Virus Chest Full

[uperkurk]

Hello, I have done a virus scan because I havent done one for ages and avast picked up so many viruses that my chest is full. How do I permently delete the files from my chest without doing a system restore?

Thanks.

[DavidR]

I doubt that the chest is full you are more likely to have a file that exceeds the Program Settings (right click the avast 'a' icon) Chest, Maximum file size to send and adjust your settings.

This is preferable to deleting to make room as a quick fix.

Doing a system restore won't touch the files in the chest, they are infected files in a protected area.

To delete files in the chest you must first open the chest, right click the avast 'a' icon, select avast! virus chest, Infected Files section, now see below.

####
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

[uperkurk]

Yhanks for your help, I have about 40 viruses in their but they are all from the same location - C:\Windows\WOW64

I am using windows vista 64. So I will leave the viruses in their for a few weeks then just right click the virus I want to delete and press delete?

It will not come back?

[DavidR]

You're welcome.

The chest is a protected area so they can do no harm there and when deleted from it, they are history, gone to meet their digital maker.

As for will it come back, not from the chest having been deleted, no. Thought there is no guarantee that it couldn't come back via the same origin as it first arrived.

Can you give some examples of the file names and the malware name they were given ?

[uperkurk]

dipprw.exe
djpnbs.exe
dmrbkd.exe
eagcep.exe
ecbnal.exe
erbrzb.exe


There all like that, none of the words make sense.

And its says:

Win32:DCom-F [Expl]

And it says that for most of all of them.

[DavidR]

Fortunately they make sense to me they look like randomly generated file names (common with malware). A google search for this style of named file usually returns zero hits, which if it were a legit file (especially in somewhere like the wow64 folder) would be very suspicious. So it does look like avast was on the money with these detections.

Another means of verification on a detection is somewhere like virustotal, a multi-engine AV scan (currently 36 scanners).

You can check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.