Not sure if this belongs here or somewhere else so feel free to move it if needed…

Using Free on Windows XP. I have repeatedly had an issue where the real-time file scanner reports (and sends email) that a file is infected. For example:

avast! [VICDESKTOP]: File “C:\System Volume Information_restore{7117D64E-854F-410E-BE94-ACD1A0552498}\RP1509\A0268366.dll” is infected by “Win32:Evo-gen [Susp]” virus.
“File System Shield” task used
Version of current VPS file is 140617-0, 06/17/2014

However, if I go into the Virus Chest, right click the item, and ask that the file be scanned, I get no virus found. Additionally, if I restore the file and then scan it by right clicking it in Windows Explorer and choosing Scan With Avast, I get no infections found.

So I am not sure if this is a false positive. If so, it would appear to be so only in the real time scanner. This last happened today with a completely up-to-date program and definition file. But the same has happened many times in the past as well. It seems to be a recurring issue. I have reported it as a false positive in the past and today.

Is Avast aware of this? Is there anything else I should be doing?

Thanks

That detection location is in a file, within an old Restore Point (RP), FP or otherwise, there is little point in having a suspect RP.

It’s strange that the real time scanner is even scanning a file within an RP as system restore isn’t active, unless you are using it, e.g. an executable/dll/system file, etc. has been modified/deleted etc. And even then that old RP would be dormant until such times that you try to restore that RP. So there is something weird there.

So personally I wouldn’t restore a suspect file from an RP, but allow avast to delete it. The last thing you would want to do is use this suspect RP in the event of a problem with your system.

It may be worthwhile to have a clean out of the system restore, it can get massive - your system, your choice.

@@@@
– Create Clean Restore Point - Clear old Restore Points.

Now you are clear of infection create a clean System Restore point:

1. Click Start, All Programs, Accessories, System tools, System Restore.
2. In the pop-up that appears fill in the radio button to Create a Restore Point
3. Click NEXT
4. Enter a useful name that you will remember if you need to find this again (Clean Restore Point)
5. Click CREATE

You now have a clean restore point, you should clear the old ones:

1. Click Start, All Programs, Accessories, System tools, Disk Clean Up
2. Click OK on the C: drive
3. Click the More Options tab
4. In the System Restore section click the Clean Up button

rencently, I had a lot of false positives and so they went to chest… I clicked restore and add to exclusions list… But i guess nothing happened… Also btw, when avast categorizes them virus as GEN, its like some keygen or some less harmful than a worm, maybe avast can ask user whether to move to chest or not.

I mean based on the categories of virus, the corresponding action to be taken, not like the current “Send all to chest”…
That would be useful i guess.

The -Gen suffix has nothing to do with keygens the -Gen indicates Generic Detection, this is designed to catch multiple malware samples of the same general type (e.g. having a common signature). So there is no way you can say it is less harmful.

There is nothing stopping the user setting avast alerts to Ask as the first action. Avast is still very configurable to suit the user.