Author Topic: Restore from virus chest  (Read 3664 times)

Offline konfoozed

  • Jr. Member
  • **
  • Posts: 61
  • Gender: Male
    • Personal Message (Offline)
Restore from virus chest
« on: February 06, 2012, 01:04:55 PM »
I was delighted to see that four of the items found during a scan this morning have proved to be FPs. However 2 concerning adobearmhelper apparently can't be restored and the other two regarding MBAM have apparently been restored but remain on the list in virus chest.
Question: (1) Should I extract the first two? (2) Do restored items always show in the virus chest list?
Thanks for the help.

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: Restore from virus chest
« Reply #1 on: February 06, 2012, 01:06:48 PM »
well...the files are restored but a copy of the files are stored in the chest.

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69207
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Restore from virus chest
« Reply #2 on: February 06, 2012, 01:20:24 PM »
When the file is restore, should there be a problem during the restoration, the only copy of that file could be gone.

So retaining a copy in the chest is a safety measure, once you confirm that the file is back in the original location (still having a copy in the chest shows that location), then you can manually deleted it from within the avast chest.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline konfoozed

  • Jr. Member
  • **
  • Posts: 61
  • Gender: Male
    • Personal Message (Offline)
Re: Restore from virus chest
« Reply #3 on: February 06, 2012, 01:23:26 PM »
When the file is restore, should there be a problem during the restoration, the only copy of that file could be gone.

So retaining a copy in the chest is a safety measure, once you confirm that the file is back in the original location (still having a copy in the chest shows that location), then you can manually deleted it from within the avast chest.
OK thanks...so literally highlighting and hitting the delete?

Offline konfoozed

  • Jr. Member
  • **
  • Posts: 61
  • Gender: Male
    • Personal Message (Offline)
Re: Restore from virus chest
« Reply #4 on: February 06, 2012, 01:23:58 PM »
well...the files are restored but a copy of the files are stored in the chest.

Thanks.

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: Restore from virus chest
« Reply #5 on: February 06, 2012, 01:27:44 PM »
No problem! ;)

Thanks for confirming david...i thought i was a little wrong at my previous post..

Offline konfoozed

  • Jr. Member
  • **
  • Posts: 61
  • Gender: Male
    • Personal Message (Offline)
Re: Restore from virus chest
« Reply #6 on: February 06, 2012, 02:48:59 PM »
So, can anyone tell what is the procedure for the two files that Avast says can't be restored?

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69207
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Restore from virus chest
« Reply #7 on: February 06, 2012, 02:55:30 PM »
When the file is restore, should there be a problem during the restoration, the only copy of that file could be gone.

So retaining a copy in the chest is a safety measure, once you confirm that the file is back in the original location (still having a copy in the chest shows that location), then you can manually deleted it from within the avast chest.
OK thanks...so literally highlighting and hitting the delete?

Yes, or just right click on the file and select delete.

So, can anyone tell what is the procedure for the two files that Avast says can't be restored?

Well you haven't said why they can't be restored, so it is kind of hard to give any advice ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline konfoozed

  • Jr. Member
  • **
  • Posts: 61
  • Gender: Male
    • Personal Message (Offline)
Re: Restore from virus chest
« Reply #8 on: February 07, 2012, 08:19:12 AM »
When the file is restore, should there be a problem during the restoration, the only copy of that file could be gone.

So retaining a copy in the chest is a safety measure, once you confirm that the file is back in the original location (still having a copy in the chest shows that location), then you can manually deleted it from within the avast chest.
OK thanks...so literally highlighting and hitting the delete?

Yes, or just right click on the file and select delete.

So, can anyone tell what is the procedure for the two files that Avast says can't be restored?

Well you haven't said why they can't be restored, so it is kind of hard to give any advice ?

Sorry, when I click on to these two items the restore option is faded out. Also, under properties it says they can't be restored.
« Last Edit: February 07, 2012, 08:21:10 AM by konfoozed »

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69207
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Restore from virus chest
« Reply #9 on: February 07, 2012, 12:10:53 PM »
Then we need more information of what the detection is, file name, location and malware name.

Some times Restore may not be possible, if it were a web based file/page, if it was a temp location and the folder is no longer present (system restore, restore point), etc. The above information would help to determine what that reason might be.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline konfoozed

  • Jr. Member
  • **
  • Posts: 61
  • Gender: Male
    • Personal Message (Offline)
Re: Restore from virus chest
« Reply #10 on: February 07, 2012, 12:24:48 PM »
Then we need more information of what the detection is, file name, location and malware name.

Some times Restore may not be possible, if it were a web based file/page, if it was a temp location and the folder is no longer present (system restore, restore point), etc. The above information would help to determine what that reason might be.
Thanks for the reply.
In the original post I stated they were adobearmhelper.exe.
Properties are as follows:

C:\ProgramData\Adobe\Setup\(AC76BA86-7AD71033 File size 320456

H:\Documents and settings\Alluser\Application File size 320456
My computer is a dual boot so I don't have an effective SR facility.
« Last Edit: February 07, 2012, 12:27:05 PM by konfoozed »

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69207
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Restore from virus chest
« Reply #11 on: February 07, 2012, 12:35:14 PM »
I suspect that these locations no longer exist, have you checked that in windows explorer ?

The fact that it is dual boot would mean two separate OSes and two separate system restore functions (if both OSes are windows versions) and you hadn't disabled system restore.

My mention of system restore was as an example of a location where avast couldn't restore to as it is a protected area.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline konfoozed

  • Jr. Member
  • **
  • Posts: 61
  • Gender: Male
    • Personal Message (Offline)
Re: Restore from virus chest
« Reply #12 on: February 07, 2012, 01:03:46 PM »
I suspect that these locations no longer exist, have you checked that in windows explorer ?

The fact that it is dual boot would mean two separate OSes and two separate system restore functions (if both OSes are windows versions) and you hadn't disabled system restore.

My mention of system restore was as an example of a location where avast couldn't restore to as it is a protected area.
I looked in Windows Explorer...nothing I could see. A search from the Start button brought up two identical files...one on the C drive and the other on the H drive: Program Files\Common Files\Adobe\ARM\1.0 File version 1.5.7.0 312 KB
Nothing else.
I run one drive with XP PRO and the other with Windows 7. The presence of another drive apparently disables both SRs.

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69207
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Restore from virus chest
« Reply #13 on: February 07, 2012, 01:36:18 PM »
If you are unable to find the original folder (not file name) location then there would be no way avast could restore it as it isn't able to create folders to be able to restore the file to it.

I have been trying to find out what the AdobeARMHelper.exe actually is, 'Adobe Reader and Acrobat Manager Helper' now that I'm a little wiser as to what it is. I don't know if this is a dual role helper for Adobe pdf reader and also the Adobe Acrobat PDF creator ( a different beast to just the reader).

If you only have the adobe pdf reader then - Personally I would be considering the complete uninstall of adobe pdf reader as it is like a Swiss cheese when it comes to security issues. It is a huge target for malware as it still has a very large user base, which makes it attractive to the malware writers. I gave up on it many years ago when it really became a bloated beast and was very common to find exploits reported on a very regular basis.

There are many other light pdf readers out there, which are so bloated when all you want is a simple pdf reader, I currently use PDF-XChange PDF Reader.

If you have the full adobe acrobat pdf creator then you may have to reinstall it to get this file back where it should be. You would also only want to do this if avast no longer detects the AdobeARMHelper.exe as infected (or it would alert again when you try to reinstall.

####
Weird I have never heard that having dual boot disables system restore.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline konfoozed

  • Jr. Member
  • **
  • Posts: 61
  • Gender: Male
    • Personal Message (Offline)
Re: Restore from virus chest
« Reply #14 on: February 07, 2012, 01:54:26 PM »
Apart from Photoshop (which I can't think is involved) I only have the Reader. I did a search for Acrobat manager and nothing came up. Suppose if I do delete the entries in the virus chest then the worse case scenario will be that at some stage Adobe Reader won't work which wouldn't be a big deal.
Wasn't (hardly surprising being a relative newbie) aware that Adobe Reader was a target so thanks for enlightening me. I will now look into the alternatives.
I only found out about dual boot and System Restore after the second drive was installed....had I known I would have bought a tray and just swapped the HDs when necessary. After this is all sorted that will be the way I shall go.

Thanks for your help.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now