Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: coco3117 on April 03, 2011, 01:57:42 PM
-
hello,
I'm french. After updating AVAST to the version 6.0, my computer can't restart because the new version has detected viruses on files used to the start the computer.
I would see the quarantine folder on the hard disk to see the infected files, but i can't enter in WINDOWS XP. I see the hard disk on an other computer.
Please can you tell me in what folder the infected files are stocked ?
thank's for your response and sorry for my english
-
hello,
I'm french. After updating AVAST to the version 6.0, my computer can't restart because the new version has detected viruses on files used to the start the computer.
I would see the quarantine folder on the hard disk to see the infected files, but i can't enter in WINDOWS XP. I see the hard disk on an other computer.
Please can you tell me in what folder the infected files are stocked ?
thank's for your response and sorry for my english
Here
C:\ProgramData\AVAST Software\Avast\chest
But they don't have extensions, so you will cannot access them.
And Can you please tell me what files/folders are detected and what infection was found?
Can you access to safe mode? (when booting start pushing F8 and choose safe mode)
So
1) Enter the Safemode WITH INTERNET
2) Restore quarantined files to it's original location
3) Pack the folder with detected files to *rar extension
4) Open explorer and type in ftp://ftp.avast.com/incoming/
5) Send the archive to this address
-
thank's for your response.
i haven't the folder "chest" in C:\ProgramData\AVAST Software\Avast\
i have :
C:\ProgramData\AVAST Software\Avast\1036
C:\ProgramData\AVAST Software\Avast\chrome
C:\ProgramData\AVAST Software\Avast\defs
C:\ProgramData\AVAST Software\Avast\flash
C:\ProgramData\AVAST Software\Avast\setup
C:\ProgramData\AVAST Software\Avast\WebRep
but no chest
an other idea ?
-
thank's for your response.
i haven't the folder "chest" in C:\ProgramData\AVAST Software\Avast\
i have :
C:\ProgramData\AVAST Software\Avast\1036
C:\ProgramData\AVAST Software\Avast\chrome
C:\ProgramData\AVAST Software\Avast\defs
C:\ProgramData\AVAST Software\Avast\flash
C:\ProgramData\AVAST Software\Avast\setup
C:\ProgramData\AVAST Software\Avast\WebRep
but no chest
an other idea ?
Wow, I don't have any of these files you listed me.
C:\ProgramData\AVAST Software\Avast\
So, access to safe mode, open avast! GUI, open maintenance and Chest.
Then restore files to original location, pack the files to archive and send them to
ftp.avast.com/incoming/
Don't forget to name the package like coco3117 infected.rar. BTW don't forget to enter password "Infected"
-
sorry, i make a mistake, these folders are in C:\Program Files and not in c:\ProgramData like this :
C:\Program Files\AVAST Software\Avast\1036
C:\Program Files\AVAST Software\Avast\chrome
C:\Program Files\AVAST Software\Avast\defs
C:\Program Files\AVAST Software\Avast\flash
C:\Program Files\AVAST Software\Avast\setup
C:\Program Files\AVAST Software\Avast\WebRep
no folder c:\ProgramData in my disk, it's normal ?
-
sorry, i make a mistake, these folders are in C:\Program Files and not in c:\ProgramData like this :
C:\Program Files\AVAST Software\Avast\1036
C:\Program Files\AVAST Software\Avast\chrome
C:\Program Files\AVAST Software\Avast\defs
C:\Program Files\AVAST Software\Avast\flash
C:\Program Files\AVAST Software\Avast\setup
C:\Program Files\AVAST Software\Avast\WebRep
no folder c:\ProgramData in my disk, it's normal ?
Yes It's normal, you don't have Windows 7. But please follow my previous post.
-->
1) Enter the Safemode WITH INTERNET
2) Restore quarantined files to it's original location
3) Pack the folder with detected files to *rar extension, name the *rar "coco3117 infected" and enter name infected
4) Open explorer and type in http://ftp://ftp.avast.com/incoming/
5) Send the archive to this address
-
And the purpose of this excercise is? Restore infected files so that you can boot and get more of them infected, or what? ??? ??? ??? You need to restore the files from a known clean source, NOT from the chest.
-
Look in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\chest
-
And the purpose of this excercise is? Restore infected files so that you can boot and get more of them infected, or what? ??? ??? ???
Stop entering your stupid notes and give him some help >:(
-
And the purpose of this excercise is? Restore infected files so that you can boot and get more of them infected, or what? ??? ??? ???
Stop entering your stupid notes and give him some help >:(
You know what? Stop giving stupid "advice". Restoring infected system files required for boot makes no sense. Either they will immediately get deleted again or they will be missed by avast! and infection will spread. I gave him correct non-stupid advice.
-
And the purpose of this excercise is? Restore infected files so that you can boot and get more of them infected, or what? ??? ??? ???
Stop entering your stupid notes and give him some help >:(
you know, stop giving stupid "advice". Restoring infected system files makes no sense. Either they will immediately get deleted again or they will be missed by avast! and infection will spread. I gave him correct non-stupid advice.
I want to let him restore files, send them to avast lab to check
-
And the purpose of this excercise is? Restore infected files so that you can boot and get more of them infected, or what? ??? ??? ???
Stop entering your stupid notes and give him some help >:(
Then I offer help as you are running Windows 7 x64 and I am running XP!
-
I want to let him restore files, send them to avast lab to check
And how is it going to help with his unbootable system? Uh. And it is irrelevant which system you are using. Infected system files need to be replaced from known clean source, instead of restoring the infection. ::)
-
I don't think he wants to restore the files... well I hope not. But as he cannot boot anymore as a result of these files being quarantined, he just wants to see them in the chest folder from another OS install (or networked computer).
-
i have find the folder F:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\chest with 33 files named "0000000A" to "00000020" and ondex.xml.
what can i do ? Send the folder to avast lab ?
-
And the purpose of this excercise is? Restore infected files so that you can boot and get more of them infected, or what? ??? ??? ???
Stop entering your stupid notes and give him some help >:(
Then I offer help as you are running Windows 7 x64 and I am running XP!
Yes
-
i have find the folder F:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\chest with 33 files named "0000000A" to "00000020" and ondex.xml.
what can i do ? Send the folder to avast lab ?
oui ;)
-
I don't think he wants to restore the files... well I hope not. But as he cannot boot anymore as a result of these files being quarantined, he just wants to see them in the chest folder from another OS install.
I don't want him to restore the files forever, I want just to let him send these files to avast! If this is false positive or he's infected,
-
these sound like restore point or recycled files..
-
Ignore the quarantined crap in the chest for now, you can submit them via chest normally once you have fixed your system properly. Do you have XP install media at hand? If so, take note of the missing files when XP fails to boot, you can use expand.exe to replace them when you boot to XP recovery console (from the F8 boot menu or from the CD).
these sound like restore point or recycled files..
Nah, avast! is mangling the filenames as well. There is index.xml file with information about the original names and location of the renamed files in the chest folder.
-
can i open the index.xml with all security ????
-
can i open the index.xml with all security ????
what for ?
-
to look the files names
-
look, we have no idea why your files got detected and blocked in the first place. If I were you, I'd leave all that junk alone and re-install XP from scratch. I wouldn't even attempt a repair of it. A repair could work... but I just wouldn't trust the setup.
-
look, we have no idea why your files got detected and blocked in the first place. If I were you, I'd leave all that junk alone and re-install XP from scratch. I wouldn't even attempt a repair of it. A repair could work... but I just wouldn't trust the setup.
I can assist him with repair of his system via the XP recovery console if he wishes and has at least the bootable CD at hand. Not going to help in any way with restoring the junk though. As said, that can be done properly once the system is back alive and kicking and will not help with fixing the system in any way. Chances that those are FPs are so slim that this is basically just waste of time, it is not like avast! would render people systems unbootable due to FPs every day.
-
i have a problem to send the rar at the address : http://ftp://ftp.avast.com/incoming/
the reply is : "Google chrome could not find ftp"
-
i have find the folder F:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\chest with 33 files named "0000000A" to "00000020" and ondex.xml.
what can i do ? Send the folder to avast lab ?
You can't work with the files from outside the avast chest, they are encrypted. You have to open the avast chest, avastUI, Maintenance, Virus Chest.
Files can be submitted to avast for analysis by right clicking on them and select Submit to virus lab... Unfortunately there is no means to send multiple samples to the labs together.
I'm not sure what it is that you are trying to achieve by sending them to the avast virus labs ?
With 33 detections I rather suspect it might be some sort of file infecter rather than 33 false positive detections that you want resolved. The virus labs can't clean files that you send them if they are infected if they couldn't be Repaired previously as part of the detection.
Can you give us some examples of the file name, malware name and the original location e.g. (C:\windows\system32\infected-file-name.xxx) ?
All of this information should be available to you in the chest, by right clicking on the file and select Properties.
-
Can you give us some examples of the file name, malware name and the original location e.g. (C:\windows\system32\infected-file-name.xxx) ?
All of this information should be available to you in the chest, by right clicking on the file and select Properties.
It does not work for him, unbootable system. He can just attach the index.xml file here (rename to index.txt so that it works) and we will see what got quarantined. Anywhere, no idea what is the purpose of this as well.
-
@DavidR yeah I forgot that lol ... chest files are encrypted anyway (quarantine process) and won't be accessible from an external system. Thing is the guy can't boot the infected system anymore. Remains index.xml, well there's no reason for this one to be encrypted and that would give an idea of what happened.
-
i sea the files names in index.xml.
I think that i reinstall Win XP properly after formatting the disk.
Thank's very much everybody for your responses.
-
@DavidR yeah I forgot that lol ... chest files are encrypted anyway (quarantine process) and won't be accessible from an external system. Thing is the guy can't boot the infected system anymore. Remains index.xml, well there's no reason for this one to be encrypted and that would give an idea of what happened.
The index.xml is not encrypted and will provide the basic info original file name, location and Virus, etc.
So yes it will give an idea what happened - But I'm still wondering what it is that the OP is hoping for in trying to send the files to avast. Whilst they may possibly be able to decrypt them, if there isn't a unique encryption key created for the users system and not a common encryption key for the chest