I did a scan and Avast thought it found a virus. I decided not to do anything yet. I closed Avast, and the file was still there. Then I tried appending “possible virus” (or something like that) to the file name, and Avast deleted the file! That seems like inconsistent behavior. I’m still not sure it was a virus. It was a legal document that I used for research a few years ago that could have been something important. I think the file might not have been infected was because there’s a good chance I got it from a government website, and most of these scanners didn’t find it:
Maybe Avast should ask before it deletes a file when you’re just trying to change the file name. It did ask if I wanted to report a false positive, but I didn’t.
I would also suggest that you try virustotal.com as that has 43 different scanners and is based on the windows version of AV programs. Were I believe Jotti uses the Linux versions of AVs
I’m not entirely sure what it is that you mean:
If you elect to select ‘do nothing’ of course the file will still be there, or if you don’t click the Apply button but just close the window.
Or
If you pull off the Scan Computer, Scan Logs and view the log after having closed the scan you are looking at historic data on the scan, not a live set of results at the end of the scan.
Thanks, I’ll bookmark that. Too late for this virus though, since it was deleted by Avast when I tried changing the filename.
I'm not entirely sure what it is that you mean:
If you elect to select 'do nothing' of course the file will still be there, or if you don't click the Apply button but just close the window.
Yes, I just closed the window and I got the expected result. The file was still there. I just wish it wasn't deleted when I tried changing the file name. It was apparently automatically scanned and detected as a virus and deleted against my will. The only option I saw that could have avoided the deletion was to call it a false positive, but I wasn't sure it was a false positive. I wanted to keep the file and change the file name without calling it a false positive. Apparently, that can't be done when Avast is running.
I don’t see such an option. All I know is the file was detected and not deleted when I did a scan, but it was deleted when I tried changing the file name.
Isn't it possible that the file was copied to avast's chest?
I couldn’t find a way to view the chest.
If you *search* for the file (as opposed to simply try to "see" it on the Windows Explorer view), isn't the file there (maybe with "hidden" attribute)?
I searched for all, including hidden, files in the directory it was originally in. I assume searching the entire computer would take a long time, and I couldn’t find a file or subfolder that looked like a “chest” in the Avast folder in Program Files. If you tell me exactly where to search, I’ll search it.
OK, I see the file now. When I originally tried the maintenance button I think I was looking at the main screen, not the drop down options. I restored it and scanned it at VirusTotal.com. Same two detections, with 43 different scans. still not sure whether it’s dangerous though. Not sure whether I may need it either. I’ll think about it…
Now you can send it to avast by a right click on the file in the chest, if it was not yet sent.
After a couple of definitions update, you can scan it again (also by right click). Each definitions update could also change this particular detection, if it is a FP (false positive).