About Quarantine

Hello guys,

I would like to confirm if its right something that I have noticed with the Avast Quarantine:

Everytime that I quarantine a file, it just make a copy of the file in the quarantine, letting the original file where it was… Is it normal? It shouldnt move the file to the quarantine and them remove it from its original location?
Because in that way, I always have to quaratine the file, so he can create a copy of it there and then I go back to the original folder and delete the file?

Its supposed to be like this?

Thanks for your time,

Elminster

How do you quarantine the file?

Is the file infected? Or you only is trying to ‘backup’ a clean file into Chest for security reasons (like the three system files there)?

Hello,

This is what I do:

1- Open the quarantine

2- Go to the section of the files of the users

3- Right click, choose to add a file and add a file.

Its important to say something that I forgot, the file isnt detect as malware. I usually do it when I guess a file is malware but Avast missed it. So I can get the file and send to alwill from the quarantine and also I cant test if removing the file, the problem with the computer (if it have one…) will stop. I do that so I can restore the file if needed, if its not malware. If I delete I will lose it forever…

Thanks,

Elminster

If you add files this way, they are indeed only copied (by design).
If a virus is detected and you select “Move to Chest”, the original files are removed after the file is stored in Chest.

As Igor said, you did a backup.

For testing if it is or not a false positive, I think it’s better to submit the file to Jotti.
If you wan you can zip and password protect (‘virus’, will do) the suspect file and send it to virus (at) avast.com.
Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see About avast: right click avast icon) will also help.

Welcome to avast forum! 8)

Oh I see. Thanks for your reply. I understood now.
I met Avast a few days ago, and I found it a great product. I dont know how such a good product is not famous here in Brazil and not easily sold in any market. I never saw its box in any market here… :cry:

Oh, just one more question… Here in Brazil, in the last months, the number of trojans, created here to steal brazilians bank account informations grow up greatly, something stupid like 1184% (I read it in some journal here). I would like to know if Avast detect this specifics trojans that are always created? Or if it will detect it in the future? Or maybe it will not because its too specific of a country?

Thanks for your time,

Elminster

The correct url is http://virusscan.jotti.org/ (without the “dhs” part) :wink:

Oh, just one more question… Here in Brazil, in the last months, the number of trojans, created here to steal brazilians bank account informations grow up greatly, something stupid like 1184% (I read it in some journal here). I would like to know if Avast detect this specifics trojans that are always created? Or if it will detect it in the future? Or maybe it will not because its too specific of a country?

The virus definitions are usually updated with each new virus sent to avast. So if you find a new virus/trojan scan it first using Jotti. If avast! doesn’t detect it, send it in a zip file with a password “virus” to virus(at)avast.com (replace (at) with @)

Oh, thats cool. Thanks man.

May I send the virus from the quarantine area using the right click option “Email to…” at the file as well? I will got the same results?

Thanks for your time,

Elminster

If you mean that the Alwil team could analyse your file, yes, the same result :wink:

I m trying to find information like mad about how to send files from quarantine . I think, firstly we need to set SMTP then we can send . I use hotmail can i set it ?? If i can how can i set it ? I really dont have any idea how to do . Please help me ???

There may be an easy wan and a hard way
this is the hard way but it works
make a new folder called “suspicious”
somewhere you can find it
like C:\suspicious

go into Avast and EXCLUDE this new folder C:\suspicious
export to or copy the bad files in the chest
(NOT THE SYSTEM BACK UP FILES)
to c:\suspicious
from there you can password protect Zip and email with most anything
(although g-mail and some others will complain)
you can also use C:\suspicious when you upload to virustotal and/or Jotti
handy hint
while in c:\suspicious do not inadvertently RUN them :slight_smile: