Hi!
Now it is a lot of viruses infecting usb flash. All of them create a file autorun. Avast deleting a virus does not delete autoran. It is very inconvenient.
Who collided - me will understand

There are legit autorun files. I have made mine (customized ones) and I don’t want that avast delete a clean file.
What I want is a better cleaning process, removing the bad entries from autorun file and detecting more viruses on USB drivers.

The problem is that the autorun.inf file is just a text file and ‘not’ infected. It is what it says to run within the file that is the true issue. http://autorun.moonvalley.com/autoruninf.htm.

Unfortunately there is no function in the scan to scan the contents of a file and if there are other file names to scam them. This would be quite a complex process, first you would have to have a different scanning process when it is detected that an autorun.inf file is scanned. Then you would have to find any paths, files and capture those and then scan them to see if they infected. So it is usually only the associated files which are the malware that will be detected.

I know, that autorun is not a virus. But it has a mention about a virus. Therefore I have thought about automation of PC treatment.

There is no harm in trying to automate treatment but it isn’t a simple task.

The problem is, mentioning a file name and or location isn’t evidence and ‘any’ AV would have to recognise a path/file name string, record that somehow so it can try and find the file and then scan that file to see if it is a virus.

Even working in reverse having detected a virus, etc. you would have to somehow recognise that its method of infection/spread might be by use of autorun.inf files, a search for autorun.inf files would have to be made. But, you can’t simply delete the autorun.inf file as it could be a quite legitimate file and the user would be well hacked of if it were deleted.

So a check of the file contents would have to be made to see if it contains reference to the previously detected file; if that reference were found, the decision is do you remove the entry (line) or delete the file with possible repercussions.

All I am trying to do is show that it isn’t a simple operation, jst to delete autorun.inf files, not to mention the additional processing may have an impact on scanning speed.

Then it is necessary to train avast to warn of possible presence of file dust after treatment. Then it was not necessary to study methodically after each virus files in root folders.

Unfortunately I’m just an avast user like you who has no power over this decision. All I did was point out it isn’t a simple task.

Any file removed has to be fully justified, you can’t just go deleting files because of association and those associated files often (as in this case) use legitimate file names, which if deleted simply on association could seriously effect the users system and they wouldn’t be too happy.

DavidR, thanks…
:-\

i to use avast4.7.home version,and it to has found over[1100]viruses.problem is,when i try and either delete them,or send them to the chest.i get an error message.what are we suppose to do about all these viruses??are they good,or,bad viruses??and is that whats slowing my computer down??i am on dial up/can someone please help me.thanks. ???

Well a good start would be to tell us what the errors are ?
What Operating System are you using ?

Without knowing more about the detections there is no way that anyone can say what they might be.

Some examples of the malware name, infected file name and location might help, e.g. (Malware name, C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.

sorry!i am new at this .the operating system is windows xp,sp2.error message is.cannot delete this,or cannot send to chest.would running avast4.7,in safe mode maybe remove these,i have practically tried everything else.and if so,do i turn system restore off first??thanks,for any help.

It won’t harm. If it is infected, it won’t save the situation.

If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
   If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

6. Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

7. After you’re clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

8. Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.

There is a reason given my a file can’t be deleted, most commonly because it is in use, so what was the reason given ?
The same is true of files that can’t be moved to the chest, file in use is again common as if the file is too big or there isn’t enough space, etc. what was the reason given ?

With XP or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.

This can overcome files that are in use as the scan runs before windows so the file should no longer be in use.

For files that are too large for the chest or insufficient space, the chest settings, sizes can be adjusted, right click the avast ‘a’ icon, select Program Settings, Chest.

I will repeat the warning just to ensure it sticks. Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.

Were you unable to check the avast log viewer for the samples of some of the detections as I asked ?