Virus detection and removal
• How is it possible that avast! finds viruses' in it's own folder C:\Program Files\Alwil Software\Avast4\Data\Moved? Does it mean that avast! is infected?
• Viruses have been detected in some of the 'Panda Antivirus' files on my computer (Win95:Matyas and Win32:Kuang2 in PAV.SIG mainly). Why is this?
• avast! detects a virus in my computer. It gives me several options to try, but none of them works. I also get a message stating: "access denied". How can I solve this?
• avast! states it has found a virus, but it only offers me the choice of: "Abort connection". Why can't I delete this virus?
• I keep getting messages from various mail servers stating that I'm spreading viruses via e-mail. However when I scan my computer using the updated avast! antivirus, nothing is found. What should I do?
• Virus Win95:SK was detected by avast! in the learning software of LektorKlett company. Why is this?
Q: How is it possible that avast! finds viruses' in it's own folder C:\Program Files\Alwil Software\Avast4\Data\Moved? Does it mean that avast! is infected?
A: No, the folder C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA\MOVED is the default folder for moved infected files. If you find some viruses in that folder, it means that these files were found infected previously, and you selected to MOVE them - and avast! moved them to the mentioned folder (and changed their extensions to *.vir, so that you couldn't activate them by mistake).
Q: Viruses have been detected in some of the 'Panda Antivirus' files on my computer (Win95:Matyas and Win32:Kuang2 in PAV.SIG mainly). Why is this?
A: This is a known problem. Let´s try to explain what´s going on:
Every virus can be identified, because it contains some unique signatures. Antiviral programs have their own database of that signatures. We call this database the "virus definition file".
When an antiviral program scans a file for viruses, it compares all the signatures (of all viruses) in the database with the signatures in that file. If the signatures match (they are the same), the file is marked as infected. For an antivirus program, it is important to hide this database of signatures somehow - e.g. by encrypting it. Panda Antivirus does not encrypt its virus database - the signatures inside are clearly "visible" to other antiviral programs, so they detect this file as infected (but there is actually no virus inside - only the signatures are the same).
We can´t do anything about that, only recommend not to use two or more antiviral programs at the same time, or put those files to the list of exclusions, so they will not be scanned anymore.
Additional info:
Here is the list of Panda Antivirus files that avast! detects as infected:
• IMSCAN.DLL
• PAVDLL.DLL
• PAV.SIG
• APVXD.VX2
• APVXD.VXD
Here is the list of viruses that are detected in the mentioned Panda Antivirus files. Keep in mind that the list is not complete and may change in the future:
• Gift-724
• VBS:Redlof
• Win32:Aliser
• Win32:Bolzano-3011
• Win32:Bolzano-3223
• Win32:Bolzano-3384
• Win32:Crypto
• Win32:CTX
• Win32:Kenston
• Win32:Kuang2
• Win32:Nimda [Drp]
• Win32:Qozah-C
• Win32:Small-1700
• Win32:Vypne [Trj]
• Win95:Boza
• Win95:Bumblebee
• Win95:CIH 1.x
• Win95:CIH-1106
• Win95:CIH-1142
• Win95:Fabi-B
• Win95:Filezz-B
• Win95:Hazlo
• Win95:Heathen
• Win95:Kenston
• Win95:Leviathan-3236
• Win95:Leviathan-3240
• Win95:Leviathan-B
• Win95:Matyas
• Win95:One-SGWW
• Win95:Orochi
• Win95:PowerFul
• Win95:Sledge-689
• Win95:Werther
Q: avast! detects a virus in my computer. It gives me several options to try, but none of them works. I also get a message stating: "access denied". How can I solve this?
A:
If you are using Windows Millenium Edition (ME) or Windows XP, disable System Restore feature first (watch the instructional video). If you're using a different Windows version than XP or ME, skip that step. Then, you will need to restart your computer. For more info on this step, refer to Windows help, please.
Scan the file again. When avast! shows the "Virus was found!" window, click on Delete button.
Another small window will pop up. Here, check the option "If necessary, delete file(s) at next system start", as shown on the following picture.
Restart your computer. After restart, the infected file should be gone.
Q: avast! states it has found a virus, but it only offers me the choice of: "Abort connection". Why can't I delete this virus?
A: You can't delete this virus as it's not actually on your computer. It is in fact somewhere on the net and was detected by one of the avast! resident providers - Web Shield. This provider scans all files that are downloaded via the Internet (HTTP protocol) before they're saved onto your local disk. The only action that can be taken is to abort the connection and not allow the virus to download.
Q: I keep getting messages from various mail servers stating that I'm spreading viruses via e-mail. However when I scan my computer using the updated avast! antivirus, nothing is found. What should I do?
A:
Many viruses falsify the sender's e-mail address, so it may seem to the mail servers involved that you were the sender of an infected message, even though you weren't. If you regulary give out your e-mail address or complete on-line forms, you are more at risk from this.
Q: Virus Win95:SK was detected by avast! in the learning software of LektorKlett company. Why is this?
A:
Win95:SK is a polymorphic virus that's not easy to detect. avast! uses a special detection method to find it inside of files. Unfortunatelly, some products of LektorKlett company, especially the PONS language learning software, contain pieces of code of very similar attributes to the Win95:SK virus (the filename is "install.exe"). You don't have to worry though - there's no virus in that software.
To solve this unpleasant situation, please update your virus database to version number 545-1 or higher.
|
