Author Topic: [FIXED] [VBS: Malware Gen] False positives Vir. def: 170221-1 22.2.2017 0:08:41  (Read 155683 times)

0 Members and 1 Guest are viewing this topic.

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
The Avast team have gone quiet again.... cmon guys speak up, The almighty avast overlords who send down the updates to us all
Of course we have gone quiet - even the mighty overlords need to sleep at night :D

I'm confused. The start of this thread says:
FIXED: VPS 170222-0 is already out and fixes this false positive. Moroni
But there are more recent updates than -0 which makes me think that it wasn't a fix. And there are lots of reports still coming in of problems...
The VPS 170222-0 indeed was released WITHOUT the FP detection (ie. this VPS contains the fix to the VBS:Malware-gen problem). But we of course release new VPSs every day - it is not just a means of solving (disabling) false positives, but also of releasing new detections.

REDACTED

  • Guest
I did a bootscan and Avast deleted about 100 files. My laptop is totally screwed. Trying to restore the files from the Virus chest and it says they're already there. Gives "Overwrite All" option, which I chose, but Windows is acting broken still. I'm going to have to back up my files to an external hard drive and reinstall Windows 10. System Restore does not work. What a massive F up on Avast's part. No sympathy from them in these replies tho. I'm going to be asking for a refund and purchase a different Antivirus program.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
It can happen with any av.
And this is not a reason to get a refund if you are not within the 30 days.

REDACTED

  • Guest
Hello HonzaZ,
Nice to see a Avast team member in this thread.
Short question: Can affected users with OS problems expect help from your side or should we just move on?

REDACTED

  • Guest
System restore is the best option for now

System Restore did not complete successfully. Your computer's system files and settings were not changed.

Details:

System Restore failed while restoring the directory from the restore point.
 Source: AppxStaging
 Destination: %ProgramFiles%\WindowsApps
An unspecified error occured during System Restore. (0x80070091)

This same error has occured with my system restore as well.  Let me know if you end up figuring it out...

No luck yet  :-\

I tried to change the ownership of the windowsapps folder, finally got that all worked out. Then tried to do system restore point, and now all my restore points are gone  >:( >:( >:(
So at this point I'm just screwed. Going to see if i can somehow fresh install windows 10 w/o losing all my files...

At this point strongly considering following this guide http://www.intowindows.com/how-to-reinstall-windows-10-without-losing-data/
but i don't have a windows 10 ISO, and I'm nervous to do it. I'm a nuclear engineering grad student and I desperately need this PC for my thesis work. It has all of my  research programs and research data on it. I have backups for the data, but not the programs.
« Last Edit: February 23, 2017, 08:11:58 AM by Nate123 »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
System restore is the best option for now

System Restore did not complete successfully. Your computer's system files and settings were not changed.

Details:

System Restore failed while restoring the directory from the restore point.
 Source: AppxStaging
 Destination: %ProgramFiles%\WindowsApps
An unspecified error occured during System Restore. (0x80070091)

This same error has occured with my system restore as well.  Let me know if you end up figuring it out...

No luck yet  :-\

I tried to change the ownership of the windowsapps folder, finally got that all worked out. Then tried to do system restore point, and now all my restore points are gone  >:( >:( >:(
So at this point I'm just screwed. Going to see if i can somehow fresh install windows 10 w/o losing all my files...

At this point strongly considering following this guide http://www.intowindows.com/how-to-reinstall-windows-10-without-losing-data/
but i don't have a windows 10 ISO, and I'm nervous to do it. I'm a nuclear engineering grad student and I desperately need this PC for my thesis work. It has all of my  research programs and research data on it. I have backups for the data, but not the programs.
Using the Media Creation tool ( https://www.microsoft.com/en-in/software-download/windows ) allows you to keep your Data. It does not re-install your programs. It will create a list of the programs that
need to be re-installed. If you don't have the source files to re-install the programs, this will not help you.
It also can't restore any data that may have been deleted from the system due to this VPS update problem.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

REDACTED

  • Guest
System restore is the best option for now

System Restore did not complete successfully. Your computer's system files and settings were not changed.

Details:

System Restore failed while restoring the directory from the restore point.
 Source: AppxStaging
 Destination: %ProgramFiles%\WindowsApps
An unspecified error occured during System Restore. (0x80070091)

This same error has occured with my system restore as well.  Let me know if you end up figuring it out...

No luck yet  :-\

I tried to change the ownership of the windowsapps folder, finally got that all worked out. Then tried to do system restore point, and now all my restore points are gone  >:( >:( >:(
So at this point I'm just screwed. Going to see if i can somehow fresh install windows 10 w/o losing all my files...

At this point strongly considering following this guide http://www.intowindows.com/how-to-reinstall-windows-10-without-losing-data/
but i don't have a windows 10 ISO, and I'm nervous to do it. I'm a nuclear engineering grad student and I desperately need this PC for my thesis work. It has all of my  research programs and research data on it. I have backups for the data, but not the programs.
Using the Media Creation tool ( https://www.microsoft.com/en-in/software-download/windows ) allows you to keep your Data. It does not re-install your programs. It will create a list of the programs that
need to be re-installed. If you don't have the source files to re-install the programs, this will not help you.
It also can't restore any data that may have been deleted from the system due to this VPS update problem.

What if those programs are on a separate hard drive than my OS? They should be left alone right? I have a 120GB SSD and a 1TB HDD. The SSD is my OS and a few odds and ends, the majority of my programs are on my HDD.

Offline allenergy11

  • Jr. Member
  • **
  • Posts: 35
I've seen others ask this but I've seen NO valid official response.  HOW do I restore files from the virus chest?  They are sitting in there and when I right click on the file and choose restore - I get one of the following results:

1) I am asked if I want to grant permission to allow Avast to make changes to this computer (choice Yes)  - result nothing changes, the file still is in the chest
2) I get a window that tells me the file exists and do I want overwrite.  I choose no, nothing happens. File is still in the chest
3) No permission is requested, no indication duplicate exists, just a sound indicating something occurred.  File is still showing in chest

These appear to be necessary system files, event logs, .etl files, system32/config files, profiles/localservice, NetworkService/AppData/Microsoft and other important appearing system files and a couple of personal files.  Nothing is moving out of the chest.

Does this mean that the files ARE DUPLICATES of files in the system and Avast did not put the original files in the chest?

Why can't I restore these files.  I need a way to RESTORE MY FILES to their original location.

Avast (team) needs to research this and provide a valid solution that works.  They created this mess and they need to provide the information to their users (who trust them with the protection of their computers) to repair the damage their failure to vet their virus definitions caused.

Why aren't the files restoring from the Virus Chest. 
This needs to be looked into and a valid, working solution provided by the Avast team. 


REDACTED

  • Guest
Has this been fixed yet ?

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
There is a reason why the subject has [FIXED] in it. ;)

REDACTED

  • Guest
I've seen others ask this but I've seen NO valid official response.  HOW do I restore files from the virus chest?  They are sitting in there and when I right click on the file and choose restore - I get one of the following results:

1) I am asked if I want to grant permission to allow Avast to make changes to this computer (choice Yes)  - result nothing changes, the file still is in the chest
2) I get a window that tells me the file exists and do I want overwrite.  I choose no, nothing happens. File is still in the chest
3) No permission is requested, no indication duplicate exists, just a sound indicating something occurred.  File is still showing in chest

These appear to be necessary system files, event logs, .etl files, system32/config files, profiles/localservice, NetworkService/AppData/Microsoft and other important appearing system files and a couple of personal files.  Nothing is moving out of the chest.

Does this mean that the files ARE DUPLICATES of files in the system and Avast did not put the original files in the chest?

Why can't I restore these files.  I need a way to RESTORE MY FILES to their original location.

Avast (team) needs to research this and provide a valid solution that works.  They created this mess and they need to provide the information to their users (who trust them with the protection of their computers) to repair the damage their failure to vet their virus definitions caused.

Why aren't the files restoring from the Virus Chest. 
This needs to be looked into and a valid, working solution provided by the Avast team.

When you restore them Avast creates a duplicate of them and puts 1 version back where it came from and keeps another version in the chest because... disk space is free?

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
@ allenergy11
The files are restored from the virus chest if they were a false positive. They are not moved out of the chest.


@Nate123
If there are any parts of these programs in the Windows Folder that are needed to run the program, they would not be restored.
Hence, you would need to re-install them. If, there's nothing of these programs in the Windows folder, then the programs should work after
you've restored Windows 10 using the Media Creation Tool.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

REDACTED

  • Guest
Thank you!

Offline Caso

  • Newbie
  • *
  • Posts: 9
Since this whole debacle hasn't affected me as much as it did others (it was only a matter of false positives while browsing, no deleted files or anything like that because i'm an old dog who has been computing since the 80s) i'm just keeping an eye on this to see how it unfolds. But i'm just saying, some fanboys on this thread seem to be completely out of touch with the real world.

Most people are not tech gurus. And even experienced users will trust their AV software not to completely f.... up their OS installation. Telling people that they made "the wrong choice" is not reasonable. The reason why they had to make that "choice" was because someone who is a professional in the business f...ed up far more than the amateurs did.

Sure... everyone should have backups of important stuff, or even a disk image to restore from. But that still means that they will have to spend hours doing all that work. And most people's lives don't revolve around sitting in their mom's basement (or attic as it is trendy these days) babysitting their computers.

My advice would be for these fanboys (you know who you are) to either stop replying or, when doing so, just reply technically to questions without recriminating the average user for "choices" he really had no business making. Because, quite frankly, instead of helping and defending AVAST, i'm pretty sure you are just creating bad blood and will have plenty of people just dropping the software. It's not like there is a shortage of AV software out there that DOESN'T induce the average user to corrupt his/her OS installation.

 

Offline Shaun985

  • Full Member
  • ***
  • Posts: 101
There is a reason why the subject has [FIXED] in it. ;)

Strange this user says he still has the issue with the latest update:
https://forum.avast.com/index.php?topic=197694.0