Deleted files due to False Positives

Hello, last night my Avast was going bananas and stated that I had 19 files infected. Because I scan in safe mode I was unable to move to them to the chest and deleted them. However, I found out on the forum that they were FP’s and now I am worry that my computer is going to start acting funny. Please let me know how to add these files back.

Thank you in advance

God Bless

Karmel

You can try one of these programs:

http://www.piriform.com/recuva

http://www.snapfiles.com/get/restoration.html

Always try to move files to the chest first, as you can recover them if they are false positives.

Deletion leaves very little room for repair.

Hope those utilities help!

Can I just go back on my computer and do a system check point or just do a non-destructive restore?

That should do it as well. Just make sure that you update avast after that.

If it doesn’t work, one of the recovery utilities may still help, but I’d try to recover the files before something over-writes them

What do you mean “if something else overwrites them”?..

he means, search for deleted files using the file recover tools and recover the files… so that the deleted file sector on the hard disk is not over written when you try to restore using system restore.

nmb

Thanks NMB. Exactly what I meant.

What if the files are overwritten, what would happen? This is all so new to me… I am running the Piriform Recuva right now.

Karmel83,

there is something you need to understand.

the files deleted generally are not actually removed from the disk area but only removed from the file table or list or something similar to that in the drives file list. so if the area in which the file was present previously is over written with a new file then you cannot recover a file. instead if you scan now, before restoring using system restore, and recover the file then you will have no loss.

hope you understood.

nmb

When a file is deleted, it’s only marked as deleted - and the corresponding areas on the disk are marked as free. At that moment, it’s usually possible to restore the file.
However, if you (or another tool, or the operating system) saves another file on the disk, it may re-use this “free” area and overwrite the content for real. At that moment, it’s not possible to restore the file anymore.

Thank you so much guys! I am beginning to understand…right now I am scanning for recovery and hopefully I can recover all of the files.

God Bless

Karmel

make sure you enable deep scan in advance options.

nmb

I did, thanks!

So I have a little variation on this. Last night I got hit by the delf issue and after I put 2 files in the chest I decided to do a boot scan where it found another 35 files or so before I stopped it. Unfortunately I selected option to “Move” the file which after looking closer I would have selected “Move to Chest”. So where did it “Move” them to if not the chest? Did it create a log somewhere? I can recover if I know what got deleted/moved.

Thanks in advance!!

“Move” means moving the file into \Data\Moved folder - so you’ll find them there, possibly with .vir extension appended.
As for what files were moved there… you can check the \Data\Log\warning.log file (or you can use avast! Log Viewer, actually) - the original locations should be there.

Thanks!! That gives me the info to get it back up and running!!

Actually, I should use this as an excuse to upgrade the MB-CPU-Ram and reinstall the operating system.

Thanks!! That gives me the info to get it back up and running!!

Actually, I should use this as an excuse to upgrade the MB-CPU-Ram and reinstall the operating system.

sounds good to me!

Well the restore program only found 2 out of the 19 files that were deleted. What should my next step be?

Consider this, it might even fix deleted files?

Avast’s boot scan moved 97 files in key programs of mine to the virus chest before I got suspicious and stopped it.

It restored 91 files from the Virus Chest but could not restore 6 which were key .exe files.

I was able to restore the last 6 out of the 97 files that Avast could not restore from the Virus Chest by doing a Windows system restore set back 1 day.

Amazingly, everything went back to normal. It even restored Spybot which I had uninstalled after getting so many Trojan messages.

I did not know about the Virusa Chest “extraction option” at the time, which I will keep in mind if there are any more comebacks, but the system restore was easy and did not require you provide a correct path to restore the files.

By the way, the deleted files remained listed in the virus chest so I will snapshot them for the record but I intend to leave them alone.

Good luck

Now that I have read all the wise posts, they leave me a little jittery. I did a system restore and everything seemed to return to normal. Problem solved, right? Granted my files were moved to the Virus Chest not deleted. Should I have some lingering concern that system restore or some other program may have or may yet overwrite something and I still have to use the scan or restore or extraction commands in the Virus Chest to do what I thought System Restore had already done? See my earlier post. Any advice appreciated.