Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: tiger on February 13, 2005, 05:11:58 PM
-
Hi everyone,
I am new to this forum, and I just wanted ur help on how ARDB repairs/works!
I installed avast!4.5 home edition recently and detected 3viruses in my PC (hope not false+ves). During the scanning avast! couldnt repair the infected files and trasferred them to the "chest". I am not sure what to with them afterwards. I read on the help text that i wont be able to use the infected files anymore and there is no file "REPAIR" OPTION IN THE CHEST.
Plus, I am not clear what the VRDB does...the short help included is not informative?
The icon is there on the system tray, and I run it by selecting the "generate VRDB now" but at the end it doesnt give me any summary or what it generated, it just goes silent...actually, i dont know what it genrates and THERE IS NO WAY ON HOW TO KNOW WETHER THE INFECTED FILES HAVE BEEN REPAIRED/HEALED OR NOT...and i cant simply delete them from the "chest"!!!
So, please ur expertise help is crucial for me here!
Thank you.
;D
PS- here are the names of the viruses detected on my PC. hope they are not false +ves!
Win32:Trojan-gen. {other}
JS:ClassLoader-2
Uruguay 6/7/8
-
Hi tiger, and welcome,
Others will be along before long to help you get rid of that trojan. Basically, a trojan is one or more new unwanted files on your system, rather than an old legit one that's become infected, so the only "cleaning" possible is to dump it.
-
The VRDB, must have been run in order to be able to attempt a repair.
The VRDB only scans some of your files, typically, exe, dll and system files, etc. it is not a data backup program.
It can only repair files that have been infected by a virus (a trojan is not a virus), e.g. only a small part of the file is the virus, this is what is removed (repair).
Trojans are wholely malicious and the only way to effect a repair is to delete.
-
still me....
if i simply delete the infected files from the "chest", how can i be sure that they will be repaired? does the VRDB give a report of the database...where?
-
VRDB = Virus Recovery DataBase
It stores copies of certain legitimate files (Windows files).
If one or more of those original files get infected,
Avast will use the copies in the VRDB to replace the infected ones.
The VRDB is not (as David said) used to repair files.
He is however, correct with his explanation that only files that are infected with a true virus can be repaired.
For definations about viruses, malware, trojans and such, have a look HERE (http://212.204.166.18/smf/index.php?topic=2.0)
In order to see if the infected file is a false positive or not, submit the file to JOTTI (http://virusscan.jotti.org/).
If other scanners don't detect it, it is either a false positive or a (till now) unknown (new) infection.
-
Thanx for ur quick reply Eddy,
I wanted to sumit the infected files to JOTTI, but they are in the virus chest. the brawer wouldnt open the chect...or should i cut and paste the directory on the JOTTI submission bar...
tiger
-
Open the virus chest and right click on the file(s) and select properties.
Tell us the name of the file(s) and the original location.
-
Here are the original location of the files and the corresponding ?viruses/trojans which infected them:
1. C:\program Files\MyWy\myBar\1.bin\NPMYWAY.DLL
(infected by: win32:Trojan-gen.{other})
2. C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP90\A0010948.DLL
(infected by: win32:Trojan-gen.{other})
3. C:\Documents and Setting|doctorTG\Application Data|Sun|Java|Deployment\cache\javapi\v1.0\jar\nbb2.jar-3ba8fb30-3657140f.zip
infected by: JS:ClassLoader-2
4. C:\hp\tmp\src\psptr\rus\Readme.txt
infected by: Uruguay 6/7/8
cheers!
-
Those are no false positives. They are real malware.
I suggest you delete them from the chest.
To make sure your system is clean follow the instructions in the malware removal section on my website.
(see the link in my signature)
-
Thanks again Eddy, i will do as u advised!
bye for now.