[FIXED] [VBS: Malware Gen] False positives Vir. def: 170221-1 22.2.2017 0:08:41

[REDACTED]

I would to like to reverberate what Caso has said and provide my experiences and viewpoint on this matter.

The initial issue was because of a fault in the Avast software's virus definitions which bypassed some quality checks. It caused false positives and prompted users to execute a boot scan. And as an average user I would logically I follow Avast's recommendation. Unfortunately, during the boot time scan many of the operating system files / personal files were flagged as VBS: Malware Gen and consequently deleted from the hard drive.

I am not here to put blame on Avast or the end user. Avast were the ones who unknowingly placed the VBS: Malware Gen false positive bug into their software. We are all human and make mistakes. However, it was the users who opted for a boot time scan under the recommendation of Avast. Unfortunately what is deleted is now forever lost. Now, what Avast needs to do is to ensure this does not ever happen again. For instance, boot time scanning should not permanently delete system files / personal files. The deletion of the files without my permission has resulted in a completely corrupted operating system for me and have spent the past day and a half reinstalling a full fresh installation across all my personal and work machines.

In addition, I also agree that there are some avid fans of Avast who contribute nothing to this discussion. Yes I mean you. Please refrain from posting if you cannot provide useful insight into the discussion. Just because this problem has not personally affected you does not give you the right to treat others the way that you have been treating them.

[allenergy11]

Yes, there is plenty of free disk space.  I didn't know about the duplicates created when you restore.  Why would Avast do that?  if you're restoring them, they obviously are not malware and don't belong in the virus chest.   You're sure about the creation of the duplicates?

I've seen others ask this but I've seen NO valid official response.  HOW do I restore files from the virus chest?  They are sitting in there and when I right click on the file and choose restore - I get one of the following results:

1) I am asked if I want to grant permission to allow Avast to make changes to this computer (choice Yes)  - result nothing changes, the file still is in the chest
2) I get a window that tells me the file exists and do I want overwrite.  I choose no, nothing happens. File is still in the chest
3) No permission is requested, no indication duplicate exists, just a sound indicating something occurred.  File is still showing in chest

These appear to be necessary system files, event logs, .etl files, system32/config files, profiles/localservice, NetworkService/AppData/Microsoft and other important appearing system files and a couple of personal files.  Nothing is moving out of the chest.

Does this mean that the files ARE DUPLICATES of files in the system and Avast did not put the original files in the chest?

Why can't I restore these files.  I need a way to RESTORE MY FILES to their original location.

Avast (team) needs to research this and provide a valid solution that works.  They created this mess and they need to provide the information to their users (who trust them with the protection of their computers) to repair the damage their failure to vet their virus definitions caused.

Why aren't the files restoring from the Virus Chest. 
This needs to be looked into and a valid, working solution provided by the Avast team.

When you restore them Avast creates a duplicate of them and puts 1 version back where it came from and keeps another version in the chest because... disk space is free?

[bob3160]

@allenergy11,
See my reply to you. Not a duplicate it just doesn't remove it from the virus chest.

[DavidR]

Yes, there is plenty of free disk space.  I didn't know about the duplicates created when you restore.  Why would Avast do that?  if you're restoring them, they obviously are not malware and don't belong in the virus chest.   You're sure about the creation of the duplicates?
<snip quotes>

As said they aren't duplicates as such, more of a safety measure, what if something happened during the restoration of that file. If it was gone you would have no backup copy. When you are sure it is back in the original place (and the file properties in the chest tells you that) you can manually delete it from the virus chest.

[REDACTED]

 For starters, I see that the New Avast (I am using 17.1.2286 build 17.1.3394.46) automatically updates the virus definitions.  It occurs to me that I wouldn't have had this happen to me if my computer had not downloaded the new corrupt virus definition database, so I would like to know how to disable it so that I can wait 2 weeks before downloading any new definitions so that Avast has time to work out the kinks :/

Additionally, I am trying to figure out how to restore all these files without going 1 at a time.  Among the several choices when I right click on a line in the chest, I get "delete" "restore" "extract" "refresh all files"... now going 1 at a time, I figured out that "restore" puts the file back, but is "refresh all files" the same as "restore"?  Or does that refresh the list?  I wish that Avast would post more help on how to fix this problem that THEY created, since SOOOOOO many people were instantly affected due to their auto-update of corrupt virus definitions.

[REDACTED]

There is a reason why the subject has [FIXED] in it.

hello - how about the system files that were automatically deleted during the bootscan we did before it was fixed how on earth we are going  to get them back in place? any suggestions? and tried to restore files from the vault but still some of them are marked with the VBS malware gen virus which is probably false report again - please advice it was really scary

Thanks in advance

ps. vault files cannot be re-scanned so to restore them safely

[bob3160]

There is a reason why the subject has [FIXED] in it.

hello - how about the system files that were automatically deleted during the bootscan we did before it was fixed how on earth we are going  to get them back in place? any suggestions? and tried to restore files from the vault but still some of them are marked with the VBS malware gen virus which is probably false report again - please advice it was really scary

Thanks in advance

You could try running sfc /scannow  More information here:
https://support.microsoft.com/en-us/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system-files

[REDACTED]

There is a reason why the subject has [FIXED] in it.

hello - how about the system files that were automatically deleted during the bootscan we did before it was fixed how on earth we are going  to get them back in place? any suggestions? and tried to restore files from the vault but still some of them are marked with the VBS malware gen virus which is probably false report again - please advice it was really scary

Thanks in advance

You could try running sfc /scannow  More information here:
https://support.microsoft.com/en-us/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system-files

thank you I will try that, and I found another problem with system restore, the corrupt update erased all my previous restoration points and only have a post problem restore point now 

really appreciate all help

[bob3160]

There is a reason why the subject has [FIXED] in it.

hello - how about the system files that were automatically deleted during the bootscan we did before it was fixed how on earth we are going  to get them back in place? any suggestions? and tried to restore files from the vault but still some of them are marked with the VBS malware gen virus which is probably false report again - please advice it was really scary

Thanks in advance

You could try running sfc /scannow  More information here:
https://support.microsoft.com/en-us/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system-files

thank you I will try that, and I found another problem with system restore, the corrupt update erased all my previous restoration points and only have a post problem restore point now 

really appreciate all help

To do a better job of managing your System Restore points,
give the following a try:
https://www.toms-world.org/blog/restore_point_creator
I liked it so much I even created a video for it. scroll down on the website to find it.

[REDACTED]

Is there a log that lists all files deleted during boot scan?

[REDACTED]

I'm an amateur with zero tech ability.  I have Avast Premium on a PC with Win7.  When I first saw the malware threat alert I panicked and ran a boot scan which found 219 files.  I monkeyed around pressing the fix or repair buttons in the virus chest but nothing seemed to happen.  I didn't delete anything that I know of.

After the problem was declared fixed and I noticed the alerts were no longer appearing, I right clicked on all the files in the virus chest and clicked restore. There was no indication anything happened and the files were still there.  The computer seemed to work fine.

My next move, which was probably totally backwards and counter-intuitive, was to do a system restore.  After following this thread I wasn't convinced the problem was fixed in spite of how well my computer seemed to be running.  Somehow the system restore to 2/17 went smoothly.

After the system restore I discovered the malware-gen files still in the virus chest but will take the experts word for it that they are duplicates.  It's been over 12 hours and there's no sign of trouble.  I won't go near the boot scan again.  The Avast smart scan revealed nothing wrong, as well as scans by Malabytes, Adware Cleaner, and Spyware Blaster which before and after the false positive event, showed nothing wrong.

I'm not sure I'm really in the clear but wanted to let people know that system restore somehow worked for me.  What happens when I uninstall Avast?  I'm looking for another AV/Firewall that doesn't require a lot of user tech ability and is more responsive to customers.  I've seen way too many uppity, snarky, captain-obvious, holier-than-thou, responses on this thread - geez, you aren't helping anyone and only hurting the Avast brand.

I can't fix a car either.

[REDACTED]

What happens when I uninstall Avast?  I'm looking for another AV/Firewall that doesn't require a lot of user tech ability and is more responsive to customers.

I'd suggest trying Bullguard. It's pricey (about twice what Avast charges) but the protection is at least as good, and the tech support and customer service are far better. At least they were when I had them before switching to Avast. They also have a 60 day free trial, so you can try them out and if you like them. It's what I'm going to do. It's also what the people who I do tech support for are going to do.

[REDACTED]

[/quote]

I'd suggest trying Bullguard. It's pricey (about twice what Avast charges) but the protection is at least as good, and the tech support and customer service are far better. At least they were when I had them before switching to Avast. They also have a 60 day free trial, so you can try them out and if you like them. It's what I'm going to do. It's also what the people who I do tech support for are going to do.
[/quote]

Thanks for the suggestion, I'll check it out.

[bob3160]

What happens when I uninstall Avast?  I'm looking for another AV/Firewall that doesn't require a lot of user tech ability and is more responsive to customers.

I'd suggest trying Bullguard. It's pricey (about twice what Avast charges) but the protection is at least as good, and the tech support and customer service are far better. At least they were when I had them before switching to Avast. They also have a 60 day free trial, so you can try them out and if you like them. It's what I'm going to do. It's also what the people who I do tech support for are going to do.

So I guess you're here to advertise for another AV

[DavidR]

Is there a log that lists all files deleted during boot scan?

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt
Depending on your OS this may be in a windows hidden folder so you may need to change the windows explorer view options to view hidden files/folders.