Author Topic: F/P: cercsr6.sys as Sirefef-AAP [Rtk]  (Read 18167 times)

0 Members and 1 Guest are viewing this topic.

Plus8

  • Guest
Re: F/P: cercsr6.sys as Sirefef-AAP [Rtk]
« Reply #30 on: July 01, 2012, 06:20:56 PM »
David R,

Thanks for the explanation. I've only used that system restore once, and not on this 3-year-old laptop. Dell Vostro 1510 Core Duo XP SP3 32 bit.

The business of the empty virus chest still troubles me as I'm not sure this program is fully functional. I do mainly boot scans BTW.

Incidentally, recently the site reputation icon was not working and I sent in a ticket on that. The tech suggested I use the repair facility in the uninstall program menu which I did. Didn't cure my problem. He next suggested that I uninstall Avast and reinstall. Normally I use Firefox but had noticed that clicking on the icon in IE7 caused it to close due to a non-functioning add-on. Rather than remove Avast, I decided to finally "upgrade" to IE8. That fixed the problem for the most part. Sometimes I had to reload a Google search page for the icons to all appear. I assume this "feature" is server-based and buggy although the idea is nice. Last PM it stopped working again and is not working today. Will be interesting to see whether it does on Monday.

Anyway, when I did the repair, I could see THAT possibly emptying the chest but it did not empty my scan logs. AND... this false positive for cercsr6 happened AFTER I did the repair..., and still I have no contents in the chest. Worrying...

Plus8

  • Guest
Re: F/P: cercsr6.sys as Sirefef-AAP [Rtk]
« Reply #31 on: July 01, 2012, 06:26:39 PM »
Thanks Wehrdo & ky331. I downloaded it and unblocked it and dropped it in the C:/WINDOWS/dell/cercsr6 folder just in case. My machine has been stable though and was able to do a quick scan in Malwarebytes without my machine crashing. THAT had me worried before!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: F/P: cercsr6.sys as Sirefef-AAP [Rtk]
« Reply #32 on: July 01, 2012, 06:36:41 PM »
You're welcome.

Personally I don't do boot-time scans, A) they are a special purpose scan (detections that can't be dealt with normally), B) it scans for PUPs (not well understood by many users) and Archive files, files that otherwise would be dormant/inert and D) this results in a much greater scan duration. Also my guess is that running outside of windows, I don't know if the same error messages that would be displayed in windows normal mode can be displayed.

- With a resident on-access antivirus like avast, the need for frequent on-demand scans is much depreciated. For the most part the on-demand scan is going to be scanning files that would be otherwise be dormant or inert. If they were active files then the on-access file system shield would be scanning them before being created, modified, opened or executed.

I have avast set to do a scheduled weekly Quick scan, set at a time and day that I know the computer will be on. If for some reason my system wasn't on, no big deal I will catch up on the next scheduled scan.

####
The webrep (site reputation) isn't really a security feature but user based reputation, which should be guidance only rather than total abeyance. The webrep server do have problems from time to time, overloaded probably and that by the time any support ticked is investigated is likel to have been resolved.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: F/P: cercsr6.sys as Sirefef-AAP [Rtk]
« Reply #33 on: July 01, 2012, 06:45:58 PM »
Plus8,

I just noticed that WebRep is not functioning for me at the moment, neither in IE8 nore FF13.   I would say it's a problem at avast's end (servers?), and so would NOT make any efforts to try to "repair" it on your computers.

as for your virus vault:   create any file on your desktop (for example, go to your documents, RIGHT click on any one and COPY it; move your cursor to an empty space on your desktop, RIGHT-click and PASTE it there).   Open the avast user interface and access the virus vault.   Place your cursor in your (empty) vault, RIGHT-click, and select ADD.   An "explorer window" will open, navigate your way to the file you just created on your desktop and Highlight it.  Click on OPEN.   That should place a copy of the file in your vault.
Go back to your desktop --- I belive the original should still be there.   Delete it.   The go back to the virus vault, RIGHT-click on the copy there, and select RESTORE.   that should place a copy back on your desktop (as well as keeping a copy in your virus vault --- until you RIGHT-click on the vault-copy to DELETE it from there).

You may wish to keep it there over some reboots, wait a few days, try things out again.   but your vault should not just go empty by itself.
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Plus8

  • Guest
Re: F/P: cercsr6.sys as Sirefef-AAP [Rtk]
« Reply #34 on: July 01, 2012, 07:23:50 PM »
DavidR, Thanks for the info.

ky311, Did all you said and nothing happens. File copy still on my desktop. Is this vault "broken" then? Obviously the program is removing files  as it did with cercsr6.sys though. Do I really need to do a removal and reinstall?!

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: F/P: cercsr6.sys as Sirefef-AAP [Rtk]
« Reply #35 on: July 01, 2012, 07:35:24 PM »
Plus8,

how far did you get in the sequence?   I assume at the very least, you were able to open the vault, Right-click, and see the ADD option??   (Or was ADD greyed-out??)
If ADD was there, what happened when you tried to click on it?

If you were unable to add a file... together with the fact that files have "disappeared" from your vault... I would say something is definitely wrong.   I don't have the answer, whether a "repair" or "reinstall" would fix it... I'll leave that to the avast experts to advise you.

One thought:   open avast, click on settings (upper right), select virus chest, and see what the vault/file size limitations are.   I seriously doubt that's the issue, but I'm grasping at straws here.
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Plus8

  • Guest
Re: F/P: cercsr6.sys as Sirefef-AAP [Rtk]
« Reply #36 on: July 01, 2012, 07:58:55 PM »
ky331,

Everything works including the Explorer window. When I open it, nothing goes into the chest. Also, I had set the value to zero which means unlimited and just now repeated the process with a huge size number. No luck. Guess I'll create another ticket.

chippingsparrow

  • Guest
Re: F/P: cercsr6.sys as Sirefef-AAP [Rtk]
« Reply #37 on: July 04, 2012, 05:38:13 PM »
I booted up my laptop today (having the 6/29 definitions).  You guess it, this happened to me too.
Just wanted to provide some additional information.  My program was 7.0.1426 / with 6.29 definitions.

I went to the Virus vault, after reading this message thread, validating the false positive.  I right click on the file, but the restore option was grey'ed out, so there was no way to restore it from my virus valt.   The only option available to me was right click, then extract, which I did, to the desktop.    I then copy the file and put a copy into the right place ( c:\windows\system32\drivers ).

I just wanted to post the my own file checksums for those of you either thinking of downloading it from the net (because you lost the file because Avast program deleted it) and cannot recover it.    I am posting these file checksums, so others who has the legitimate file, or Avast people can corroborate their appropriate file checksum for the legit file.   It is best if you can "extract it" and put it back to the original spot.   I am making this post, because the "Restore" option was grey'ed out, and let's say I felt quite hot under the collar for quite a while, until I found the "Extract" option.

  File: cercsr6.sys      [File version 4.1.0.7405]    File size:  (39,904 bytes)
CRC-32: 2e7c29d4
   MD4: 484dd71d8a5a9879ba8744655e4b7cc6
   MD5: 84853b3fd012251690570e9e7e43343f
 SHA-1: 14095c2bb0d6d5ca3310b36bb6be2d657d1d0a0d


Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: F/P: cercsr6.sys as Sirefef-AAP [Rtk]
« Reply #38 on: July 04, 2012, 06:23:42 PM »
I can confirm that the MD5 and SHA-1 checksums each match my file [as well as the file version/size].
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]