# Solved: Avast scanning issue



## DKTaber (Oct 26, 2001)

I've used Avast! for at least 2 years. Beginning 2 weeks ago, I started getting the message "Some files could not be scanned" at the end of a scan. Looking at the log revealed that all the unscanned files are in the system restore folder (C:\System VolumeInformation\_restore\. . .). The error message on each file is "Error: Archive is password protected (42056)". It repeats for EVERY file in the folder, including .png, .js and .gif files as well as the actual RP files.

I tried turning system restore off, which zaps all the restore points, rebooting, then creating a new, single restore point and running a Quick Scan. Did not solve the problem; every file in the folder is still "off limits" to Avast! EXCEPT when I do a boot-time scan (which runs before Windows loads).

Posted the problem on Avast's forum, but got no explanation. I realize it does not mean anything is infected, and it's not critical that Avast be able to scan the RPs, but the fact that it started doing this on 11/14 and now does it for every scan signals that something in the OS or in Avast has changed. Or might this have something to do with the fact that I have SpywareBlaster, a program that "immunizes" some registry items so spyware can't alter them (most HOST files)? Could the last update for that program have contained a change where it now immunizes the RPs?

Anybody have a clue as to what has happened here?


----------



## Phantom010 (Mar 9, 2009)

I use SpywareBlaster as well with NOD32 and have never had this problem.

And, password protected???

I do see an occasional error with a System Volume Information file or two in NOD32's scan logs but it's never referring to passwords. Maybe it's simply Avast's way of describing this type of error?

Not sure why you would be getting that type of error.

I've seen this with *ZIP Bombs* (decompression bombs) but I doubt that could be your issue...

If you're concerned about those files, you can send them to:

*Jotti's Malware Scan*

*VirusTotal*

*VirSCAN.org*

Google does seem to return a few hits on this, all related to Avast. I've seen this before. Looks like an issue with Avast... But, no solutions.


----------



## DKTaber (Oct 26, 2001)

Phantom010 said:


> . . .If you're concerned about those files, you can send them to:
> 
> *Jotti's Malware Scan*
> 
> ...


Can't send them for scanning by any of the virus sites. The files are all in the System Volume Information folder, and when I click it to view the files, access is denied. And before you suggest unchecking the Folder Options that hide system and protected files, I've already done that. So ALL files show in Explorer, but access to that folder is denied.


----------



## Phantom010 (Mar 9, 2009)

In XP Home, click Start > Run > type *CMD*

Click OK.

In the command prompt, type:

*cacls "driveletter:\System Volume Information" /E /G username:F*

Press Enter.

Or,

Restart your computer in Safe Mode.

Right-click the *System Volume Information* folder, and then click *Properties*.

Click the *Security* tab.

Click *Add*, and then type your user name.


----------



## Elvandil (Aug 1, 2003)

You can get the security tab without Safe Mode. Merge the linked reg file. Use the "undo" file when done. There is also another method requiring changing a byte in a dll.

XP Security Tab Home Edition

I doubt you are going to want to upload those files. It would take you all day for one restore point.


----------



## Phantom010 (Mar 9, 2009)

Elvandil said:


> I doubt you are going to want to upload those files. It would take you all day for one restore point.


They are indeed quite big! 

At least, it'll keep DKTaber busy! Well, at least the computer...


----------



## DKTaber (Oct 26, 2001)

Phantom010 said:


> In XP Home, click Start > Run > type *CMD*
> 
> Click OK.
> 
> ...


Had to use Safe Mode to access the Security tab. Checked "Full" for access by "Everyone". Rebooted. Then ran an Avast! scan of just that folder, and it scanned it, no problem. So it appears the problem is solved. The only remaining question is what the he** changed the permissions on 11/14?

What would TSG do with you, Phantom!?


----------



## Phantom010 (Mar 9, 2009)

Instead of sending the folders, I was going to suggest an online scanner like the free *ESET Online Scanner*.

Anyhow, seems it wasn't necessary after all.


----------



## Phantom010 (Mar 9, 2009)

DKTaber said:


> What would TSG do *with* you, Phantom!?


I don't know!


----------



## Cookiegal (Aug 27, 2003)

We've been trying to figure out what to do *with* him for a long time now. You'll be the first to know.


----------



## Phantom010 (Mar 9, 2009)

Cookiegal said:


> We've been trying to figure out what to do *with* him for a long time now. You'll be the first to know.


That's reassuring...


----------



## Cookiegal (Aug 27, 2003)

Phantom010 said:


> That's reassuring...


Don't worry, you're a keeper.


----------



## Phantom010 (Mar 9, 2009)

Cookiegal said:


> Don't worry, you're a keeper.


----------



## Cookiegal (Aug 27, 2003)

Phantom010 said:


>


I'll make sure there's a little something extra in your envelope at Christmas.


----------



## Phantom010 (Mar 9, 2009)

Cookiegal said:


> I'll make sure there's a little something extra in your envelope at Christmas.


Thanks. It'll stay between you and me...


----------



## hewee (Oct 26, 2001)

Now that you got all things fixed there is a newer avast! v.6.0.1367 that just came out.


----------

