Avast WEBforum
Other => Viruses and worms => Topic started by: Karmel83 on December 03, 2009, 05:59:33 PM
-
Hello, last night my Avast was going bananas and stated that I had 19 files infected. Because I scan in safe mode I was unable to move to them to the chest and deleted them. However, I found out on the forum that they were FP's and now I am worry that my computer is going to start acting funny. Please let me know how to add these files back.
Thank you in advance
God Bless
Karmel
-
You can try one of these programs:
http://www.piriform.com/recuva
http://www.snapfiles.com/get/restoration.html
Always try to move files to the chest first, as you can recover them if they are false positives.
Deletion leaves very little room for repair.
Hope those utilities help!
-
Can I just go back on my computer and do a system check point or just do a non-destructive restore?
-
That should do it as well. Just make sure that you update avast after that.
If it doesn't work, one of the recovery utilities may still help, but I'd try to recover the files before something over-writes them
-
What do you mean "if something else overwrites them"?...
-
he means, search for deleted files using the file recover tools and recover the files... so that the deleted file sector on the hard disk is not over written when you try to restore using system restore.
nmb
-
Thanks NMB. Exactly what I meant.
-
What if the files are overwritten, what would happen? This is all so new to me... I am running the Piriform Recuva right now.
-
Karmel83,
there is something you need to understand.
the files deleted generally are not actually removed from the disk area but only removed from the file table or list or something similar to that in the drives file list. so if the area in which the file was present previously is over written with a new file then you cannot recover a file. instead if you scan now, before restoring using system restore, and recover the file then you will have no loss.
hope you understood.
nmb
-
When a file is deleted, it's only marked as deleted - and the corresponding areas on the disk are marked as free. At that moment, it's usually possible to restore the file.
However, if you (or another tool, or the operating system) saves another file on the disk, it may re-use this "free" area and overwrite the content for real. At that moment, it's not possible to restore the file anymore.
-
Thank you so much guys! I am beginning to understand...right now I am scanning for recovery and hopefully I can recover all of the files.
God Bless
Karmel
-
make sure you enable deep scan in advance options.
nmb
-
I did, thanks!
-
So I have a little variation on this. Last night I got hit by the delf issue and after I put 2 files in the chest I decided to do a boot scan where it found another 35 files or so before I stopped it. Unfortunately I selected option to "Move" the file which after looking closer I would have selected "Move to Chest". So where did it "Move" them to if not the chest? Did it create a log somewhere? I can recover if I know what got deleted/moved.
Thanks in advance!!
-
"Move" means moving the file into <avast4>\Data\Moved folder - so you'll find them there, possibly with .vir extension appended.
As for what files were moved there... you can check the <avast4>\Data\Log\warning.log file (or you can use avast! Log Viewer, actually) - the original locations should be there.
-
Thanks!! That gives me the info to get it back up and running!!
Actually, I should use this as an excuse to upgrade the MB-CPU-Ram and reinstall the operating system.
-
Thanks!! That gives me the info to get it back up and running!!
Actually, I should use this as an excuse to upgrade the MB-CPU-Ram and reinstall the operating system.
sounds good to me!
-
Well the restore program only found 2 out of the 19 files that were deleted. What should my next step be?
-
Consider this, it might even fix deleted files?
Avast's boot scan moved 97 files in key programs of mine to the virus chest before I got suspicious and stopped it.
It restored 91 files from the Virus Chest but could not restore 6 which were key .exe files.
I was able to restore the last 6 out of the 97 files that Avast could not restore from the Virus Chest by doing a Windows system restore set back 1 day.
Amazingly, everything went back to normal. It even restored Spybot which I had uninstalled after getting so many Trojan messages.
I did not know about the Virusa Chest "extraction option" at the time, which I will keep in mind if there are any more comebacks, but the system restore was easy and did not require you provide a correct path to restore the files.
By the way, the deleted files remained listed in the virus chest so I will snapshot them for the record but I intend to leave them alone.
Good luck
-
Now that I have read all the wise posts, they leave me a little jittery. I did a system restore and everything seemed to return to normal. Problem solved, right? Granted my files were moved to the Virus Chest not deleted. Should I have some lingering concern that system restore or some other program may have or may yet overwrite something and I still have to use the scan or restore or extraction commands in the Virus Chest to do what I thought System Restore had already done? See my earlier post. Any advice appreciated.
-
the only way remaining after the deleted file scanner is to use system restore with hands crossed. if you are in safe mode, make sure you back up all the needed documents. and as soon as you restore, connect to the internet and update to the latest version. if any application is not working, just download the installer from the product site and install over the current installation. that should do
nmb
-
Hello, last night my Avast was going bananas and stated that I had 19 files infected. Because I scan in safe mode I was unable to move to them to the chest and deleted them. However, I found out on the forum that they were FP's and now I am worry that my computer is going to start acting funny. Please let me know how to add these files back.
Karmel
Consider installing quality imaging software like Acronis True Image or Paragon and you'll never have to face this problem again. Restored images have saved me many times. :)
-
Thank you so much. Where can I find them to download them.
Consider installing quality imaging software like Acronis True Image or Paragon and you'll never have to face this problem again. Restored images have saved me many times. :)
[/quote]
-
Hello Karmel83,
instead of paying for paragon or arconis.. there is a free software for that. that is O&O software's disk image express. its available in filehippo.com currently the site is down. just search around a bit.
nmb
-
OMG...my system restore is not working. I have tried twice. Do you think this is because I deleted some files?
Ugh...the only thing left to do is a non-destructive recovery right?
Can someone tell me if this is the right step.
-
oki,
you have tried all these:
1. cannot restore files from chest as they are already deleted.
2. file recovery softwares didn't help.
3. system restore didn't help.
atm,
well I would do this:
back up all the important documents(including avast! full setup file). format the windows partition only, so that all other partitions are intact.
load up windows afresh.
install all the required softwares including avast!, go online and update all the softwares including windows.
get a good backup or drive image creating software, back up the partition on to a portable hard disk which I would not use to any other purpose but only for creating back ups every 3 or 7 days(depends on how much you use your pc).
be prepared for future. should there be any problem like the on you just came across, just restore the partition with the image(backup) of the partition.
thats it from my side. stay here for a few moments.. if any of my forum friends have any better ideas then please give them a try.
else you know what to do - decision is yours.
thanks
nmb
-
Thanks nmb!
-
Thanks nmb!
please tell us what is your decision so that we can take the feed back for improving ourselves. please come back after you have made a decision.
thanks
nmb