Author Topic: What to do with file in Chest?  (Read 2838 times)

0 Members and 1 Guest are viewing this topic.

Offline lakrsrool

  • Advanced Poster
  • **
  • Posts: 712
  • Get the Picture !
What to do with file in Chest?
« on: September 02, 2008, 03:11:02 AM »
I have just recently sent in a file (DISreboot.exe) to check if it is a false positive.

My Recycle file (trash can) was empty at the time.

I forgot to zip the file with a password so I deleted the first zip file that I wanted to email to Alwil.

I would have presumed that this zipped file would be all that was in the recycled file.

After sending in the zipped file with a password I then ran another scan on my computer for viruses and Avast found a file named: DC824.exe.

The Avast program told me that the original location of this file was C:\recycled , which is also what the Avast Virus Chest now also states is where the files "original location" was....

I have no idea how this file got into the recycled file (bin) in the first place but I decided to restore the file and MOVE the file to off-line storage just in case I might need it and by doing so it would not be on my computer.

For some reason when I "RESTORE" the file from the chest the file does not appear in the C:\RECYCLED file (which is the recycle bin).

Does anyone know how this file got there since my recycle bin was empty and the only file there was the zipped file I had created but deleted because it did not have a password on the file that I wanted to send to Alwil.

It seems like this file was somehow created when I delete the zipped file somehow.

Since I cannot restore the file to move it off of my computer and save as a precaution and the restore does not put the file back on my computer where Avast states it came from and a Windows search of my C drive does not show the file to be anywhere at all even though I have restored the file (twice).

CAN I DELETE THE FILE FROM THE CHEST without any concern that I might need the executable file later?
Processor: i3 2.53 GHz 4 GIG RAM, OS: WIN 7, Connection: High Speed, Virus/Malware Protection: Avast-2015, SpywareBlaster, Windows Firewall & Defender. Email: Outlook 2010 w/ POP Peeper Email Notifiers.

PapaSmurf

  • Guest
Re: What to do with file in Chest?
« Reply #1 on: September 02, 2008, 05:01:30 AM »
To answer your question in bolded print, I would NOT delete any file you are unsure of.
If the file is in the virus chest, then it should be safe enuf for now. Please wait till the forum guru's can look into this. They may ask you for some more info such as your operating system, and possibly logs that may have been created. For now, leave the file in the virus chest.

Also the following thread seems to be on your very topic: http://forum.avast.com/index.php?topic=38324.0


From that topic I am going to suggest you get MalwareBytes' Anti-Malware. It is free and can be found here:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Also, from DavidR in that thread:

"You could also check the offending/suspect file at: http://www.virustotal.com and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected."


Unfortunately, I am not a guru, but the basic rule of thumb is when in doubt, do no harm.
So, lets' not delete anything till one of the real guru's such as Tech or DavidR chime in with some advice.

Offline lakrsrool

  • Advanced Poster
  • **
  • Posts: 712
  • Get the Picture !
Re: What to do with file in Chest?
« Reply #2 on: September 02, 2008, 07:07:44 AM »
Let me be clear that this file named: DC824.exe - that I speak of was in by Recycle bin which was previously empty before I deleted the zipped file of DISreboot.exe.

Also I can say this because when I ran the Avast scan of my computer the first time it was not found by Avast that time (only the DISreboot.exe file showed up as malware).

But when I ran the scan a second time after emailing the zipped file and having delete the zipped file w/out the password then the next time I ran the scan this file DC824.exe was found by Avast in the recycle bin (C:\RECYCLED).  And since I had done nothing else except email that zipped file and delete the zip file w/out the password I can't see how else that file could have gotten in my recycle bin.  The only two things in the recycle bin were the deleted zip file of DISreboot.exe and the DC823.exe file that was found by Avast on the 2nd scan.

Also I thank you PapaSmurf for the help but I had already done what you have suggested. 

I might add that the Malwarebytes program is not really "free" as it is "shareware" and can be only used as a "trail" and later must be purchased for $24.95.  However the other three on the list on that same web page are free: ad-aware, Spybot, Spywareblaster, two of which I already have (ad-aware is not compatible with WIN98SE anymore).

What I eventually did was to restore the file from the chest to another folder and then moved the file (which did show up in that folder) to off-line storage as a precaution (incase I need it later).

With that said as I was in by recycle bin from the start I'm not sure it is that important really... but...

I'll go ahead and leave it in the chest for now however... as you say can't hurt...  :)
Processor: i3 2.53 GHz 4 GIG RAM, OS: WIN 7, Connection: High Speed, Virus/Malware Protection: Avast-2015, SpywareBlaster, Windows Firewall & Defender. Email: Outlook 2010 w/ POP Peeper Email Notifiers.