Author Topic: File was successfully repaired... but it wasn't.  (Read 2235 times)

0 Members and 1 Guest are viewing this topic.

Abdul69

  • Guest
File was successfully repaired... but it wasn't.
« on: January 05, 2009, 12:38:38 AM »
Hi,

I've been using Avast Home for a number of years until upgrading to the Pro version about a year ago. Mostly the experience has been good, however, recently (say the last 6 months) I've been running into troubles.

One of the troubles is that when I inspect a session from a previous scan (because I received e-mails about viruses that were found) I see a list of files in the session report with "File was successfully repaired...", yet if I go to those files and re-scan them Avast says they still contain a virus.

So either my expectation of "file was successfully repaired" is incorrect (I expect the file to have no virus anymore; i.e., repaired), or the files were not repaired at all. Right now, had I not inspected the session report all that Avast has done is logged a virus existing, but done nothing about it at all (left those infected files out there)!

My second "issue" is what seems to be a bunch of false positive detections of late but I see other threads are active about that so I'll raise that issue in one of those threads if appropriate. The three latest false positives are all virtual machine hard drives (*.vhd) files so I cannot send these in (waaaay too big).

Regards,
Wayne.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86649
  • No support PMs thanks
Re: File was successfully repaired... but it wasn't.
« Reply #1 on: January 05, 2009, 01:52:28 AM »
I think that that really should be that the repair process completed successfully as there are a number of conditions that have to be met for a repair to even take place.

1. the file has to be one which is covered by the VRDB, commonly .exe files.
2. the file would have had to have been included in a VRDB generation before infection.
3. the type of malware may not actually be repairable, see trojans below.

Trojans generally can't be repaired (either by the VRDB or avast virus cleaner), because the entire content of the file is malware, so it is either move to chest or delete, move to the chest being the best option (first do no harm). When a file is in the chest it can't do any harm and you can investigate the infected warning.

The VRDB only protects certain files, mainly .exe files, it doesn't protect data files or all files, it is not a back-up program, so there are going to be many occasions where repair won't be an option.

Only true virus infection can be repaired, e.g. when a virus infects a file it adds a small part to it, provided that file is one that avast's VRDB would monitor and you have run the VRDB, then it may be possible to repair the file to its uninfected state.

However, for the most part so called viruses, trojans (adware/spyware/malware, etc.) can't be repaired because the complete content of the file is malicious.

Sorry I have zero knowledge of Virtual Machine HDDs, if it is possible to get infected ion a virtual drive, I guess it is possible for avast to detect it, though I have no idea how to go about resolving it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Abdul69

  • Guest
Re: File was successfully repaired... but it wasn't.
« Reply #2 on: January 05, 2009, 04:44:42 AM »
So it sounds like you're saying that probably these files did get "repaired" from VRDB (they are all *.exe files) and probably what is going on here is that the VRDB versions are also "infected" since my guess is that the infections are found by one of the recent virus definition updates. (i.e., the VRDB just replaced the same file).

If that's the case (i.e., an updated virus definition found a virus that was always there, or there for a long time) then I don't see any way of avoiding that, but it would appear to make sense for Avast to also re-scan the VRDB file that it replaces the "infected" file with, would it not? If that was what happened I wouldn't expect to find a "successfully repaired" file that is still infected, but instead a message saying the file was moved to chest (my default action).

Anyway, I tried scanning the infected files along with *.vhd guys with another vendor's AV trial version and those files come up clean. I wonder which software is correct?

Finally, in trying to work out what is what with these files I've noticed some clunky behavior in the Avast UI. If I select "scan for malware" from the right-click menu for a supposed infected file, it changes the result to "File is OK", but at the same time locks up with the "Processing results..." dialog so I have to end task the whole application. Furthermore, scanning that file with Avast outside the main UI still says it's infected. Oh boy. :-(

I think I might need to being looking at some other solutions.

Thanks for the reply.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86649
  • No support PMs thanks
Re: File was successfully repaired... but it wasn't.
« Reply #3 on: January 05, 2009, 03:00:25 PM »
No I'm not saying that at all just that the process completed successfully with no errors, but that doesn't necessarily mean a repair was possible.

The file type doesn't determine the type of malware if as I said the malware is a Trojan then the complete file is malicious, so there is no injected virus code to remove, so a repair really isn't possible.

Even assuming this were previously scanned (when it wasn't detected by avast) there would be no information in the VRDB to do anything other than return it to its last state as effectively nothing had changed.

The problem is there really is no way to say what the other vendor is actually scanning, if it was unable to scan the *.vhd in the same depth as avast (which has a very large archive compliment of unpackers) then there would be no detection.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security