Realtime protection problem plus archive scanning problem

Hi, This is my first post on this forum…I have two problems and hope someone can help me please.

Problem 1.
I am running Avast 4.8 on a Win XP Pro Laptop with an external USB Hard drive attached.
The main Laptop HD is partitioned into three drives C, D and E with the ext drive as F.
I am in the habit of checking Avast for updates several times a day and always download new updates as they are made available.

I just did a thorough scan of all my drives and was surprised to see a list of 3 problems found on the external drive F. These are listed as two instances of malware Win32:Adware-gen and one virus named VBS:Malware-gen…these have now been deleted OK.

What I would like to know is how this malware got onto my PC when Avast is set to run in real-time protection mode…surely they should have been picked up before they got onto my PC…not after.

Problem 2.
I have a number of ISO files zipped using Winrar on my PC. Avast is set to scan archive files and can be seen scanning these files and takes a considerable length of time doing so but when the scan report appears at the end it lists them as being unable to scan…any idea’s…

Thanks

Jan

What I would like to know is how this malware got onto my PC when Avast is set to run in real-time protection mode...surely they should have been picked up before they got onto my PC..not after.
If you got the malware before avast had detection for it......no security program have 100% detection
I am running Avast 4.8 on a Win XP Pro Laptop with an external USB Hard drive attached
i would upgrade to avast 5 http://filehippo.com/download_avast_antivirus/
I have a number of ISO files zipped using Winrar on my PC. Avast is set to scan archive files and can be seen scanning these files and takes a considerable length of time doing so but when the scan report appears at the end it lists them as being unable to scan....any idea's....
are the zipped files password protected ?

recomended to use with avast

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click on the remove selected button to quarantine anything found
you may post the scan log here if anything is found

Re Problem 1:
Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.

  1. There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

  • Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.

1.a. New signatures are added every day and some existing signatures are tweaked/modified so you may well have something detected that wasn’t previously detected.

Re Problem 2:
2. Why are you scanning archives ?
2.a. Archive (zip, rar, etc.) files are by their nature are inert, you need to extract the files and then you have to run them to be a threat. Long before that happens avast’s Standard Shield should have scanned them and before an executable is run that is scanned.

Unrelated:
As has been suggested you should update to avast5, assuming your OS is supported (win9.x, winME aren’t).

  1. If you don’t delay the decision to delete the file within the chest, you might as well cut out the middleman and delete right away as you have lost the advantage of putting it in the chest. So they should be left there for a few weeks before scanning within the chest for confirmation before deletion.

  2. Without a copy of the AdVantageSetup.exe it isn’t possible to do much in the way of investigation

  3. Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.

  • Worst case scenario it isn’t infected and you delete it, you can’t use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.

  • So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

  1. Wrong they remain archive files, because you asked avast to scan archives, it has to extract the files to a temporary location or they can’t be scanned. The original archive file remains in the original location, intact and inert unless you extract and run the contents, so the description is correct. Before that happens avast will scan files at risk of infection.

  2. It didn’t take me long to get used to avast5 and I wouldn’t go back if you paid me, it just takes a little time and it is a far better antivirus program. Not to mention support for avast 4.8 is due to end at the end of this year.

DavidR, thanks again for your input…I have learnt something new from your comments…:slight_smile:

Regards

Jan

You’re welcome.