Virus Chest?

So as most of you know there was a ton of false positive going off yesterday due to the VBS:Malware-Gen false flag. So a ton of my stuff got marked and put into the virus chest.

I tried updating my Avast to see if it would fix the false flags… but for some reason my update broke Avast, where it would load up the old ui whenever I clicked to open up Avast, and Avast would immediately crash.

So I tried to do a repair install to no avail. So I did a complete uninstall of Avast using Iobit uninstaller and deleted all the residue files and reinstalled Avast, which is now working fine.

When Avast puts stuff in the virus chest does it actually move it into one of the Avast folders or puts it as one of those randomly generated named .tmp files? Because when I used Iobit to uninstall Avast it deleted all the .tmp files… and now some of my programs aren’t working anymore. And no surprise I guess but when I went into the virus chest in the new version of Avast… it shows up empty?

Since you re-installed avast! and didn’t restore the files from the virus chest it bricked some of your programs.It’s better that you re-install avast if you think its broke.Keep us posted if you need help with the same.

Remove everything from IObit, you can’t trust them.

https://forums.malwarebytes.com/topic/29681-iobit-steals-malwarebytes-intellectual-property/

  1. Download Avastclear, Rejzors uninstall tool and the appropriate Avast program edition

http://files.avast.com/iavs9x/avast_free_antivirus_setup.exe
http://files.avast.com/iavs9x/avast_pro_antivirus_setup.exe
http://files.avast.com/iavs9x/avast_internet_security_setup.exe
http://files.avast.com/iavs9x/avast_premier_antivirus_setup.exe

Avastclear : http://files.avast.com/iavs9x/avastclear.exe
Rejzors Uninstall tool: http://rejzor.wordpress.com/avast-cleanup-tool/

  1. Uninstall Avast by control panel [If you don’t have Avast in control Panel go to #4]
  2. Uninstall in safe mode using Avastclear.
  3. Run Rejzors Uninstall Utility in Normal Mode (removes traces avastclear doesn’t) - reboot.
  4. Install the version you downloaded.

As I said in the OP, I got Avast to work again properly… what I am trying to ask is… does Avast actually move quarantine files into its own folders and renames them to something random? Cause I am hoping Avast has the virus chest files hidden (hopefully they weren’t one of those hundreds of .tmp files) somewhere so that I can restore them.

Cause here is a complete log of what Iobit deleted… and I couldn’t see anything recognizable in the file paths.

Avast does move the files into a folder and rename them to avoid other scanners from picking them up.

But you can restore the items from the. Avast user interface.

Problem is I used Iobit to delete all my previous Avast files… and they aren’t recoverable anymore… I tried scanning my HDD with Recuva and it doesn’t detect any of my previous avast files anymore either.

Then you may have lost the files in the Avast virus chest since you re-installed avast:-\

Even if something like Recuva was able to find the files in the chest it would still not be possible to recover them as avast encrypts them.

RIP I guess. I knew I should of just not done anything when MBAM failed to detect anything when Avast start flagging of 200 files as infected… guess now I gotta just wait and see the fall out of what happens when 400 of my files were moved to the virus chest yesterday and can’t be restored.

Surely Avast would be able to decrypt its own files if I were able to recover them and put them back where they belong?

But yeah could of one you guys take a look at the deletion log in post #4 of this thread and confirmed that any of those files could be virus chest files?

There is a reason why long ago someone came up with the idea to create backups :wink:

Here is what I have/do :

  • Install the OS, all drivers, all applications I normally use, make the settings as I wish them
  • Create a image of the drive
  • Daily automated backup of data (part is also automatically synchronized online), in two places. (near my system and online)
  • Create a new drive image once a month (also automated).

It is always smart to keep e.g. the last 5 backups, just in case the last one (for whatever reason) is damaged.
And never store the backups only “near” the system.
If e.g. the house burns down, or you get robbed, you can loose the system and the backups.
Store them somewhere online.

Well,no as Eddy said even if we recover the files they will be unusable.

You can use system restore and go back to a earlier date before this happened and get your files bck.

No, avast can’t restore them when you place them back.
If it was that easy, malware would be able to recover the files if they get deleted.

No clean backup = Files are lost

I usually do have back ups. But stupid Windows 10 kind of screwed me over… in Windows 7 there was usually that auto restore point whenever you turn on your computer or uninstalled something. But for some in reason in Windows 10 none of this crap works.

Also usually Iobit has a create restore point, which usually works perfectly fine since I have used it before in both Windows 7 and Windows 10 before the anniversary update in 1511… but for some reason in Windows 10 1607 (anniversary update) it failed to create the restore point. This is the first time I have had to attempt to restore something since updating to Windows 10 1607 like 8 months ago.

Never rely on a restore point.
They are completely useless if e.g. the drive fails.

There is a reason why I never upgraded to win10.I think system restore was the most reliable and best option to get your files back.

Yeah I never had a catastrophic chain of failure like this before.

Where not only did Windows safety measures fail, damn Iobit failed also. Not to mention never had a serious false positive issue like this before with Avast… not to mention never had an Avast update bug like this before either.

Luckily for me I don’t really keep anything vital on my computer, even if it breaks. Though it will be super annoying for me to find out my like super old games/software installers are all broken because of this, especially when I didn’t actually look through the list of things that were moved into the virus chest before reinstalling Avast.

Though I hope after this incident Avast takes way more care on testing false positives and do more quality control on testing stuff before definition releases because in this false positive wave, it wasn’t just like 1 or 2 things wrongly marked, it was a ton of basic vital system programs. I saw quite a a few windows system files flagged yesterday when I quickly looked at the results.

That’s the reason its a must to have backup images of your system in case something goes wrong.

Avast has already taken some steps to stop this:
https://forum.avast.com/index.php?topic=197572.msg1371425#msg1371425