Win32:Small-JUB [Trj] (in System Volume Information/ Restore

[DADSGETNDOWN]

avast won't allow files in the chest to be executed or accessed by outside influence, like some one trying to upload it and that is why all you will have at the other end will have is the file name you told it to upload but nothing n the way of content, 0 byte file size. That is the whole purpose of the chest to isolate infected files protecting your system.

Oh I guess the chest does not work if that is the case.
because right from the chest folder I uploaded that 00000005, is 5.15 MB file, and as the report from  VirusTotal in my post, (can't find the post now), but I have it saved to my computer, it said,
00000005 Additional information
File size: 5405008 bytes.
Which is "almost" same size as the original file, A0012737.exe Additional information
File size: 5405000 bytes
both of those are according to VirusTotal.
But ofcourse the 00000005 must be encrypted because even though it says it scanned it didn't come up with any results, it did come up with a report I can paste here Looks alot like the one for A0012737.exe but with no real results.

BUT, I did extract the original file A0012737.exe to the chest,
C:\Program Files\Alwil Software\Avast4\DATA\chest, and uploaded it and got results, so it must be the file that Avast moves there, renames and encrypts and not just what it is in the folder itself yes ?

Yes sir I still need to restart my computer so Avast can do its thing it wants to do

[DavidR]

Well it looks like it will allow a copy from the explorer interface to the renamed and encrypted files in the chest folder, but if you try to move(remove) it out of the chest you will get an error.

The renaming and encrypting of the files in the chest make them useless outside the chest as they can't be executed and the program/registry entry, which preciously called them couldn't do so as the name would be different.

I don't know if there have been any changes associated with the 4.8 version, but previously people reported just getting  a 0 byte file size when trying to upload to VT. The VT scan will I guess be of the raw data in the File, which would be unlikely to have the same signature associated with the unencrypted file.

[DADSGETNDOWN]

I would say that it is a false positive. You can submit the file to avast from the chest. Right click it, select email to alwil software. Clearly enter in the message field that you believe it to be a FP, include the avast vps version and a link to this thread.

If you want to restore it, right click, restore. It may get detected again, so you might not want to restore it yet. It's only in a system restore point, so it not a big concern.

majong2.exe is that a pogo game?

Can't send it it says,

Emailing selected files

Action was completed with errors!

The following file cannot be sent by email:
A0027830.exe (FileID:
The file is bigger than the limit: 1024 kB

Emailing selected files
------------------------------------------------------------------------------------------
The program will try to email 1 selected file(s) from the Chest to ALWIL Software
------------------------------------------------------------------------------------------
Action was completed with errors!

[Lisandro]

Seems that you can't send the file both by email and from Chest. Am I right?

[DavidR]

Can't send it it says,

Emailing selected files

Action was completed with errors!

The following file cannot be sent by email:
A0027830.exe (FileID:
The file is bigger than the limit: 1024 kB

Program Settings, Chest, increase the Maximum size of file to be sent, to cater for the size of the file you want to email.

[DADSGETNDOWN]

Thanks DavidR.
I sent the file but got this minor error.
It did say it was sent.
I tried to let CClneaner delete it, even added it to the include folder but didn't
work, And neityer did internet options and deleteing temp files.
it says Can't find the file, but I did manually.

Program cannot delete the following file: C:\DOCUME~1\DADSGE~1\LOCALS~1\Temp\_avast4_\unp263461217.tmp
--->Description: The system cannot find the file specified

[DavidR]

The files unpxxxxxxx.tmp in the _avast4_ folder is where avast unpacks archive files to be scanned and they are usually cleared when the scan is complete. So yes there is a strong likelihood that it won't be there.

[DADSGETNDOWN]

Yea it was left behind, I had to delete manually.

[DADSGETNDOWN]

Hi there David, I do not have that choice when I right click the "A" Icon.
Also I did upload that File 00000005 from the chest to VirusTotal, but didn't come up with anything I do have the results if you want to see them.
But ofcourse IF it's encrypted then that might explain the nothing results ?

It is there (see image) if you are using avast 4.8.1169, what version are you using ?

I can assure you that the avast chest being a protected area, nothing will go up there, all you will see is a 0 byte size file, no update.

Hey DavidR.
It must not be there when you have it updated from an ealier version,
OR maybe it's just because of the free version, OR maybe it's an error.
Mine looks like the 2 pics here.

[DavidR]

I have found that to see that it as an option to edit the avast4.ini file is the reason it shows in my menu.

You need to put this line in the [AAVM] section of the avast4.ini file, ShowChestInMenu=1 and before the next section [MailScanner]. It doesn't have to be at the start directly after the [AAVM] tag just between the [AAVM] and the next section tag, see example below.

[AAVM]
ShowChestInMenu=1
: other entries in section
: other entries in section
: other entries in section
[MailScanner]

If you don't want to do that you can create a desktop shortcut to ashChest.exe, which is what I did before this option to add the entry to the avast4.ini was allowed. Note: with the self-defence you will be prompted when you try to save any changes you have made.

[DADSGETNDOWN]

I have found that to see that it as an option to edit the avast4.ini file is the reason it shows in my menu.

You need to put this line in the [AAVM] section of the avast4.ini file, ShowChestInMenu=1 and before the next section [MailScanner]. It doesn't have to be at the start directly after the [AAVM] tag just between the [AAVM] and the next section tag, see example below.

[AAVM]
ShowChestInMenu=1
: other entries in section
: other entries in section
: other entries in section
[MailScanner]

If you don't want to do that you can create a desktop shortcut to ashChest.exe, which is what I did before this option to add the entry to the avast4.ini was allowed. Note: with the self-defence you will be prompted when you try to save any changes you have made.

Yes sir, worked perfect thank you.

[DADSGETNDOWN]

So IF I delete from with in the chect or quarantine of Avast!, will it delete it for sure ?
and if I do it that way I will still have my Restores ? it will not delete them
all I hope ?
and I won't have to create new ones.
Or maybe it's better if I delete ALL my restores without using AVAST, and create a new one afterwards....

[DavidR]

<snip>
Yes sir, worked perfect thank you.

You're welcome.

So IF I delete from with in the chect or quarantine of Avast!, will it delete it for sure ?
and if I do it that way I will still have my Restores ? it will not delete them
all I hope ?
and I won't have to create new ones.
Or maybe it's better if I delete ALL my restores without using AVAST, and create a new one afterwards....

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Once deleted from the chest it is history, gone, which is why there is no rush.

If a restore point has been moved to the chest it no longer exists in the systeme volume information folder, so that particular restore point is gone but avast only takes the infected restore point no others.

Personally I don't have a great deal of confidence in system restore as it isn't infallible and results archived may not be as you expect as it isn't a backup function as it doesn't cover everything. It can also take up vary amounts of disk space (check it for yourself) so it wouldn't hurt to periodically clear it out by creating a new restore point and removing old ones. Obviously before you do this you have to ensure that your system is functioning correctly and is clean.

Create Clean Restore Point - Clear old Restore Points.

Now you are clear of infection create a clean System Restore point:
1. Click Start, All Programs, Accessories, System tools, System Restore.
2. In the pop-up that appears fill in the radio button to Create a Restore Point
3. Click NEXT
4. Enter a useful name that you will remember if you need to find this again (Clean Restore Point)
5. Click CREATE

You now have a clean restore point, you should clear the old ones:
1. Click Start, All Programs, Accessories, System tools, Disk Clean Up
2. Click OK on the C: drive
3. Click the More Options tab
4. In the System Restore section click the Clean Up button