Ok, I’m sick of avast, not only the false positives, this time is really serious. This has happened to me twice.
For some reason avast just goes crazy and starts deleting executables like there’s no tomorrow!!!
The first time, it deleted over 100 executables from my HD, mostly games & emulators and some other utilities. I noticed because my files disappeared without any kind of notification and over 100 .dat files appeared in the “c:$AV_ASW” folder. Looking at the virus chest in the avast UI shows nothing! So, it decided to move hundreds of my files to the chest, not notifying me and, even worse, now there’s no way of recovering them!!!
Fortunately, I keep backups.
Today, it happened again. I noticed it so I promptly rebooted my PC and only 40 files were deleted. it even deleted the winzip executable!
The first time this happened, i was playing a game with the fMSX MSX emulator and avast “decided” that fmsx.exe was a virus and just went nuts and started deleting other files FOR NO REASON, all clean files. I think it’s related to that damn behavior shield.
The second time, I was opening a zip file that contained an exe of dubious origin. Avast detected “filerep: malware” and after I closed the warning a few times, it went crazy and started deleting my files.
This is A REALLY SERIOUS ISSUE AND SHOULD BE RESOLVED ASAP.
This is not a matter of false positives or infected or clean files. The problem is that avast goes crazy and starts deleting files without ANY NOTIFICATION AT ALL. It doesn’t matter which files it’s deleting, that’s not the issue. don’t you get it???
The deleted files are moved to the chest, but if you go to the chest in the UI, it’s empty. this is a HUMONGOUS BUG that needs fixing ASAP.
I repeat: ALL THE FILES DELETED ARE CLEAN. The same files have been there for ages and avast HAS NEVER EVER SAID ANYTHING ABOUT THEM. I’ve used them hundreds or times.
It’s not a matter of wrong detections. it’s something a lot more serious. I repeat: Avast goes crazy and starts randomly deleting executable files. There’s something seriously wrong with the avast engine.
The thing is that avast starts deleting files, there’s no detection. the deleted files are all clean files I use on a daily basis. There’s no issue when I restore the files from the backup.
The first time, like i said, i was playing a game with the fMSX emulator and I noticed it started getting sluggish and avast froze (showed not responding in task manager, I believe it was that damn behavior shield). I also saw a lot of strange disk activity. finally, i had to hard reset my machine and noticed a lot of my files missing.
I had been using that same program for quite a while without any issues, until avast went nuts and started acting-up.
Avast NEVER showed a virus warning (and I have all my actions set to “ask” in case of virus/pup).
So, like I said, this is not a matter of wrong detections or false positives. There’s a big bug in the avast engine.
I would like to apology for any inconveniences caused by Avast! in the first place. For further investigation of this issue, would You be so kind and send use these log files:
idpagentdetection.log
idpagent.log.*
secapi.log.*
located in C:\ProgramData\AVAST Software\Avast\log ?
You can attach them to this topic, the files are encrypted so only Avast developers are able to read the content.
this is getting COMPLETELY OUT OF CONTROL, it happened again today.
I was installing a program called “balabolka” when a bogus virus detection popped up “filerep: malware” (BTW, who THE HELL determines the “Rep” of a file???). Then, while trying to report the false positive and closing the alert window, another one popped up, detecting something like “IDP.generic”. after that, it all went to hell, avast deleted the winzip executable (the file I opened was inside a .zip file) and then started deleting random executables WITHOUT TELLING ME OR WARNING ME OR SAYING A VIRUS WAS FOUND OR ANYTHING!!!. The only way to stop this is to hard-reboot the PC via the reset button.
WHAT THE HELL IS GOING ON??? Avast has turned into malware itself, now it’s safer to not have it installed!!!
I uninstalled it. I’m gonna install it again in an attempt to fix this madness!!!
The victims this time were the winzip executable, gzdoom (a doom engine), pasofami (a japanese NES emulator, 2 files), msdos player (i486 version, an MSDOS emu) and maybe another one I can’t detect right now, I have to check against my backups. the thing is that I use this files all the time and there’s no problem with them, but when avast “loses it”, it starts deleting them FOR NO REASON AND WITHOUT ANY KIND OF NOTIFICATION WHATSOEVER.
I’m gonna try to explain this in a clearer way.
Avast “finds” a virus in file X (which is not actually a virus, it’s a FP). A window pops-up saying that file X is infected with something (usually it just has a “bad rep”, according to someone (FileRep: malware is the detection). Another bogus detection might also appear (IDP.Generic or that damn “evo-gen” crap). Then, and this is the real problem, avast goes crazy and starts deleting other files. The first one, Winzip.exe, because the file X was inside a zip file when the bogus detection happened. Then, after that, avast just starts deleting other files A,B,C,D…etc that are located on other folders and have ABSOLUTELY NOTHING TO DO WITH FILE X. Also , these files are all 100% clean files, that have been used millions of times before, without avast detecting anything on them.
The critical issue here is WHY is avast doing this??? Why? what triggers this erratic behavior?
Avast should just deal with the (alleged) infection and stop there (like it has always done!). Why does it go on to delete a lot of other, completely unrelated AND CLEAN FILES??? Files that have been used a million times in the past without any issues! And even if those files were some sort of malware or even false positives, why isn’t there a notification to the user? they’re just moved to the vault, but they DO NOT show up in the vault in AVAST UI, they cannot be recovered, except from a backup (and strangely enough, avast doesn’t say ANYTHING when copying the files back from the backup)
This issue is absolutely critical and needs fixing ASAP!!!
I checked the logs and detected file is the setup.exe and the detection come from the Avast!s cloud, this is the reason why there is no detection dialog and removal is triggered without prompting. Removal then removes all files installed by setup.exe. I passed this information to our viruslab for further setup.exe analysis. If it is confirmed as FP it will be reclassified in the cloud.
As workaroud you can add this file manually to exception list until the classification is changed.
About the missing record in vault. From logs it looks like you turned the behavioral component down or restarted during the removal. Detection was triggered at 20:16:55,976 and behavioral engine received command to stop at 20:17:12,628. It is possible that in this case the result of removal is not written into database => not visible from the UI. If so, this is definitely the bug.