I downloaded a zip file and I have some questions.
For zip file, does malware gets activated only when a person unzip a file? (example: after downloading a zip file that contains malware, nothing is detected and everything seems normal. if I double click on the zip file to unzip it (but never double click on any of the unzipped file), the malware will then become activated?)
Does malware needs to be activated by user (example: user double click on the file that contains malware, then the malware becomes alive), will the malware remain inactivate if no one clicks on the infected file (example: I downloaded a file that contains malware, I did not double click the file, so the malware will go undetected until I double click on the file)?
Sometimes I download files for future reference, so I did not double click on them immediately, I wonder if those files will contain malware that are “inactive” and undetected because I never double click on it yet.
Archive files are inert until the contents are unpacked and any executable is run.
That is why the standard shield doesn’t scan zip files by default but it does scan newly created/modified files, when you extract the contents they are newly created, so at that opint files that present a risk are scanned.
If you download using a browser, etc. on http protocol on port 80 the web shield should scan the zip and its contents.
Malware is no different to any other program it needs to be run, there are many ways for that to be achieved, registry key, startup entry, other files, etc. No different to other programs.
1. Archive files are inert until the contents are unpacked and any executable is run.
If lets say the zip file contains 1 pdf file, 1 exe file and 1 jpg file, does that mean that after I unzip, and if the exe file contains malware, it will not be detected / not activated if I did not double click on the exe file. If I unzip the file and double click on the pdf and jpg file only, am I safe?
That is why the standard shield doesn't scan zip files by default but it does scan newly created/modified files, when you extract the contents they are newly created, so at that opint files that present a risk are scanned.
If lets say the zip file was transferred from a usb drive to my PC, does avast scan the zip file?
Am I right to say that a file that is copied/transferred from usb to my PC is considered newly created file and avast will do a scan on it, but in the case of zip file transferred from a usb drive to my PC, avast will not scan it because it is zip/archive files.
I made the standard shield to scan all files, would it be better? My thinking is that if the zip file contains malware, although it is inert, I would not want to keep it in my PC, to me it would be like keeping a “time bomb”, I will want to detect it immediately and delete it.
A manual full scan inside windows or a boot time scan will scan all files types, including archive files right?
You could upload the zip file to virustotal.com and see what it flags and report back here,
Good scanners will detect the ‘virus’ in the single zip ARCHIVE and may be even in the double zip ARCHIVEe Once detected the scanner might not allow you any access to the file(s) anymore. You might not even be allowed by the scanner to delete these files. This is caused by the scanner which puts the file into quarantaine. The test file will be treated just like any other real virus infected file. Read the user’s manual of your AV scanner what to do or contact the vendor/manufacturer of your AV scanner.
yes it would be a newly created file, but as I said because it doesn’t present an immediate threat isn’t scanned when you have the standard shield set to Normal (and that really is adequate).
Transferring files from a USB is slow at the best of times, add to that files that present a risk, executables, etc. will be scanned, scanning files that aren’t an immediate risk is a performance overhead. There is no way I would like to have avast scan all files transferred from a USB drive I have three, 2GB 4GB and 8GB, which would happen if the standard shield was set to High.
I have so far survived for just under 6 years with the standard shield set to Normal (default value), which is I feel the best compromise between performance and protection. I don’t even bother to scan archive files when I do an on-demand scan as that too for me is too early and unnecessary.
With the standard shield set to High it will scan .txt, .log and a myriad of other files that present no risk.
No, it won’t scan archives unless you select the option to scan archives and as I said in 1. above I don’t bother with that either. I did once on my first on-demand scan after I installed avast, not since.
The same is true of the boot-time scan you have to check the option to scan them, see image.