Author Topic: Avast! , Redlof and WinMe  (Read 8642 times)

0 Members and 1 Guest are viewing this topic.

rlndsgrb

  • Guest
Avast! , Redlof and WinMe
« on: August 20, 2003, 04:39:17 PM »


Avasts! insists on find out Redlof............in the _RESTORE folder !
No other folder is infected...
Other AV get "access denied " on this folder and do not scan it.
Is it an Avast bug or a my virus ?
These are the three last scan of this last week.Of course I had
resetted SR atfer each scan. Is someone (Alwil Member...) interested
to the last "058.CPY" file ?

Thanks,regards rolando.
 

 

c:\_RESTORE\TEMP\A0011552.CPY [L] VBS:Redlof (0)
c:\_RESTORE\TEMP\A0011558.CPY [L] VBS:Redlof (0)
c:\_RESTORE\TEMP\A0011574.CPY [L] VBS:Redlof (0)


c:\_RESTORE\LOGS\vxdalt1.log [L] VBS:Redlof (0)

c:\_RESTORE\TEMP\A0000058.CPY [L] VBS:Redlof (0)

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re: Avast! , Redlof and WinMe
« Reply #1 on: August 20, 2003, 04:45:54 PM »
An easy one: Use this guide to solve your Problem
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
MfG Ralf

rlndsgrb

  • Guest
Re: Avast! , Redlof and WinMe
« Reply #2 on: August 20, 2003, 05:11:04 PM »


Yes, if it was a virus.......................
I think it isn't a virus and I cannot disable SR every day
for a fause positive!
Regards,rolando.

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re: Avast! , Redlof and WinMe
« Reply #3 on: August 20, 2003, 05:32:35 PM »
Yes, it sounds a little bit like false Alarm. You can send the files to support@aws.cz to validate that. Or do it on your own by using this link: http://www.kaspersky.com/remoteviruschk.html

BTW: Does it mean the mentioned infected files come back again and again? Normaly after disable, restart and enable the Systemrestore the files should be gone.
MfG Ralf

rlndsgrb

  • Guest
Re: Avast! , Redlof and WinMe
« Reply #4 on: August 20, 2003, 08:36:21 PM »

I would not say that " infected files come back again and again " , but that false psitive Redlof come again and again !
Code: [Select]
disable  and enable the Systemrestore the files should be gone. Yes ,all of the files would be deleted ....BUT all checkpoints to recover the System would be lost ! And now I have many patches that I could have to uninstall .
I have  posted because I beleved that Alwil members
were interested to a false positive....Just to get a more
reliable Avast!4 .

Regards , rolando.

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re: Avast! , Redlof and WinMe
« Reply #5 on: August 20, 2003, 09:02:24 PM »

Yes ,all of the files would be deleted ....BUT all checkpoints to recover the System would be lost ! And now I have many patches that I could have to uninstall .

Remember the Systemrestore is not an uninstaller tool. It will restore the system to that point the Restorepoint is set. So if you install a tool and than an other and you want to delete/uninstall only the last one you will lose the first one too, because the restorepoint was set before the installating the first tool.

And about the false alarm thing: send them to the Avast-support, because we are only Avat user( exept the Alwillteam members of course)
MfG Ralf

whocares

  • Guest
Re: Avast! , Redlof and WinMe
« Reply #6 on: August 21, 2003, 04:32:18 AM »
Hi,

to check for false alarms:
you can boot your PC with a WIN-Bootdisk, and copy the seemingly infected files from the Restore-folder to a user-folder of your choice.
After a normal reboot, you can scan the files with other scanners.
Be sure to use "Scan-all-Files"Mode in the other scanners, and to disable Avast resident shield beforehand.
This procedure shouldn't hurt your Win-SystemRestore-Points at all, but give you some info about false alarm or not.


 ;)

rlndsgrb

  • Guest
Re: Avast! , Redlof and WinMe
« Reply #7 on: August 21, 2003, 09:59:58 AM »

Hi Raman,
I know as SR works.I use it when a patch is uninstallable.
 
Code: [Select]
 And about the false alarm thing: send them to the Avast-support, because we are only Avat user( exept the Alwillteam members of course)  
Alwillteam do not seem interested. So I am.

Hi whocares,
A virus in SR folder cannot damage the system (unless I
I did a SR ). Other AV scanners do not find any virus.