On XPsp3 using Avast 4.8.1368 I noticed Resident Protection and Network Protection both show 4 infected files. It says “last infected google-research.com/image”. I checked the logs and don’t see anything about an infected file. I also checked the chest and under “infected” there is nothing, but under both system files and all chest files I found Windows\system32\kernell32.dll, winsock.dll and wsock32.dll. I went to total virus and uploaded the actual three files in the Windows directory and all were okay.
I don’t know what to do about the 4 infected files mentioned in Resident and Network and I can’t find them anywhere. Is the computer compromised?
Why you dont update to avas 5? The network protection dont stores infected files in your PC, they are blocked before they enter. The resident shield should ask you what to do when it detect a infected file, depending in your settings.
As already said, the infections listed by the newtork shield are sites that have been blocked, not actual infections on the pc.
The 3 files listed in the chest are backups created by avast!
[b]Backup of the system files.[/b] During the installation, avast! copies some critical system files into the Chest, under the "System files" category. Those files might cause the operating system to crash if they get infected by a virus. If needed, those files can be restored from the Chest to their original location. Should an unknown virus infect the computer despite the extensive protection from the avast! antivirus package and alter an important system file, it can then be easily restored to its original state.
Thank you for explaining that the system files are there for protection and that the Network shield blocks everything.
As far as the Resident Shield goes - where are those settings? I right clicked on the blue ball and clicked on “program settings” I see settings for logging and Alert. The log is set to list viruses. No virus is listed.
The Alert showed WinPopup, MAPI, SMPT and Printer. I use aol webmail and put that into MAPI which said that IP is no longer available and into SMPT (e-mail address) and it said that computer actively rejected it. So I can’t set anything there (I’m also not able to send a file to Avast through the program because of this.)
Is there anywhere else I can find the resident shield settings? Is it possible that the resident shield listed what the network shield found (that is blocked)?
I think I’m going to run a full scan on this computer in the meanwhile.
Which settings? Do you mean the settings for each shield? They can be found by clicking ‘More Details’ on the on access scanner page…
The Alert showed WinPopup, MAPI, SMPT and Printer. I use aol webmail and put that into MAPI which said that IP is no longer available and into SMPT (e-mail address) and it said that computer actively rejected it. So I can't set anything there (I'm also not able to send a file to Avast through the program because of this.)
This (if I remember correctly) is the configuration of sending emails when there is an alert, not quite what you want I don’t think…
Is there anywhere else I can find the resident shield settings? Is it possible that the resident shield listed what the network shield found (that is blocked)?
...
Each shield has it's own settings, so when you open the more details tab, you can configure each one...
You can look in the log file:
Right click avast icon–>click ‘Avast log viewer’–>click ‘warning’ section–>look at the bottom of the log (or click the date time header to bring the most recent to the top)
Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log
I did a thorough scan, including archives, from the admin account and it showed no infections.
I thought there was a separate setting for the resident shield :-[ It appears the resident shield is comprised of all the shields listed in the “more details”. When I looked at the settings for the Network scan it listed the four infections.
I checked the log file. Using notepad showed more. It appears that every item listed in “Warnings” is a scanning warning and ends in 00000005. I’m pretty sure that means Avast couldn’t open the file. It didn’t list what the Network Shield found.
I appreciate your help and patience with this. Thank you.
Go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.
Yep, each shield has it’s own setting. I think I remember the settings in the network shield that showed the last alerts, that is what you mention.
I checked the log file. Using notepad showed more. It appears that every item listed in "Warnings" is a scanning warning and ends in 00000005. I'm pretty sure that means Avast couldn't open the file. It didn't list what the Network Shield found.
...
Maybe the network shield didn't write to the warning log...I can't quite remember (working from memory here :))
I am guessing a bit, but the scanning warnings may have been it telling you that there are not enough user rights to scan, the file is in use...(The error 5 is access denied). Maybe you could give some examples?
3/13/2010 4:33:33 PM 1268516013 USER 1332 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUME~1\LIBRA\LOCALS~1\TEMP~DFDEF6.TMP (C:\DOCUME~1\LIBRA\LOCALS~1\TEMP~DFDEF6.TMP) returning error, 00000005.
3/16/2010 12:47:15 AM 1268714835 USER 1356 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUME~1\LIBRA\LOCALS~1\TEMP~DF1B8B.TMP (C:\DOCUME~1\LIBRA\LOCALS~1\TEMP~DF1B8B.TMP) returning error, 00000005.
3/16/2010 12:47:15 AM 1268714835 USER 1356 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUME~1\NANCY\LOCALS~1\TEMP~DF6A57.TMP (C:\DOCUME~1\NANCY\LOCALS~1\TEMP~DF6A57.TMP) returning error, 00000005.
3/16/2010 12:47:15 AM 1268714835 USER 1356 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUME~1\NANCY\LOCALS~1\TEMP~DF96E3.TMP (C:\DOCUME~1\NANCY\LOCALS~1\TEMP~DF96E3.TMP) returning error, 00000005.
3/16/2010 12:47:16 AM 1268714836 USER 1356 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUME~1\LIBRA\LOCALS~1\TEMP~DFDB1E.TMP (C:\DOCUME~1\LIBRA\LOCALS~1\TEMP~DFDB1E.TMP) returning error, 00000005.
3/16/2010 12:47:17 AM 1268714837 USER 1356 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUME~1\LIBRA\LOCALS~1\TEMP~DFDEF6.TMP (C:\DOCUME~1\LIBRA\LOCALS~1\TEMP~DFDEF6.TMP) returning error, 00000005.
3/16/2010 12:47:17 AM 1268714837 USER 1356 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUME~1\LIBRA\LOCALS~1\TEMP~DF3AEE.TMP (C:\DOCUME~1\LIBRA\LOCALS~1\TEMP~DF3AEE.TMP) returning error, 00000005.
(I changed one limited profile name to USER.)
Here’s something else I always see:
1/2/2009 2:12:18 AM 1230880338 USER 1196 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUME~1\NANCY\LOCALS~1\TEMP~DF11F2.TMP (C:\DOCUME~1\NANCY\LOCALS~1\TEMP~DF11F2.TMP) returning error, 00000005.
1/2/2009 2:12:18 AM 1230880338 USER 1196 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUME~1\LIBRA\LOCALS~1\TEMP~DF2B41.TMP (C:\DOCUME~1\LIBRA\LOCALS~1\TEMP~DF2B41.TMP) returning error, 00000005.
1/2/2009 2:12:19 AM 1230880339 USER 1196 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUME~1\LIBRA\LOCALS~1\TEMP~DF2B2.TMP (C:\DOCUME~1\LIBRA\LOCALS~1\TEMP~DF2B2.TMP) returning error,
00000005.
If this has to do with permissions I don’t understand it because I always do a scan from the admin account - but I’ve always seen these errors. The only good thing is no infections are listed.