[FIXED] [VBS: Malware Gen] False positives Vir. def: 170221-1 22.2.2017 0:08:41

clira · 2017-02-24T13:39:08.000Z

The problem I posted earlier, with screen clips- the Avast pop-up that warns of a VB malware detection on various Amazon pages. I think it happens on a number of pages due to prefetching.

bob3160 · 2017-02-24T14:04:31.000Z

clira post:311:

The problem I posted earlier, with screen clips- the Avast pop-up that warns of a VB malware detection on various Amazon pages. I think it happens on a number of pages due to prefetching.

Try clearing out your browser data. You can’t blame Avast because your browser still reverts to old, outdated,
and saved data.

system · 2017-02-24T14:10:49.000Z

anon06 post:294:

DavidR post:285:

Ryan J post:280:

Is there a log that lists all files deleted during boot scan?

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt
Depending on your OS this may be in a windows hidden folder so you may need to change the windows explorer view options to view hidden files/folders.

I forgot I had set a boot scan and was distracted when I booted up the next morning. When I saw so many files of different types being deleted, I tried to abort the process but couldn’t, so forced the computer to shut down. When it was able to start up by some miracle, I did a system restore to a few days prior.

Other than a random freeze on this computer that has been flawlessly working for 6 years, things seem by and large OK, though that strange behavior doesn’t give me much confidence.

My main concern is missing personal files that may have been deleted. I looked for the log file you mentioned and it isn’t present, maybe due to the fact that I did a system restore? I already have hidden files visible and I system search for it turns up nothing. Have I lost all ways to determine if and which personal files were lost?

(I know that files were affected that are not in the virus chest because I saw them during the boot scan. When I saw trusted files that hadn’t been installed being deleted, that is when I shut things down. However, I don’t see any related files listed in the virus chest).

Does anyone have any suggestions on how to determine if I’ve lost personal files or did I shoot myself in the foot when I manually stopped the boot scan? That log file for boot scan activity doesn’t seem to be present (Or hidden).

clira · 2017-02-24T14:42:58.000Z

bob3160 post:312:

clira post:311:

The problem I posted earlier, with screen clips- the Avast pop-up that warns of a VB malware detection on various Amazon pages. I think it happens on a number of pages due to prefetching.

Try clearing out your browser data. You can’t blame Avast because your browser still reverts to old, outdated,
and saved data.

I did it that even though logically, it should not matter…unless the old website did actuallt did have malware, but the new data didn’t. The provlem is with Avast.

bob3160 · 2017-02-24T14:51:05.000Z

clira post:314:

bob3160 post:312:

clira post:311:

The problem I posted earlier, with screen clips- the Avast pop-up that warns of a VB malware detection on various Amazon pages. I think it happens on a number of pages due to prefetching.

Try clearing out your browser data. You can’t blame Avast because your browser still reverts to old, outdated,
and saved data.

I did it that even though logically, it should not matter…unless the old website did actuallt did have malware, but the new data didn’t. The provlem is with Avast.

You are correct, the original problem was Avast. Once they fixed the problem, it was no longer their foult if you are looking at old websites.
That’s why you need to clean out old outdated stuff. One of the reasons why CCleaner is as popular as it is.

clira · 2017-02-24T14:56:57.000Z

bob3160 post:315:

clira post:314:

bob3160 post:312:

clira post:311:

The problem I posted earlier, with screen clips- the Avast pop-up that warns of a VB malware detection on various Amazon pages. I think it happens on a number of pages due to prefetching.

Try clearing out your browser data. You can’t blame Avast because your browser still reverts to old, outdated,
and saved data.

I did it that even though logically, it should not matter…unless the old website did actuallt did have malware, but the new data didn’t. The provlem is with Avast.

You are correct, the original problem was Avast. Once they fixed the problem, it was no longer their foult if you are looking at old websites.
That’s why you need to clean out old outdated stuff. One of the reasons why CCleaner is as popular as it is.

Sorry, but that does not make any sense. If Avast looked at a piece of website data(HTML, Javascript, etc.) and said “Malware!”, then realized that was false, and amended their code to look at the same website data and say “OK”, then it should not require me to do anything with my browser cache. The only circumstances where that would make a difference would be if :

Amazon truly did have malware on their site
Amazon changed their data to be the same functionally, but written so as not to get a false flag from Avast.

In any case, as mentioned, I dumped my browser cache and the problem persists.

Sirmer · 2017-02-24T17:33:20.000Z

Is problem persist with other browser?

Eddy · 2017-02-24T17:43:36.000Z

A simple way to test with another browser is using this one > http://www.opera.com/computer/portable

JiříŠembera · 2017-02-24T17:48:53.000Z

You can also check if the faulty VPS is still present on your computer and if it is, restart Avast service or reboot your computer. I’ve posted more info in this thread: https://forum.avast.com/index.php?topic=197694.msg1372050#msg1372050

Jiri

bob3160 · 2017-02-24T17:55:09.000Z

It should look like this:

http://screencast-o-matic.com/screenshots/u/Lh/1487958799090-26101.png

system · 2017-02-24T21:14:27.000Z

ok so I’ve been using windows defender for a few days and it has given me no problems, very different experience to avast.

however since I paid MONEY for avast I intend to start using it again… :‘( :’(

I know the title says [FIXED] but I don’t trust Avast so can someone please let me know if I re-install right now will it be ok?

DavidR · 2017-02-24T22:15:58.000Z

neonaus post:321:

however since I paid MONEY for avast I intend to start using it again.... :'( :'( :'(
I know the title says [FIXED] but I don’t trust Avast so can someone please let me know if I re-install right now will it be ok?

I never experienced a problem to start with:

I’m in a different time zone and may not have got the VPS update as I hadn’t started my system.
I rarely if ever do an on-demand scan - exception when I run one to help on the forums - so I’m probably less likely to encounter that False Positive.

You say that you don’t trust avast, why would you trust a stranger on the forums. Many would say that it is fixed, but there are some who might not say its fixed.

If you have uninstalled avast, doing a clean install should certainly ensure any possible remnant of the bad VPS update should be gone. So you would be starting with a clean slate.

What I would say to you is to consider a robust backup and recovery strategy:
I run a hard drive drive image weekly and keep copies of the last 6 drive images. The worst case scenario being I lose the last 6 days of changes. But some of the software allows for incremental updates so only new entries or modified elements which could be run daily. In this case you could be down to only losing changes within the last day.

This isn’t just to recover from what you experienced, but any computer hiccup. I have used this on many occasions over the years and never once in relation to some like this, but I am prepared.

wrlucas · 2017-02-24T23:39:31.000Z

I still have the problem referred as “FIXED” and sworn by other on this forum that it is fixed and no longer Avast’s fault.

I have def 170224-1, 17.1.2286 (build 17.1.3394.46), I have restarted the Avast service, cleared cache, and rebooted 3 times.

I have experienced this on Chrome, FireFox, and Edge. The Firefox was a completely new install and had no history.

DavidR · 2017-02-24T23:56:30.000Z

wrlucas post:323:

I still have the problem referred as “FIXED” and sworn by other on this forum that it is fixed and no longer Avast’s fault.

I have def 170224-1, 17.1.2286 (build 17.1.3394.46), I have restarted the Avast service, cleared cache, and rebooted 3 times.

I have experienced this on Chrome, FireFox, and Edge. The Firefox was a completely new install and had no history.

Have you followed the information and action in this post https://forum.avast.com/index.php?topic=197572.msg1372576#msg1372576 Reply #325 and the link given in it ?

Also see the post below it Reply #326.

It may be an idea to do a clean reinstall of avast if you have done what is suggested in those posts and links…

clira · 2017-02-25T00:11:34.000Z

wrlucas post:323:

I still have the problem referred as “FIXED” and sworn by other on this forum that it is fixed and no longer Avast’s fault.

I have def 170224-1, 17.1.2286 (build 17.1.3394.46), I have restarted the Avast service, cleared cache, and rebooted 3 times.

I have experienced this on Chrome, FireFox, and Edge. The Firefox was a completely new install and had no history.

Ditto. Avast supports wants me to boot into Safe Mode, uninstall Avast, then reinstall. Ugh.

wrlucas · 2017-02-25T02:25:43.000Z

I have done all those things in replies 325 and 326. Three definition releases since 170221-1 on 2-22-17. It appears more is needed.

clira · 2017-02-25T14:57:35.000Z

Looks like this has finally been fixed in 170225-1. No issues so far this morning.

system · 2017-02-26T22:15:19.000Z

catrike post:133:

Thanks Avast, I just spent 5 hours restoring files to my archive drive and system files to my operating system and Avast DELETED a bunch I files I can never get again. I still have a lookup.dat file that needs to go back in C:\Windows\winsxs\x86_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_a31b6cff9464aa03 and Windows won’t let Avast Virus Chest restore it. I’ve tried copying it back in manually and Windows won’t let me do that either. >:(

Hello,
I have the same exact problem as catrike. Restored everything else from the chest apart from lookup.dat .
Can anybody help with this?

Eddy · 2017-02-26T22:19:56.000Z

Is anything not working ?
Wat application is using that file ?
What is/was the original location ?

system · 2017-02-26T22:28:26.000Z

Hello Eddy,
everything is working fine, the only problem is that this file can’t go back in it’s original place and remains in the chest.
The original location of the file was C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39
On the properties it says this file opens with Windows Shell Commor

Announcements