I think that I’ve found something like a bug in the program, but I’m not quite sure, so here I go:
When I extract a infected file from an archive avast! detects this file and a warning window appear, so far so good, but after I give the option Delete (the case is the same as with the options Move to Chest and Move/Rename) the program deletes the file and after that cames another warning window for the same file and the same location, and when I give the program for example Delete again it says that the system cannot find the file specified, and that is obvious, because before that avast! has deleted the same file and after that the warning window appear again and it won’t stop until you give the option “No action”
Is this some kind of bug?
I hope that you will understand what I mean, because it’s hard for me to explain it
Well… that’s something like a known issue. Maybe we could call it Rejzor’s bug
Basically, the problem occurs only when extracting to desktop. I’d say it’s really a bug, but hidden somewhere deep in the resident protection core and it won’t be easy to find it. Let’s hope Vlk will check it out.
I saw this sometimes… Sometimes for me it seems a double detection: more than one provider detects it.
Igor, I never ‘extract’ or use desktop to download files and I still have this trouble from time to time.
OK, more precisely - the problem appears when the file is accessed immediatelly after it’s extracted. I supposed it’s usually the case of Desktop (which is watching for the changes in the folder to update the content).
Hmm with the latest update(4.6.744) this problem seems to be solved, but…
I’ve got another one appeared :-\
When I extract an archive for example on the desktop, avast detects the virus and I got only one notification, not two like before. but if I choose the option “No action”, which means that avast should block the access to the file, avast don’t block the access. When I click on the file I’ve got the virus warning window again and not the window where windows tell me that it doesn’t have access to the file. Is this normal ?
I don’t understand what you’re saying. It behaves as expected on my machine…
What do you mean, “if I choose the option “No action”, which means that avast should block the access to the file, avast don’t block the access.” How come, don’t block the access?
Yes. The Standard Shield is detecting the virus while the file is being ‘read’: size, name, etc. from Windows Explorer.
Just putting the mouse over it and you’ll see the warning. It’s normal.
Well usually when avast! finds a virus and I click the option “No action”, and after that I try to access that file I get the window(see the screenshot)
But now when avast! find a virus, I click “No action”, and after that I try to access that file I get another warning window.
I hope you will understand it now :-\
The first warning occurs when the file is written (on-write).
The second one when Explorer opens the file (on-open).
BTW Technical, of course, the infected file IS denied access to in any case… I.e. even if you select No Action, it doesn’t mean you can activate the virus…
This sounds similar to a situation I encountered awhile back.
It was an OE email. When it was downloaded, it was detected. I used the delete button, the same email was detected, used delete button, recieved message that avast couldn’t find the file(something like that, the exact message is in an old post some where), chosing no action allowed the download to continue. It did this with at least 2 more messages that night. Now upon reflection , I am sure the infected attachment was stripped off when the where placed in the inbox. And no, they where not duplicate emails, I only recieved half of what was detected. ie 6 where detected, in fact there was only 3.
Maybe there is a small bug under certain conditions?
Technical, are you saying that you managed to run an infected file on your machine, even with avast Standard Shield enabled?? That would be a bug, of course…
oldman - although it sounds similar, I’m afraid this problem is unrelated. The STandard Shield works very differently from the mail scanners (internally). The problem you’re describing it probably related to avast’s inability to delete files off certain archive types…
Yes. I can rename the file for instance, I can see its properties… I’ll try to post screenshots.
Using tetris.exe (a demo infected file) I can rename it as tetris2.exe for instance. I can’t see the access denied so.
I know the new file is being detected (as infected) but the access to the first is not denied as far I can see.
I mean, the file is not blocked at all.
Vlk, I can’t run the file. The second is being detected as infected.
But I’m not seing the file has access denied as the same as Windows concept for access denied, for instance, trying to open or see the contents of C:\System Volume Information folder.
This is how Standard Shield always behaved. I mean, the access to the file is not permitted (meaning that you can’t read or run it, for example) - but you can see it in the folder listing (avast! is not a rootkit to hide the files, is it ;)), and you can rename (and possibly delete) it. Nothing has changed in this aspect…