F/P: cercsr6.sys as Sirefef-AAP [Rtk]

[Rick F]

Thanks to avast for fixing the FP for this Dell driver. 

Thanks also to ky331 for pointing me in the right direction for finding this file.  I also found it under 'C:\WINDOWS\dell\cercsr6'.  Copy and pasted in the correct directory. 

What frustrates me though is I DID NOT delete this file nor did I click on 'move to chest'. Avast just deleted it while I was writing down the name and dir of the suspected file – along with virus name.  The only thing I clicked on was 'stop', which I thought would stop the process of deleting/quarantine or stop the virus from running (if it was a virus).  I suspected it was a FP since it was a driver and wanted to research before taking any action.

The last FP I had was about a year or so ago when avast detected SAS as suspect or infected.  The same thing happened... deletion of file. 

[Plus8]

Sorry. I'm dull. Where did you paste it? I'd like to restore mine too! A Malwarebytes scan crashed my laptop last PM, so maybe that's related?!

[Rick F]

Plus 8,  If you have a WinXP machine, here are the instructions...

I assume you found the file "cercsr6.sys", right-click on it and click 'copy'. Then navigate to "Windows\System32\drivers".  Right-click on the 'drivers' folder and click 'paste'.  You can verify the file now exists in the Windows\System32\drivers directory.

[Plus8]

Thanks, Rick F,

Hmmm... I found the folder dell/cercsr6 but have no cercsr6.sys in there. It's in my Avast chest of course. No way to restore it out of there? I thought the purpose of a chest was to allow a file to be retained and restored if necessary?

No copy under system32/drivers either. Any other suggestion?

[Rick F]

Ok, I just looked back and see you wrote, "several files were moved to the vault". I suspect one of them was was from the 'Dell' dir.

If you have the file in your avast vault, can you restore it? 'right-click' on the file and click 'restore'.

Hope this works for you.

[ky331]

You should be able to open the Virus chest, right click on the file in the chest and select Restore

 

[Plus8]

Thank you both! Pictures are great as I'd missed that tab. Sadly the cupboard is totally bare even though the scan logs indicate that a bunch of stuff has been moved there successfully over the last 2 - 3 years. Bewildering actually.

Does the chest dump on re-boot?! Very odd...

[DavidR]

The chest retains its content until the users  restores or deletes, if you uninstall avast that too will remove (not restore) the contents of the chest.

I can only assume there was a problem moving them to the chest, but you should have got an error message about that I believe. Have you checked the original location/s for the presence of the file ?

[Plus8]

Would have thought so myself. Only had one error message and that was when my network was down due to a power outage. Scan logs say that the items were moved to chest successfully. I do update the program but have never uninstalled it.

No clue about this.

[DavidR]

Have you checked the original locations ?

[Plus8]

Have you checked the original locations ?

Yes, I did for cercrs6.sys. The others were in System Volume Information and I don't even see were to look on the C drive for those. Maybe hidden?

[DavidR]

The ones that were in the System Volume Information aren't so much of an issue/problem:

There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
- Worst case scenario it isn't infected and you delete it, you can't use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
 
- So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

The System Volume Information folder/s are system hidden folders so you won't see them unless you have changed the Folder Options to 'show' Hidden Files and Folders.

[Wehrdo]

The restore option was not available to me for this file in avast, but I could extract it then move it to the proper directory.

For anybody that wants it, here's mine: http://www.mediafire.com/download.php?d6zqtg704bpq720

That's version 4.1.0.7405

I'm running a Dell XPS 400 with Windows XP 32bit Media Center SP3

[ky331]

I tested Wehrdo's file, and it is identical with the one I have on my system.

[evita1]

Thanks so much!  I had avast remove my copy from my windows/dell folder and my pc went nuts.  I downloaded yours and my machine seems to be working again .  Just FYI- I'm running dell optiplex gx620 with Win XP Pro (32 bit)

The restore option was not available to me for this file in avast, but I could extract it then move it to the proper directory.

For anybody that wants it, here's mine: http://www.mediafire.com/download.php?d6zqtg704bpq720

That's version 4.1.0.7405

I'm running a Dell XPS 400 with Windows XP 32bit Media Center SP3