Author Topic: Non-empty virus chest displayed as being empty - need to restore  (Read 5772 times)

0 Members and 1 Guest are viewing this topic.

ubuntuavast

  • Guest
Hi,
I am running Ubuntu 10.04 with a Windows 7 virtual machine (Virtualbox). I also just installed Avast 1.3.0 Linux home edition. Did a first virus scan and Avast detected a virus it said. The log says:

2010-10-01 08:09:30   Found virus 'Win32:Zhelatin-gen2 [Wrm]' in file '/home/michael/.VirtualBox/HardDisks/Windows 7.vdi'.

As there is no option to ignore the "virus" I thought I just let Avast put it in the virus chest and then I simply restore it. However, after selecting the "place-in-virus-chest" option, it stalled for a little while (large file, 11GB), then it seems to have shut down/crashed. I opened up Avast again, and had a look at the virus chest. It was empty! However, going to the virus chest directory will show me that there is in fact an 11GB file in there named "000000". How can I restore the file? Will it work if I just copy and paste it into its original location? Why does it not show up in the virus chest?

If there is a virus in there, which I doubt as I just have installed Windows and a few more programs, I of course rather run a virus check from within Windows than deleting the entire OS...
« Last Edit: October 01, 2010, 10:26:13 AM by ubuntuavast »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Non-empty virus chest displayed as being empty - need to restore
« Reply #1 on: October 01, 2010, 01:28:26 PM »
It will not work coping and pasting on the original place as the file should have been encrypted (made safe by Chest).
It could be a false positive (or not), anyway, the better will be excluding .vdi files from scanning, install avast into your virtual Windows 7 and run it there.
Ok... I'm not solving your problem as I don't know how to restore the .vdi file...
The best things in life are free.

ubuntuavast

  • Guest
Re: Non-empty virus chest displayed as being empty - need to restore
« Reply #2 on: October 01, 2010, 01:37:58 PM »
OK, so I can't just copy the file... Only one solution then, to restore the file (unless I reinstall the whole shebang). But how can I restore it if it doesn't show up in the virus chest?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Non-empty virus chest displayed as being empty - need to restore
« Reply #3 on: October 01, 2010, 01:44:21 PM »
In Windows we have a .xml file that lists the contents of the Chest.
I'm not sure how it is on Linux and how to manipulate that file.
The best things in life are free.

ubuntuavast

  • Guest
Re: Non-empty virus chest displayed as being empty - need to restore
« Reply #4 on: October 01, 2010, 03:01:45 PM »
I can't find an xml file anywhere. Tried to google it regardning location on ubuntu, but no luck.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Non-empty virus chest displayed as being empty - need to restore
« Reply #5 on: October 01, 2010, 03:16:18 PM »
In Windows it's on C:\ProgramData\Alwil Software\Avast5\chest\index.xml

Code: [Select]
  <?xml version="1.0" encoding="UTF-8" ?>
- <aswObject>
  <NewId>0000000C</NewId>
  <Size>744032</Size>
- <ChestEntry>
  <ChestId>0000000B</ChestId>
  <FileTime>1285910364</FileTime>
  <OrigFileName>Install.exe</OrigFileName>
  <OrigFolder>D:\Install\<...>.zip</OrigFolder>
  <Comment />
  <Virus>Win32:Malware-gen</Virus>
  <Category>Vir</Category>
  <Restore>no</Restore>
  <TransferTime>1285903164</TransferTime>
  <FileSize>744080</FileSize>
  </ChestEntry>
  </aswObject>
The best things in life are free.

ubuntuavast

  • Guest
Re: Non-empty virus chest displayed as being empty - need to restore
« Reply #6 on: October 01, 2010, 03:21:54 PM »
Maybe my xml file was never created due to the problems (crash). Do you think there is a way to generate an xml file afterwards?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Non-empty virus chest displayed as being empty - need to restore
« Reply #7 on: October 01, 2010, 03:23:33 PM »
Look, I'm an user like you and worse, mainly Windows one...
Need help from the programmers.
But you could try to create the .xml version with that structure to see if it works.
The best things in life are free.