I scan one computer, avast auto delete infected file (system file) so computer can not restart
Some antivirus will ask user delete infected file or not (avira, kis) when this files locate in windows or sub folder, if we choose not to delete, then antivirus only block virus.
I’ve warned about it…
I’ve warned about it…
I’ve warned about it…
Hi,
That would be a risky steps for user, since user don’t know anything and avast! auto-delete the infected file.
cheers,
In your next version, I think it’s better if you make warning before Avast auto delete user’s infected file (the same with other antivirus)
Like we didn’t warn about it enough during the beta stage, especially after the false positive fiasco… but they still keep it set to auto delete by default.
You warned only the users who visited this forum. And what about those ones who didn’t?
First lets get it straight, the current version of avast doesn’t automatically delete anything, the default setting is move to the chest (in avast 5.0), if the user changes the default setting to delete then you are inviting a possible problem.
Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate. The investigation must be carried out immediately as if you send a file to the chest and reboot you could be in the same boot as the file wouldn’t be available at boot.
avast does warn against the deletion of system files that are essential and or digitally signed, I believe this has been discussed before. In fact there are some like the win32:Patched virus that infects certain system files avast won’t let you delete or move them to the chest.
There are some problems with some malware that has itself hooked into the system and its removal might leave a registry entry which is going to try to load a missing file, this may or may not cause boot problems.
Unfortunately you don’t give any information about these detections, malware name, file name and location for anyone to even hazard a guess as to why this might have happened (not all files in the system folders are system files).
meigyoku, which was the file name and path?
MOVE TO CHEST == DELETE as the file is automatically moved from it’s current location to chest and as you can’t access chest in safe mode, you are screwed either way. Especially if the file is boot critical and you don’t even manage to boot in safe mode. And the best thing is if it bluescreens on you, so you don’t even get the name of the file that was deleted so you can’t even try to restore it manually. In that case you are on the way to a complete reinstall.
Well, that’s not completelly true, besides, there are so many tools that can help you recover your windows, especially for those with win xp, an example is Hiren’s boot cd. So you can boot into safe mode and return the file to it’s original location. And you can exclude the item, by adding it to the exclude list in avast.
No it isn’t a deletion, having moved it to the chest you should investigate immediately, so your selective quoting missed that bit out.
Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate. The investigation must be carried out immediately as if you send a file to the chest and reboot you could be in the same boot as the file wouldn't be available at boot.There are some problems with some malware that has itself hooked into the system and its removal might leave a registry entry which is going to try to load a missing file, this may or may not cause boot problems.
Since the OP didn’t say what these files, locations and malware name/s is/are, there really is no way to say exactly why it might have caused a problem on boot. That is why I asked the question.
Unfortunately you don't give any information about these detections, malware name, file name and location for anyone to even hazard a guess as to why this might have happened (not all files in the system folders are system files).
So this still isn’t a clear cut issue, but yes if you do boot and it is either critical (not always deleted/moved to the chest by avast), or if it is malware integrated into the boot having been removed.
avast does warn against the deletion of system files that are essential and or digitally signed, I believe this has been discussed before. In fact there are some like the win32:Patched virus that infects certain system files avast won't let you delete or move them to the chest.
Unfortunately your knowledge of how avast and the chest works doesn’t support the suggestion you gave. First you can’t access the chest from safe mode in version 5.0, the service isn’t running and believe me there are plenty of people trying to have that changed or an avast tool to be able to extract, decrypt and place the file in the original location.
When a file is moved to the chest the file is encrypted, and the file name is changed (for any thing other than avast working in the chest) to all outside applications. Be that windows explorer or using a boot CD and whatever tool it has to navigate to folders, see image.
So you are faced with a few problems, a) you don’t know which file in the chest is the one you are looking for, b) even if you know how to find that info out, the file is still encrypted, c) so when you try to run that file it fails.
Whilst you may be able to run the Windows Installation CD and do a Repair install to possibly recover clean versions of a missing file.Well DavidR, you are right about you can’t retrieve the file from chest, but you are missing some info. There is something you can do, you can open the index.xml file in the chest, and you can see the info of the files in the chest, and everything related them in the chest. And as a proof, you have a screenshot taked in w7 x64 safe mode of the index file of the chest. And as you can see, there is all the info of the file i have in chest for testing purposes. This can help our friend at least to see what file was deleted, and maybe get a backup of the file in the internet. There are some files like dll’s or some windows components out there, or maybe he can ask someone here at the forum to get him a copy of the file. Also i have to admit i didn’t know how the chest works in v5, and thanks for the info, there is something new to learn everyday.
I know all about that. As I said for those that know, you can find the name and location information, but thought it wiser not to go further than that (don’t really want people poking around in the chest if they can’t even work that out), as even with that information you can do nothing with the encrypted file without the encrypt algorithm.
Thank all for reply my thread. I do not remember which of files are deleted
My friend still blame me make his computer can not restart (must install windows XP)
I think I should not install Avast if computer is infected virus. I will install Avast with clear computer ;D
And then? You need to have avast to decrypt the file…
Yes, i’m not telling you dont need avast, but our friend didn’t know which file was deleted, and maybe opening the index.xml of chest can get an idea of what was deleted. Don’t get me wrong, as everything that is encrypted, you need to decrypt it if you wanna work with the file. So he can get an idea, just by opening index.xml, of what file is missing, and maybe he can restore the file from a backup, or from other machine running the same OS. and once the OS is restarted, he can just “disable” avast in safe mode. Why are you like this people? just because you have more knowledge of this, you just limit yourselves to help others if they are in your range of who deserve to be helped. Just because you are an evangelist, or a technician, it doesn’t mean you can treat other people as dumb. Someone, here at the post asked him for information about the file that was deleted, and i’m just trying to help him to get some info about the file, that’s all. It’s not our fault if we don’t know, that’s why we are here, to get knowledge, and maybe in the best of the opportunities, help others that have the same issues we had.
You’re fully right. Just it is not an automated and simple action.
??? ???
meigyoku, how does this further go?
Could you manage it? How?