Author Topic: unable to restore some files that were false positives (Read 4721 times)

AllanM · « **on:** December 05, 2009, 01:31:21 AM »

I have been able to restore all but two files that the chest says was located in c:\system volume information. They are A0013973.exe and A0013975.exe. I cannot find this folder on my computer. I am unable to restore my computer to an earlier time. I think these two files have something to do with that.
How can I display the contents of this folder so I can extract the files from the chest?

DavidR · « **Reply #1 on:** December 05, 2009, 01:48:14 AM »

The c:\system volume information folder is normally a hidden, protected, folder (unless you changed that), only used by system restore.

Even though there may have proven to be false positives, the c:\system volume information folder is also protected by system restore and I would imagine this is why avast can't put them back in there.

Even if you were able to un-hide the folder you couldn't just dump them back in there if system restore didn't block you, as the restore point has to be integrated into the system restore function or it wouldn't be visible/usable to system restore. So personally I believe there would be little purpose in trying to do this.

####
- Infected/Suspect Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.

- Worst case scenario it isn't infected and you delete it, you can't use that restore point in the future (much the same if you actually were able to extract the file there), not much of a loss and the older the restore point is the less of an issue it is.

- So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

Philo · « **Reply #2 on:** December 05, 2009, 04:22:46 AM »

I had the same problem after the false-positive debacle.
What I did to fix it was move the system back to the restore point generated a day or two before this all went down.
After that, I ran a check for updates for Windows, Avast! and anything else that had updated since the restore point date.
This fixed everything for me and was relatively fast and easy.
Good luck

DavidR · « **Reply #3 on:** December 05, 2009, 03:24:34 PM »

Whilst that has worked for you, system restore doesn't cover everything (as it isn't a general back-up) and it isn't without its failings, on occasion I have seen it have unexpected consequences. So much so that I gave up on it many years ago and take care of this area myself.

I use drive imaging software and run it once a week and that makes an exact copy of your disk/partition, so it can restore an exact copy of the disk/partition at that time. Add to that regular daily data back-up of stuff you don't want to lose.

This has hauled my rear out of the fire on a number of occasions, none of which have been virus related.

AllanM · « **Reply #4 on:** December 05, 2009, 06:22:07 PM »

Well, I'm still unable to restore my two files from the chest. I cannot restore to an earlier time before the false positives problem occurred. I was able to set a restore point and also restore my computer to December 5th - so that's good, but I really would like to have my computer back the way it was.

My computer seems to otherwise work fine. The realtek files that were in the chest were restored snd that works fine too.

Interesting observations after working on this problem:

When I found out avast identified viruses all over the place and I read the solution that was posted, I proceeded to restore items from the chest. I saw the files still in the chest. I thought they were not restored, so I clicked on "RESTORE" again. I checked the folders they were restored to and I had multiple copies. It would be nice if avast showed a little dialog box that told me the file was already there. It does for "EXTRACT".

The other observation has to do with that saying, "You can fool me once..." I don't want to go through this again, especially if it's not my fault. I am very careful about not exposing my computer to viruses, so it's VERY upsetting to me for my anti-virus software to falsely identify viruses.

Lisandro · « **Reply #5 on:** December 05, 2009, 06:47:16 PM »

Quote from: AllanM on December 05, 2009, 06:22:07 PM

so it's VERY upsetting to me for my anti-virus software to falsely identify viruses.

For anybody...
They've learned the lesson. But it is impossible to not expect *any* false positive for *any* software all the times. Nothing is perfect on life.

DavidR · « **Reply #6 on:** December 05, 2009, 07:16:51 PM »

Quote from: AllanM on December 05, 2009, 06:22:07 PM

Well, I'm still unable to restore my two files from the chest.
<snip>

Did you not read my first reply as to why you can't restore those two files, windows is blocking it and why you can't simply extract them and manually add then to the folder. Unfortunately they are a lost cause.

Also reread what I said about infected/suspect restore points.

AllanM · « **Reply #7 on:** December 05, 2009, 07:32:09 PM »

Yes, DavidR. I read your reply. Thanks for your input.

Author Topic: unable to restore some files that were false positives (Read 4721 times)

AllanM

unable to restore some files that were false positives

DavidR

Re: unable to restore some files that were false positives

Philo

Re: unable to restore some files that were false positives

DavidR

Re: unable to restore some files that were false positives

AllanM

Re: unable to restore some files that were false positives

Lisandro

Re: unable to restore some files that were false positives

DavidR

Re: unable to restore some files that were false positives

AllanM

Re: unable to restore some files that were false positives