Restoring False Positives

[acousticdryad]

Hi all,

I did look in the archives for a similar topic, but the one I found was not really specific to my issue.

I have an .exe file that I've used for years that was recently marked as a false positive.  When I try to restore, it says it is restoring the file, a few attempts even asked if I wanted to overwrite the file, which I did.  But when I try to go to where the file was restored and click on it, it disappears and shows up in the virus chest again as another edition.  It also gives me a pop-up message saying that it cannot find the file before it disappears.  I've tried to exclude the folders it is restored to, but it doesn't seem to help.

I am running Avast! 5.0.094.  Am I doing something wrong for restoring my false positive?

[DavidR]

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

Restoring the file doesn't remove the copy in the chest, once you have confirmed it is back in the original location you can delete the copy in the chest.

However, I don't think it is a simple as this in your case. Is avast alerting again when you try to restore it ?
I suspect it is and why you are in this loop.

How was it marked as a false positive (avast doesn't mark as an FP, but infected file) and how was it confirmed it is a false positive ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.