Author Topic: Deleted files due to False Positives  (Read 10221 times)

0 Members and 1 Guest are viewing this topic.

Karmel83

  • Guest
Deleted files due to False Positives
« on: December 03, 2009, 05:59:33 PM »
Hello, last night my Avast was going bananas and stated that I had 19 files infected. Because I scan in safe mode I was unable to move to them to the chest and deleted them. However, I found out on the forum that they were FP's and now I am worry that my computer is going to start acting funny. Please let me know how to add these files back.


Thank you in advance

God Bless

Karmel

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Deleted files due to False Positives
« Reply #1 on: December 03, 2009, 06:03:00 PM »
You can try one of these programs:

http://www.piriform.com/recuva

http://www.snapfiles.com/get/restoration.html

Always try to move files to the chest first, as you can recover them if they are false positives.

Deletion leaves very little room for repair.

Hope those utilities help!
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Karmel83

  • Guest
Re: Deleted files due to False Positives
« Reply #2 on: December 03, 2009, 06:05:54 PM »
Can I just go back on my computer and do a system check point or just do a non-destructive restore?

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Deleted files due to False Positives
« Reply #3 on: December 03, 2009, 06:07:17 PM »
That should do it as well.  Just make sure that you update avast after that.

If it doesn't work, one of the recovery utilities may still help, but I'd try to recover the files before something over-writes them
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Karmel83

  • Guest
Re: Deleted files due to False Positives
« Reply #4 on: December 03, 2009, 06:15:07 PM »
What do you mean "if something else overwrites them"?...

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3054
Re: Deleted files due to False Positives
« Reply #5 on: December 03, 2009, 06:18:42 PM »
he means, search for deleted files using the file recover tools and recover the files... so that the deleted file sector on the hard disk is not over written when you try to restore using system restore.

nmb

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Deleted files due to False Positives
« Reply #6 on: December 03, 2009, 06:20:49 PM »
Thanks NMB.  Exactly what I meant.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Karmel83

  • Guest
Re: Deleted files due to False Positives
« Reply #7 on: December 03, 2009, 06:21:53 PM »
What if the files are overwritten, what would happen?  This is all so new to me... I am running the Piriform Recuva right now.

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3054
Re: Deleted files due to False Positives
« Reply #8 on: December 03, 2009, 06:27:07 PM »
Karmel83,

there is something you need to understand.

the files deleted generally are not actually removed from the disk area but only removed from the file table or list or something similar to that in the drives file list. so if the area in which the file was present previously is over written with a new file then you cannot recover a file. instead if you scan now, before restoring using system restore, and recover the file then you will have no loss.

hope you understood.

nmb

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Deleted files due to False Positives
« Reply #9 on: December 03, 2009, 06:27:53 PM »
When a file is deleted, it's only marked as deleted - and the corresponding areas on the disk are marked as free. At that moment, it's usually possible to restore the file.
However, if you (or another tool, or the operating system) saves another file on the disk, it may re-use this "free" area and overwrite the content for real. At that moment, it's not possible to restore the file anymore.

Karmel83

  • Guest
Re: Deleted files due to False Positives
« Reply #10 on: December 03, 2009, 06:31:22 PM »
Thank you so much guys! I am beginning to understand...right now I am scanning for recovery and hopefully I can recover all of the files.

God Bless

Karmel

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3054
Re: Deleted files due to False Positives
« Reply #11 on: December 03, 2009, 06:32:19 PM »
make sure you enable deep scan in advance options.

nmb

Karmel83

  • Guest
Re: Deleted files due to False Positives
« Reply #12 on: December 03, 2009, 06:35:34 PM »
I did, thanks!

sailordan

  • Guest
Re: Deleted files due to False Positives
« Reply #13 on: December 03, 2009, 06:37:52 PM »
So I have a little variation on this.  Last night I got hit by the delf issue and after I put 2 files in the chest I decided to do a boot scan where it found another 35 files or so before I stopped it.  Unfortunately I selected option to "Move" the file which after looking closer I would have selected "Move to Chest".  So where did it "Move" them to if not the chest?  Did it create a log somewhere?  I can recover if I know what got deleted/moved.

Thanks in advance!!

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Deleted files due to False Positives
« Reply #14 on: December 03, 2009, 06:41:21 PM »
"Move" means moving the file into <avast4>\Data\Moved folder - so you'll find them there, possibly with .vir extension appended.
As for what files were moved there... you can check the <avast4>\Data\Log\warning.log file (or you can use avast! Log Viewer, actually) - the original locations should be there.