Avast WEBforum
Other => General Topics => Topic started by: konfoozed on February 06, 2012, 03:04:55 PM
-
I was delighted to see that four of the items found during a scan this morning have proved to be FPs. However 2 concerning adobearmhelper apparently can't be restored and the other two regarding MBAM have apparently been restored but remain on the list in virus chest.
Question: (1) Should I extract the first two? (2) Do restored items always show in the virus chest list?
Thanks for the help.
-
well...the files are restored but a copy of the files are stored in the chest.
-
When the file is restore, should there be a problem during the restoration, the only copy of that file could be gone.
So retaining a copy in the chest is a safety measure, once you confirm that the file is back in the original location (still having a copy in the chest shows that location), then you can manually deleted it from within the avast chest.
-
When the file is restore, should there be a problem during the restoration, the only copy of that file could be gone.
So retaining a copy in the chest is a safety measure, once you confirm that the file is back in the original location (still having a copy in the chest shows that location), then you can manually deleted it from within the avast chest.
OK thanks...so literally highlighting and hitting the delete?
-
well...the files are restored but a copy of the files are stored in the chest.
Thanks.
-
No problem! ;)
Thanks for confirming david...i thought i was a little wrong at my previous post..
-
So, can anyone tell what is the procedure for the two files that Avast says can't be restored?
-
When the file is restore, should there be a problem during the restoration, the only copy of that file could be gone.
So retaining a copy in the chest is a safety measure, once you confirm that the file is back in the original location (still having a copy in the chest shows that location), then you can manually deleted it from within the avast chest.
OK thanks...so literally highlighting and hitting the delete?
Yes, or just right click on the file and select delete.
So, can anyone tell what is the procedure for the two files that Avast says can't be restored?
Well you haven't said why they can't be restored, so it is kind of hard to give any advice ?
-
When the file is restore, should there be a problem during the restoration, the only copy of that file could be gone.
So retaining a copy in the chest is a safety measure, once you confirm that the file is back in the original location (still having a copy in the chest shows that location), then you can manually deleted it from within the avast chest.
OK thanks...so literally highlighting and hitting the delete?
Yes, or just right click on the file and select delete.
So, can anyone tell what is the procedure for the two files that Avast says can't be restored?
Well you haven't said why they can't be restored, so it is kind of hard to give any advice ?
Sorry, when I click on to these two items the restore option is faded out. Also, under properties it says they can't be restored.
-
Then we need more information of what the detection is, file name, location and malware name.
Some times Restore may not be possible, if it were a web based file/page, if it was a temp location and the folder is no longer present (system restore, restore point), etc. The above information would help to determine what that reason might be.
-
Then we need more information of what the detection is, file name, location and malware name.
Some times Restore may not be possible, if it were a web based file/page, if it was a temp location and the folder is no longer present (system restore, restore point), etc. The above information would help to determine what that reason might be.
Thanks for the reply.
In the original post I stated they were adobearmhelper.exe.
Properties are as follows:
C:\ProgramData\Adobe\Setup\(AC76BA86-7AD71033 File size 320456
H:\Documents and settings\Alluser\Application File size 320456
My computer is a dual boot so I don't have an effective SR facility.
-
I suspect that these locations no longer exist, have you checked that in windows explorer ?
The fact that it is dual boot would mean two separate OSes and two separate system restore functions (if both OSes are windows versions) and you hadn't disabled system restore.
My mention of system restore was as an example of a location where avast couldn't restore to as it is a protected area.
-
I suspect that these locations no longer exist, have you checked that in windows explorer ?
The fact that it is dual boot would mean two separate OSes and two separate system restore functions (if both OSes are windows versions) and you hadn't disabled system restore.
My mention of system restore was as an example of a location where avast couldn't restore to as it is a protected area.
I looked in Windows Explorer...nothing I could see. A search from the Start button brought up two identical files...one on the C drive and the other on the H drive: Program Files\Common Files\Adobe\ARM\1.0 File version 1.5.7.0 312 KB
Nothing else.
I run one drive with XP PRO and the other with Windows 7. The presence of another drive apparently disables both SRs.
-
If you are unable to find the original folder (not file name) location then there would be no way avast could restore it as it isn't able to create folders to be able to restore the file to it.
I have been trying to find out what the AdobeARMHelper.exe actually is, 'Adobe Reader and Acrobat Manager Helper' now that I'm a little wiser as to what it is. I don't know if this is a dual role helper for Adobe pdf reader and also the Adobe Acrobat PDF creator ( a different beast to just the reader).
If you only have the adobe pdf reader then - Personally I would be considering the complete uninstall of adobe pdf reader as it is like a Swiss cheese when it comes to security issues. It is a huge target for malware as it still has a very large user base, which makes it attractive to the malware writers. I gave up on it many years ago when it really became a bloated beast and was very common to find exploits reported on a very regular basis.
There are many other light pdf readers out there, which are so bloated when all you want is a simple pdf reader, I currently use PDF-XChange PDF Reader.
If you have the full adobe acrobat pdf creator then you may have to reinstall it to get this file back where it should be. You would also only want to do this if avast no longer detects the AdobeARMHelper.exe as infected (or it would alert again when you try to reinstall.
####
Weird I have never heard that having dual boot disables system restore.
-
Apart from Photoshop (which I can't think is involved) I only have the Reader. I did a search for Acrobat manager and nothing came up. Suppose if I do delete the entries in the virus chest then the worse case scenario will be that at some stage Adobe Reader won't work which wouldn't be a big deal.
Wasn't (hardly surprising being a relative newbie) aware that Adobe Reader was a target so thanks for enlightening me. I will now look into the alternatives.
I only found out about dual boot and System Restore after the second drive was installed....had I known I would have bought a tray and just swapped the HDs when necessary. After this is all sorted that will be the way I shall go.
Thanks for your help.
-
You're welcome.
Worst case scenario you wouldn't have the adobe helper what ever that does, but presumably the remainder would work, just that you didn't have the helper.
Personally if you only have the reader I would uninstall (rather than wait for it to fail) it and remove a potential security hole in your system and use a different pdf reader, there are many free ones out there.
-
If you are unable to find the original folder (not file name) location then there would be no way avast could restore it as it isn't able to create folders to be able to restore the file to it.
I have been trying to find out what the AdobeARMHelper.exe actually is, 'Adobe Reader and Acrobat Manager Helper' now that I'm a little wiser as to what it is. I don't know if this is a dual role helper for Adobe pdf reader and also the Adobe Acrobat PDF creator ( a different beast to just the reader).
If you only have the adobe pdf reader then - Personally I would be considering the complete uninstall of adobe pdf reader as it is like a Swiss cheese when it comes to security issues. It is a huge target for malware as it still has a very large user base, which makes it attractive to the malware writers. I gave up on it many years ago when it really became a bloated beast and was very common to find exploits reported on a very regular basis.
There are many other light pdf readers out there, which are so bloated when all you want is a simple pdf reader, I currently use PDF-XChange PDF Reader.
If you have the full adobe acrobat pdf creator then you may have to reinstall it to get this file back where it should be. You would also only want to do this if avast no longer detects the AdobeARMHelper.exe as infected (or it would alert again when you try to reinstall.
####
Weird I have never heard that having dual boot disables system restore.
Just to let you know that I have done my research and followed your lead......PDF-XChange in and Adobe Reader out together with the Adobearmhelper entries in the virus chest. Thank you.
-
You're welcome.
I find PDF-XChange more than capable of meeting my pdf reader needs, hopefully it will be the same for you.