I need this file to exchange my recently bought computer: I bought it with this trojan in C:\Windows, and I don’t trust the machine is safe anymore. I called the vendor one evening, and the next morning, the scan logs (in/with Comodo Firewall) were gone!
Is there a way to get it back, on my machine (file retriever), or from Avast, since I sent it to them (Ticket ID: OGA-782131)? I know this is a special request, but I have only good intentions.
(I was expecting a dialog about files & settings during uninstalltion…)
Files in the chest are removed/deleted when you uninstall avast.
That means they aren’t sent to the recycle bin, their gone. Under normal circumstances you might be able to recover deleted files using a file recovery application like undelete or other app.
Your problem is complicated in that the file was in the chest, here the file name is changed and the contents of the chest are encrypted, this would make recovery almost impossible. Even if you managed it the encryption is the next serious issue, making the task even less likely to succeed.
The only other possibility would be to try a system restore going back before the uninstall. The problem here is the system restore isn’t a backup utility and may not be able to fully restore avast including the chest and its content. If it did manage to do that then it may be possible to extract the file from within the chest.
System restore was the first thing I tried, with no success. Avast is good, but it really should have asked me what I wanted to keep during uninstallation…
My last option I guess: I had sent the file to an Avast technician (Miroslav Jenšík, Ticket ID: OGA-782131). Is there no way to get it back from him, or someone?
One last question: how would I know if this file had created some problem somewhere else on the machine, perhaps in the bios?
I honestly don’t know an easy way to guess what this file might do as there is insufficient information. Even the virustotal result don’t give much of a clue as most of the malware names are generic.
So short of doing a full analysis with other tools there is no way to say what it might be able to do. But BOIS settings are not a regular target, MBR (Master Boot Record) is more common but then you also get into the areas that avast is monitoring (rootkits, etc.).