Hi.

I have a few problems with Avast 5 that i just started discovering yesterday. I’ll start here with the logfile issue. I also have a virus issue, but i know that’s for another board. I also have a quarantine issue that goes along with the virus issue, but again…i’m guessing that goes along with the virus issue…but maybe not.

Anyway…I ran a custom or boot scan (i don’t remember which) 2 nights ago. I sometimes forget exactly where to look for scan results because of where the logs are kept, and because i honestly forget which files to check when looking for logs. I do keep my Avast updated, and run regular scans, but most times, the results are staring me in the face after the scan, so i don’t have to go looking for logs.

So…i went looking for these logs yesterday afternoon. I didn’t find them where i thought they were, but i found something else that’s kinda scary. in the ‘logging’ file, the notepad doc starts at 12/4/2010, and today. The entries seem to be made several times a day. I’ve copied and pasted log entries for 2 days ago and one day ago, but i keep getting an error message that too much space is being used up, so i’ll do a post immediately after with some listings just so i can get the question up.

Now…there is a similar thread here has been resolved, but it’s not exactly the same. http://forum.avast.com/index.php?topic=66282.msg558970#msg558970

This is US English version of Avast. I already have Malwarebytes, and updated and ran a scan last night. No malware was found. I looked around some more, and ran another boot scan. The boot scan found something almost immediately that it couldn’t repair, so i quarantined it. This morning, i woke up, looked around some more and FINALLY remembered where the file was with the boot scan results. Lo and behold…the boot scan run 2 nights ago had also found a virus, and automatically quarantined it. OK…fine.

So, backtracked to see where the viruses were originally were…and discovered that not only were those files in quarantine, but they were also still in their original file within Java.

I guess my question is this: What in the world is going on with my Avast ? I can’t say it isn’t finding things, because it obviously is. I just wonder how much it’s catching…or is it only catching it in boot scan…or what ?

While i brought up the virus issue here, it’s only because it’s a part of the backstory. I have to run and get some Krispy Kremes right now, but when i come back, i’ll post the question regarding the viruses to the virus board. I may place a link to this post to avoid having to tell the whole story again.

Oh…WinXP SP3 IE8 (which i hardly ever use), Firefox 3.6.13 (according to the ‘help/about’ info). I honestly am not sure which version it is because i’m always upgrading/uninstalling new versions due to hangs/drags, but that too is another story for another place.

In the meantime…any help is appreciated. Thank you in advance.

As Usual,
Idontknow.

I may place a link to this post to avoid having to tell the whole story again.

what is the full malware detected name ?
where was the file found C:.….… ?

Thank you, Pondus :-*

First off, here’s a link to the logfile i posted:

http://forum.avast.com/index.php?topic=67937.0;topicseen

Now…to answer your question:

The full malware detected name and location:

1. buba\KAST.class
   C:\Documents and Settings\AuntKiKi\Application Data\Sun\Java\Deployment\cache\6.0\60\7cbaf5bc-505e79e5
   Transferred to vault 12/18/2010
   Virus name: Java:Jade-A[Heur]

2. buba\main.class
   C:\Documents and Settings\AuntKiKi\Application Data\Sun\Java\Deployment\cache\6.0\60\7cbaf5bc-505e79e5
   Transferred to vault 12/17/2010
   Virus name: Java:Agent-BW[Trj]

The files appear to be in the same place. They also appear to be the same file, but it was quarantined on two separate days. This file is also still in its original location as well as listed in the vault twice.

They will be submitted to the virus lab the next time Avast updates.

Thank you in advance, Pondus. I appreciate your patience and assistance.

As usual,
idontknow

That looks like your Sun Java is down level:

Remove all Sun Java levels with JavaRa:
http://raproducts.org/wordpress/software

Current Java Runtime Environment (JRE) 6 Update 23
http://download.cnet.com/Java-Runtime-Environment-JRE/3000-2356_4-10009607.html

Then run Secunia Online Software Inspector (OSI)
http://secunia.com/vulnerability_scanning/online

Hi YoKenny !

First of all, thanks for your help. I’ve downloaded the JavaRa and run it. It found 2 different versions of Java and removed them. I’m now downloading the Current Java Runtime Environment 6 Update 23. I will rin the Secunia inspector after that.

Sorry if this sounds stupid, but i have to ask…what will it tell me after i do these things ? How will i know everything is OK ? Should i run another boot-scan after that ?

And what about the Avast logfile that have me so troubled ? What’s going on with them ? Is my Avast working properly in spite of what is showing up on the logfile ?? Is the issue with Sun Java related to the confusion with the logfile ?

As you rely on Firefox as your browser and as IE is the major component of Windows I think you need to become I Know

Make sure Secunia inspector runs clean.

I run Secunia PSI as well and I get 100% clean:
http://secunia.com/vulnerability_scanning/personal

Wow, YoKenny.

1. Secunia will not run at all. It keeps telling me that i can’t access the https page, which is odd, because i can on other sites. I’ve checked the firewall, and there doesn’t seem to be a problem there. I changed some settings in ZA Free, and it stayed the same.

2. While i understand that you volunteer to help, i want to say this to you. I’ve come here a few times over the years for help, and never have i had anyone be so rude. If i became ‘I KNOW’, i wouldn’t have to ask for help, now would i ? Have you always known as much as you do about computers as you do now ? Somehow i doubt you were born with software avant skills. My guess is that you had to learn, just like the rest of us. I don’t think i ever proclaimed to want to be ‘Idontknow’ forever. I’m learning just like everyone else; just like you did.

3. I couldn’t help but notice that while you were being a smartass, you didn’t bother to answer (or attempt to answer) my questions. I wonder if you would be such an asshole if you came out from behind the screen.

Thank you for all of your help, Darling. Frankly, i was hoping for Pondus to begin with. Not only was he helpful, he was also polite.

Have a nice day.

Don’t mind YoKenny, he can be slightly immature sometimes (can’t we all?). Please don’t take it personally.

You say that you can’t access the https page of Secunia, correct? What does it say exactly (an error code, page cannot be displayed, or what)?

After removing the two versions of Java, the folders that the virus was in should have been removed. Can you verify that the files are gone?

Now that you have the newest version of Java, you should be protected from any currently known vulnerabilities.

Sorry if this sounds stupid, but i have to ask..what will it tell me after i do these things ? How will i know everything is OK ?

Well, the scanner will check your computer to make sure that all of your software is up to date, and let you know if you’re missing any updates. It will display any vulnerabilities that still exist on your machine, and will point you in a general direction of where to find updates if they exist.

At your age at 27 I was barely out of university and now at 65 I have learned that young people have a lot to learn through the wisdom of the School of Hard Knocks just like bob3160 has.

I have been working on computers longer than you have been alive!

I would not Buck Ofama if my life depended on it!

YoKenny,
As your Senior, please stop antagonizing our customers.
They deserve to be helped regardless of their problem and in spite of the fact that they may have decided to use Firefox.
Please, either offer relevant and clear precise help or don’t waste any ones time by replying.
Sorry to be so rough just before Christmas but you’re starting to get my goat. >:(

Look man, I have nothing against you. I was just trying to calm the situation down, and move on with trying to fix the OP’s problem. I didn’t know your age, didn’t look, and didn’t care. You may have a heck of a lot more time with computers than I have, and that’s great. I’m not claiming to be a better man, nor technician.

So, can we just move on?