Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: hines232 on September 29, 2008, 03:52:40 AM

Title: Restore from Virus chest
Post by: hines232 on September 29, 2008, 03:52:40 AM

I was just poking around in my Virus chest. Rescanned all of them, (With Avast). Some were still infected and told me so loud and clear. The ones that passed the scan I "restored" from the chest. and they said that they restored OK !!. Yet they are still in the chest !!!.Do I have to manually delete them now ???. ::)

Title: Re: Restore from Virus chest
Post by: DavidR on September 29, 2008, 05:03:13 PM

A copy remains in the chest (though the help file says it should be removed), personally I feel this is safer. Once you have confirmed that the file is back in the original location, then delete it from the chest.

What was the malware name, the file name, where was it originally found e.g. (C:\windows\system32\infected-file-name.xxx) ? 

Title: Re: Restore from Virus chest
Post by: hines232 on September 29, 2008, 07:28:57 PM

DavidR, I will give you there names in a short time. Will have to go back into the chest.

Title: Re: Restore from Virus chest
Post by: hines232 on September 29, 2008, 09:37:50 PM

DavieR Restored files.

1. mcupdate portal.dll   (c:\windows\download\system)

2. twcsetup.exe          (c:\program files\mydocuments)

3. yms9183.tmp          (c:\windows\tmp)

4. command.com         (c:)

5. kernal32.dll             (c:\windows\system)

6. wsock32.dll             (c:\windows

Thanks for the come back.

Restored, but did not delete yet.  ;D

Title: Re: Restore from Virus chest
Post by: DavidR on September 29, 2008, 10:07:52 PM

Well the kernal32.dll and wsock32.dll would be in the System files section of the chest and aren't infected (they are back-up copies of important system files).

The only area that should concern you is the Infected files section, which I guess the others 1-4 were ?

I'm a little surprised that the command.com came from the c:\ drive as the command.com would normally be in the windows\system32 folder. This is for winXP, so I don't know if c:\ would be correct on a winME OS.

So I would suggest that the item 1, 2 & 4 be uploaded to virustotal for confirmation that nothing else detects anything.

Item 3 being from a temporary folder I would just have binned.

Title: Re: Restore from Virus chest
Post by: hines232 on September 30, 2008, 12:44:21 AM

You are correct on the Kernel32.dill and Wsock32.dll. I will farther check out what you suggested. Again thanks for your time.

Title: Re: Restore from Virus chest
Post by: DavidR on September 30, 2008, 01:00:53 AM

You're welcome.

Sorry I can't be more help reference winME file locations.

Title: Re: Restore from Virus chest
Post by: wyrmrider on September 30, 2008, 05:37:37 PM

yms9183.tmp          (c:\windows\tmp)

does not google so I'd definitely upload it to virustotal however it is a temp file
if you restored does it go away when you clean your system temp files?
ATF Cleaner- or CCleaner or by hand?)

Title: Re: Restore from Virus chest
Post by: oldman on October 01, 2008, 05:21:27 AM

Okay, a day late and a dollar short, but I think I can resolve the question of command.com.

Since I'm using ME's grandfather for an OS, command.com is in the C:\ drive and is also in the chest's sytem files.

Title: Re: Restore from Virus chest
Post by: DavidR on October 01, 2008, 03:14:49 PM

Thanks oldman.

Better late than never ;D I guess with an old OS command.com would be essential ;D

Title: Re: Restore from Virus chest
Post by: oldman on October 02, 2008, 04:44:12 AM

Not only essential, but useful  ::)