system dll isolated in virus chest and can't get it out.

Hi All,
When I accessed a few apps to print something, I got a pop up saying something like a suspicious file was sent to the virus chest. After this, I can’t print anywhere. The file is: Name - CNB0265.dll, Location - C:\ windows\system32\spool\drivers/x64\3, Virus - WIN:EVO-GEN(susp)
I tried clicking Restore but couldn’t do it by right clicking for choices. I don’t know how to get the file out of quarantine, and I don’t know how to reverse this and eliminate the file from being quarantined again. I did a full scan which produced no infections before the pop up occurred, and did a Malwarebytes scan too. I right clicked the virus name in quarantine and it says (no virus). So If someone could please help me I would be really grateful. Thanks in advance.

Hello,
please, post screenshot of alert avast

send the file via email virus@avast.com
put “False positive” to email subject

or through http://www.avast.com/contact-form.php

Hi, I can’t post a screenshot of the pop up alert, it only appears in the virus chest. If I delete it from the virus chest will it be gone or will it go back to its proper location? Thanks for your response.

click with the right mouse button on the file
and choose the restore option

Follow the instructions below

submit the file via Quarantine to virus lab

http://www.avast.com/faq.php?article=AVKB21

Reported to virus analyst in order to get a reply.

I right clicked the entry before and clicked Restore but nothing happened.

use the extract option
choose a folder where you want to send a copy of the file.

I clicked extract and chose C:\windows\system32 and it’s still there.

now appears a alert ?
send a document or image to print.
try to access the folder and see if avast show some warning.

As soon as I clicked Documents I got the virus alert. I see another line in the alert titled Process: C:\windows.…\printisolationhost.exe

you have to take a picture of the warning?
move the file to its original location
the more correct way is to send the file to be analyzed is possible error update.
I will return tomorrow,if the problem is not solved.

I got a trouble ticket started and am waiting for a response. Mean time I’m going to do a restore to a different snapshot and try to disable Avast self defense module temporarily before Avast grabs my printer driver again. I’ll be back. :slight_smile:

when you restore a file from chest, a copy will remain in chest …
is that what you see?.. or does it not go back to orginal location

how to … avast! 8.x: Using the Virus Chest
http://www.avast.com/faq.php?article=AVKB21

and you find lots of how to stuff in the FAQ section, just search. http://www.avast.com/faq.php

Another point, restoring a file from the chest isn’t going to work it avast still considers it infected.

As soon as it arrives avast would alert again.

If it isn’t considered infected, but it is a system file, windows would also be trying to protect the file that already exists there, which I presume it does for time machine to work (that’s what I get on a search for the dll name).

I also see that you have a query on the go at wilders relating to time machine, http://www.wilderssecurity.com/showthread.php?t=339999&page=187.

After clicking Restore the file which is my printer driver stays highlighted in the chest. If I try to go to a place where I can print like my Documents, Avast sends me another pop up and the file shows up again in the chest.

So how do I force avast to not consider it infected?

As I suggested in another thread here this sort of thing is a good example of the, in places, less than great Avast GUI design.

When an action is enabled the user should have it confirmed, via a message box, so they know whether the operation has actually been carried out or not. As it is you just don’t know unless you re-click restore and get the message the file already exists. As it is it causes confusion.

UPDATE: I just discovered that even though the chest still lists my printer driver, since I have disabled Self Defense Module, the printer is now OK and there is no pop up. Now, can anyone please tell me what I have to do to prevent a re-occurance if I re-enable the Self Defense Module. Thanks again. :slight_smile:

UPDATE: I unchecked “Self Defense Module” temporarily. Upon doing that Avast does not send another pop up, although my printer driver is still listed in the chest, and my printer now works OK. Can you give me any advice so I can re check the self defense module? Thanks again for your help. :slight_smile:

The self defense module protects avast! from being tampered with. It has nothing to do with protecting your files.

Thanks for sending the faq section on the virus chest. I’m checking it out.