Author Topic: Restore vault files outside of windows?  (Read 3577 times)

0 Members and 1 Guest are viewing this topic.

gideond

  • Guest
Restore vault files outside of windows?
« on: February 23, 2010, 12:47:39 AM »
I have a customer using Avast 4.8 Free. She's run into the problem back in December with the major bad definition update. Her computer ran though a lot of files and moved them to the chest. Evidently she's had many issues ever since then but has been able to use the PC regardless. She just now restarted the PC and I guess Avast moved the files that could not be moved while Windows was running. Now she is unable to get back into Windows normal or safe modes. I'm guessing major system files have been moved. She's getting BSOD every time. I wondering if there is a way to restore the vault files from quarantine without having access to Windows? Any help is appreciated.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89443
  • No support PMs thanks
Re: Restore vault files outside of windows?
« Reply #1 on: February 23, 2010, 02:14:29 AM »
The problem is that the chest stores files in an encrypted form and the file name is also changed, so it would be almost impossible to really identify what file name it was or where it would be located even if you were able to access the physical chest location on the hard disk. Even then the file is encrypted and I don't know if you would be able to encrypt it.

So the only real hope I would say it trying to find out what the BSOD is all about, e.g. full information on the stop error number and any other relevant info it lists, something is has like a title usually in capitals.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

gideond

  • Guest
Re: Restore vault files outside of windows?
« Reply #2 on: February 23, 2010, 03:46:27 AM »
Yeah that's what I was afraid of. I expected that bad definition to cause me issues with a few customers but I wasn't expecting it this far after the fact. I might just have to do a repair install of Windows. That'll probably be easier than trying to sort out all the files that are missing.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89443
  • No support PMs thanks
Re: Restore vault files outside of windows?
« Reply #3 on: February 23, 2010, 04:52:55 AM »
If it didn't happen at the time of the FPs on that particular incident, then I highly doubt it is related, especially if it would have caused a BSOD. That would be almost immediate if a file was moved was required on boot.

So the only thing is to post as much info on the BSOD screen as I mentioned, or do a google search on the stop error number and file name that happens to have been mentioned in the info and any title.

Whilst it might be quicker to try a repair install of Windows, you would have to visit windows update as some file used in the repair install may have been the subject of a security update.

On the matter of security updates, there has been on on the last patch Tuesday, replacing some kernel files that has resulted in BSODs, KB977165 http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx.

I believe this was stated to be caused if the users system had a rootkit infection that effected one of the files to be replaced and that resulted in a BSOD.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

gideond

  • Guest
Re: Restore vault files outside of windows?
« Reply #4 on: February 23, 2010, 01:03:11 PM »
Thanks for the info. These people are chronic when it comes to getting virus infections. One of the worse cases I've ever seen. It's quite possible that a rootkit could be the culprit. I'll be picking up the PC today and see what I can find out. I may recommend a complete reinstall to them. They've had 3 other techs before me unable to fix all the problems, so they say. I might be kicking a dead horse to try repairing it anyway.

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: Restore vault files outside of windows?
« Reply #5 on: February 23, 2010, 02:05:25 PM »
See http://isc.sans.org/diary.html?storyid=8266.

Quote
If you were infected with the TDL3/TDSS/tidserv AKA Alureon rootkit  and applied the patch, then you would get the BSOD as the patch changed some pointers and the malware now tried to execute an invalid instruction. 
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89443
  • No support PMs thanks
Re: Restore vault files outside of windows?
« Reply #6 on: February 23, 2010, 05:12:11 PM »
Thanks for the reference Gopher John, I couldn't find it in a hurry.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security