Avast deleted all my filed from all my drives.

Hi, I’m Flavian.

I downloaded the free version of Avast because I had a problem with a malware/trojan/virus that didn’t allow me to use registry editor and also didn’t allow me to enable it back, by any means. The virus affected all my drives and system files. BUT the programs I had instaled and all applications were working fine until Avast messed them all up and moved them in a so called “quarantine box” or whatever.
So I thought a Antivirus would fix the problem but the result was exactly the opposite. It moved or deleted all my files from both C: and D:
(windows being installed on C:) now I can’t run any program. It messed from the smallest programs like Winrar to the biggest applications I had installed. I don’t even know where to start from with the list of the personal information, applications, engines, programs, data, files avast destroyed. The only things it didn’t affect are the system folders, drivers and thank god the internet drivers, connections and browsers.

I googled the problem and it seems the interface of Avast should have a maintance/restore feature, but guess what? I can’t find it.
Avast didn’t even warn me of the action he will take if I quarantine the so called viruses/errors he found.

What I want to say is that the whole PC worked a lot better before Avast got his hands in to it. And you call that an anti virus?
The data that have been lost is worth a fortune taking in consideration the fact a lawyer and a programmer (me) work on this PC.
All my applications, programs and exe files have been messed up. I tried to get a free data restore software but it didn’t work as I expected.

So let me finish this quick, you should implement in avast a feature where it warns you how stupid the program actually is and how it will affect you stored data. The worm I had and guess what? Even after the clean up the worm is still present. So, the worm I had was just messing around with registry editor in a way you can’t enable it. But that was all. The worm DID NOT DELETE ALL MY FILES AND APPLICATIONS. AVAST DID.

At this point I’m so pissed of I don’t even want to think of what happened.
What I want is a perfect solution to this and I want it ASAP. I don’t even want to hear pathetic excuses like “Why you did not backup the data” or “Then it means all the data was corrupt” because the PC was working fine until Avast. Or “You posted in the wrong section” or “Contact out support center” stuff.

I was naive to think that there is any anti virus smart enough to clear that worm I have on the PC that not even total drive format and windows reinstall did not fix. Haha.

So that being said I want to fix the whole data on the PC the same it was before and I want it now, I don’t even care what you guys have to do.

If it quarantined all your exe files then you had a file infector… And the best option if you have one of those is to wipe the drive and start again

I think you don’t understand. The issue is not that the worm in present on my drive and I can’t remove it. The issue is what Avast did not warn me of the actions he would take, delete half or even more of the files on the hard drive.

I said in the first post, even if the worm is deep in to the drive it never deleted half or even more of the data. Avast did this.
So just take a moment and think what is worst?

I am not even taking in consideration the option to reinstall windows and format the hard drive again.
I don’t even want to think of what the consequences will be if the Avast team does not find a fix to this.
I am repeating myself again the applications and programs worked perfectly before Avast quarantined or whatever them.

I found now the virus chest settings. It says that the size of the chest is allowing only 256 MB to store in. Then how did Avast mess all the data?

what was the malware name avast gave the detected files?

When Avast finds a virus you are given the option to delete, quarantine did you get the popup ? Avast does not delete any system files

@Pondus Avast did not gave any name. I runned a simple scan and tookm like 20 minutes. After the scan was complete I choose to quarantine the files and maybe that was my big mistake. The number of the so called “infected” files was over 9999 literally no way they could get in those 256 MB virus chest allows normaly.
I say this because I had installed programs like Photoshop, FL Studio 9, 10, 11, Winrar, Deamon Tools and a lot more. And Avast quarantined or moved or deleted some files on each program like exe, dll and office files. It quarantined even word files on the C: and D: that were highly important to me and the persons who use this PC.

@essexboy I got the popup and choose to quarantine them I had no ideea it will mess up so randomly. The files it quarantined were working perfect before. Even if they had errors or viruses they were to small to even notice.
In other words I hoped Avast will quarantine and destroy the worm I have deep in to my hard drive. Not the programs and files I have on the PC. Let’s say the worm infected all those files and applications then Avast should have warn me what I am about to quarantine but it did not.

With that amount of files I would expect it to be a file infector like Virut or sality

Within the chest it should give the name of the malware detected

If you scroll across on the virus chest you will see the virus column

avast always give a malware name to what it detect…

if you look in avast chest (quarantine) there should be files …with a malware name

you may attach a screenshot

@essexboy How do I find this virus chest and scroll in it?
@Pondus Again, how do I find this chest you mention about.

Let’s say it’s fine for me to reinstall all the applications and the programs Avast quarantined those are easy to install again.
But how I recover the office, the saved documents and data from each individual progam it deleted? That’s my big issue.

I’m sorry if I took an offence position but I’m desperate. I don’t even know actually how much that saved data was worth.

how to use virus chest. http://www.avast.com/en-eu/faq.php?article=AVKB21

Open Avast, select the scan page. A hyperlink at the bottom takes you to the virus chest

Here:


http://s18.postimg.org/6xmuuatr9/Win32_Tontokbr_K.jpg

Are you connected to a network ?

Although it is a worm it also infects exe files. You can restore files from the chest but they will still be infected

We can try that but you will need to run an external AV via a USB drive

Yes I am connected to a network it’s a simple cable network provided by my internet providers…
So if I want to restore the files I have to run an external what? via a USB drive.
AV? What is that? You mean avast? If it is an exe I have to run do I need to make the flash bootable?

And is the worm similar or the same with brontok?

I scrolled down in the Chest. There are multiple worms. >:(
Sality, AutoRun-BHW and Small-HTXR [Trojan] that made Avast remove system32.exe from root folder files. :frowning:
And the last Downloader-UAW also [Trj]

Rontokbro aka Brontok Worm
http://antivirus.about.com/od/virusdescriptions/a/rontokbro.htm

Sality file infector
http://en.wikipedia.org/wiki/Sality

Director of Research @ Malwarebytes - Virut and other File infectors - Throwing in the Towel?
http://miekiemoes.blogspot.no/2009/02/virut-and-other-file-infectors-throwing.html

Pondus thank you for those links, very helpful. I bookmarked the forum page for later use.

But can’t I just restore the files even infected for now?
I don’t have the time to make a F-Prot CD now and even if I was I need to get more deeply into it and assure that I am prepared in the future for Brontok and any other like Sality or Small-HTXR , for example scan any files or attachaments before downloading them and running consant scans with multiple anti viruses(without quaranine them).

for example scan any files or attachaments before downloading them and running consant scans with multiple anti viruses(without quaranine them).
you should never install and run multiple AV suspicious files can be tested online before you open and run them at www.virustotal.com

essexboy will help you clean the computer (if possible) when he is back online…

Sality can be cured but there is no guarantee it will be 100% effective. There is a good tool that I use and it is a Linux based one so windows is totally inert. Your computer was very severely infected

Right click the files in the virus chest and select restore, Avast will alarm on this but accept it. Disconnect from the network otherwise it may spread

For the following you will need access to a clean computer and a USB drive

As this programme changes frequently my screenshots may not be quite accurate but they will follow the same route

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop

[]Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
[
]Launch drwebliveusb.exe.
[*]The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).

https://dl.dropbox.com/u/73555776/liveusb_ru.jpg

[]To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
[
]Files will be copied automatically.
[]Once the copying process is completed, press the Exit button to close the application.
[
]Reboot the infected computer with the USB in the drive
[]Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
[
]As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

https://dl.dropboxusercontent.com/u/73555776/Live%20boot%20screen.png

[*]Use arrow keys to select DrWeb-LiveCD (Default)

https://dl.dropboxusercontent.com/u/73555776/drwebselect.JPG

[*]Press select objects for scanning

https://dl.dropboxusercontent.com/u/73555776/drwebfolders.JPG

[*]When the system is loaded, check the disks or folders you want to scan, and click on Start.

[*]The programme will now scan for and cure/delete any malware that it finds. Allow it to do so

https://dl.dropboxusercontent.com/u/73555776/drwebscan.JPG

[*]When it has completed

https://dl.dropboxusercontent.com/u/73555776/drwebscancomplete.JPG

[]Select Open Report and copy to the USB
[
]Once completed reboot to normal windows, and attach the report here