quarantine folder on hard disk

[danny96]

And the purpose of this excercise is? Restore infected files so that you can boot and get more of them infected, or what?  

Stop entering your stupid notes and give him some help  

Then I offer help as you are running Windows 7 x64 and I am running XP!

Yes

[Hermite15]

i have find the folder F:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\chest with 33 files named "0000000A" to "00000020" and ondex.xml.

what can i do ? Send the folder to avast lab ?

oui

[danny96]

I don't think he wants to restore the files... well I hope not. But as he cannot boot anymore as a result of these files being quarantined, he just wants to see them in the chest folder from another OS install.

I don't want him to restore the files forever, I want just to let him send these files to avast! If this is false positive or he's infected,

[Hermite15]

these sound like restore point or recycled files..

[doktornotor]

Ignore the quarantined crap in the chest for now, you can submit them via chest normally once you have fixed your system properly. Do you have XP install media at hand? If so, take note of the missing files when XP fails to boot, you can use expand.exe to replace them when you boot to XP recovery console (from the F8 boot menu or from the CD).

these sound like restore point or recycled files..

Nah, avast! is mangling the filenames as well. There is index.xml file with information about the original names and location of the renamed files in the chest folder.

[coco3117]

can i open the index.xml with all security ?

[Hermite15]

can i open the index.xml with all security ?

what for ?

[coco3117]

to look the files names

[Hermite15]

look, we have no idea why your files got detected and blocked in the first place. If I were you, I'd leave all that junk alone and re-install XP from scratch. I wouldn't even attempt a repair of it. A repair could work... but I just wouldn't trust the setup.

[doktornotor]

look, we have no idea why your files got detected and blocked in the first place. If I were you, I'd leave all that junk alone and re-install XP from scratch. I wouldn't even attempt a repair of it. A repair could work... but I just wouldn't trust the setup.

I can assist him with repair of his system via the XP recovery console if he wishes and has at least the bootable CD at hand. Not going to help in any way with restoring the junk though. As said, that can be done properly once the system is back alive and kicking and will not help with fixing the system in any way. Chances that those are FPs are so slim that this is basically just waste of time, it is not like avast! would render people systems unbootable due to FPs every day.

[coco3117]

i have a problem to send the rar at the address : http://ftp://ftp.avast.com/incoming/ 

the reply is : "Google chrome could not find ftp"

[DavidR]

i have find the folder F:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\chest with 33 files named "0000000A" to "00000020" and ondex.xml.

what can i do ? Send the folder to avast lab ?

You can't work with the files from outside the avast chest, they are encrypted. You have to open the avast chest, avastUI, Maintenance, Virus Chest.

Files can be submitted to avast for analysis by right clicking on them and select Submit to virus lab... Unfortunately there is no means to send multiple samples to the labs together.

I'm not sure what it is that you are trying to achieve by sending them to the avast virus labs ?
With 33 detections I rather suspect it might be some sort of file infecter rather than 33 false positive detections that you want resolved. The virus labs can't clean files that you send them if they are infected if they couldn't be Repaired previously as part of the detection.

Can you give us some examples of the file name, malware name and the original location e.g. (C:\windows\system32\infected-file-name.xxx) ?
All of this information should be available to you in the chest, by right clicking on the file and select Properties.

[doktornotor]

Can you give us some examples of the file name, malware name and the original location e.g. (C:\windows\system32\infected-file-name.xxx) ?
All of this information should be available to you in the chest, by right clicking on the file and select Properties.

It does not work for him, unbootable system. He can just attach the index.xml file here (rename to index.txt so that it works) and we will see what got quarantined. Anywhere, no idea what is the purpose of this as well.

[Hermite15]

@DavidR yeah I forgot that lol ... chest files are encrypted anyway (quarantine process) and won't be accessible from an external system. Thing is the guy can't boot the infected system anymore. Remains index.xml, well there's no reason for this one to be encrypted and that would give an idea of what happened.

[coco3117]

i sea the files names in index.xml.
I think that i reinstall Win XP properly after formatting the disk.



Thank's very much everybody for your responses.