Author Topic: Assumption (Avast remove system file by accident)  (Read 4047 times)

0 Members and 1 Guest are viewing this topic.

Offline tlee

  • Jr. Member
  • **
  • Posts: 79
Assumption (Avast remove system file by accident)
« on: September 14, 2010, 10:23:57 AM »
Hi,

As for the topic,

since, I checked the default setting of action for all kind of threats is to move to Chest.

So, will it cause able boot to Windows?

How to recover it while happend? touch wood ...........

Thanks,
tlee

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Assumption (Avast remove system file by accident)
« Reply #1 on: September 14, 2010, 01:59:43 PM »
I believe there are protections on moving genuine system files as they should be digitally signed, and I think that there is meant to be a white list for unchanged signed files, etc.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Assumption (Avast remove system file by accident)
« Reply #2 on: September 14, 2010, 02:31:54 PM »
If you really got a necessary file to boot infected and if avast move it to Chest (for instance in boot time scanning), you'll need to replace that file with a clean one or restore Windows.
Indeed, you can have an un-bootable computer if avast move that file to Chest. Like David said, it won't happen by accident as avast also checks the signature of the file. But if it is infected, and avast moves it to Chest...

We already ask for a bootable CD...
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Assumption (Avast remove system file by accident)
« Reply #3 on: September 14, 2010, 04:33:28 PM »
There are some system files that even if infected won't be moved to the chest (or deleted, etc.) as in doing so it could impact on the system. This was very common in the win32:patched infections in system files. They ended having to be repaired by a 3rd party application I believe. So I don't think that is so common an occurrence.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline tlee

  • Jr. Member
  • **
  • Posts: 79
Re: Assumption (Avast remove system file by accident)
« Reply #4 on: September 15, 2010, 04:13:58 AM »
Hello,

Thank you so much for yours explanation.

What I afraid that is the false positive detection. Since, even Symantec or other AV also that the issue of false positive detection.

tlee

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Assumption (Avast remove system file by accident)
« Reply #5 on: September 15, 2010, 04:53:16 AM »
You're welcome.

So are you saying that avast has detected something that you think is a false positive ?

If so if you can provide the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security