Clicking “Report the file as a false positive” is stupid, if I don’t know whether or not it’s an active threat. Also, if I could copy and paste the path, I could easily go to that directory, see that it’s all old junk, and delete several paths back. Done.

Here are the places I’ve checked for this information:

C:\ProgramData\AVAST Software\Avast\log
C:\ProgramData\AVAST Software\Avast\report

Also, Avast should have a button in each pop-up that brings me DIRECTLY to this information. Like a “view in log” button or something. Or there should be a log/history within the application (which I haven’t been able to locate).

A lot of the interface is dumbed-down over the past few iterations, which makes it more challenging for folks who want to do forensics and after action reports.

Anyway…thoughts?

What is logged (or not) depends on the settings for the log file(s).

By default, shouldn’t all “Bad Things” be logged? :-\

If it’s bad enough for a pop-up, it should be bad enough to be logged somewhere…

Also, I found (in a very non-intuitive place) the Virus Chest, and located most of the information I needed.

Having said that, there should be an easier way to locate the Virus Chest and Logs, rather than going through the scanning mechanism. Scanning for viruses is an active action, whereas viewing the Virus Chest is a passive (after-action) action. They should be separate - an area to view logs, virus chests, etc.

If it’s been blocked it should show up in the web shield log.

C:\ProgramData\AVAST Software\Avast\report

I agree. But it’s not. Why not?

As the object is a PID that would indicate that something within memory is trying to access that file

Yeah, that’s probably not cool. That’s why I wanted to track it down, but the PID wasn’t running by the time I got to it.

It is being recorded in my WebShield.txt (log), I have just been checking some suspect sites earlier today and that was recorded, see attached image extract of the WebShield.txt (log).

So as essexboy suggests something in memory accessing it (check the task manager and see if you can find that PID) if it happens again.

That said, why it isn’t recorded is strange, if the alert occurs the data in that should at least be recorded.