system dll isolated in virus chest and can't get it out.

[twl845]

Hi All,
When I accessed a few apps to print something, I got a pop up saying something like a suspicious file was sent to the virus chest. After this, I can't print anywhere. The file is: Name - CNB0265.dll, Location - C:\ windows\system32\spool\drivers/x64\3, Virus - WIN:EVO-GEN(susp)
I tried clicking Restore but couldn't do it by right clicking for choices. I don't know how to get the file out of quarantine, and I don't know how to reverse this and eliminate the file from being quarantined again. I did a full scan which produced no infections before the pop up occurred, and did a Malwarebytes scan too. I right clicked the virus name in quarantine and it says (no virus). So If someone could please help me I would be really grateful. Thanks in advance.

[jefferson sant]

Hello,
please, post screenshot of  alert avast

send the file via email virus@avast.com
put "False positive" to email subject

or through http://www.avast.com/contact-form.php

[twl845]

Hi, I can't post a screenshot of the pop up alert, it only appears in the virus chest. If I delete it from the virus chest will it be gone or will it go back to its proper location? Thanks for your response.

[jefferson sant]

click with the right mouse button on the file
and choose the restore option

Follow the instructions below

submit the file via Quarantine to virus lab

http://www.avast.com/faq.php?article=AVKB21

Reported to virus analyst in order to get a reply.

[twl845]

I right clicked the entry before and clicked Restore but nothing happened.

[jefferson sant]

I right clicked the entry before and clicked Restore but nothing happened.

use the extract option
choose a folder where you want to send a copy of the file.

[twl845]

I clicked extract and chose C:\windows\system32 and it's still there.

[jefferson sant]

I clicked extract and chose C:\windows\system32 and it's still there.

now appears a alert ?
send a document or image to print.
try to access the folder and see if avast show some warning.

[twl845]

As soon as I clicked Documents I got the virus alert. I see another line in the alert titled Process: C:\windows\...\printisolationhost.exe

[jefferson sant]

As soon as I clicked Documents I got the virus alert. I see another line in the alert titled Process: C:\windows\...\printisolationhost.exe

you have to take a picture of the warning?
move the file to its original location
the more correct way is to send the file to be analyzed is possible error update.
I will return tomorrow,if the problem is not solved.

[twl845]

I got a trouble ticket started and am waiting for a response. Mean time I'm going to do a restore to a different snapshot and try to disable Avast self defense module temporarily before Avast grabs my printer driver again. I'll be back. 

[Pondus]

when you restore a file from chest, a copy will remain in chest ....
is that what you see?.... or does it not go back to orginal location


how to ....   avast! 8.x: Using the Virus Chest
http://www.avast.com/faq.php?article=AVKB21


and you find lots of how to stuff in the FAQ section, just search.    http://www.avast.com/faq.php

[DavidR]

Another point, restoring a file from the chest isn't going to work it avast still considers it infected.

As soon as it arrives avast would alert again.

If it isn't considered infected, but it is a system file, windows would also be trying to protect the file that already exists there, which I presume it does for time machine to work (that's what I get on a search for the dll name).

I also see that you have a query on the go at wilders relating to time machine, http://www.wilderssecurity.com/showthread.php?t=339999&page=187.

[twl845]

when you restore a file from chest, a copy will remain in chest ....
is that what you see?.... or does it not go back to orginal location


how to ....   avast! 8.x: Using the Virus Chest
http://www.avast.com/faq.php?article=AVKB21


and you find lots of how to stuff in the FAQ section, just search.    http://www.avast.com/faq.php

After clicking Restore the file which is my printer driver stays highlighted in the chest. If I try to go to a place where I can print like my Documents, Avast sends me another pop up and the file shows up again in the chest.

[twl845]

Another point, restoring a file from the chest isn't going to work it avast still considers it infected.

As soon as it arrives avast would alert again.

So how do I force avast to not consider it infected?