Hi. After scanning my PC with Avast Home Edition 4.7 it discovered more than 1700 infected files…! Now, I moved part of them to the Chest and others still in “move/rename” folder. I couldnt find any “virus healing” option on Avast interface, it only suggests delete or move file to chest. Is it possible somehow to heal infected files w/o deleting them?(VRDB is alrd created as I understand, but not clear where it keeps this backups and how to restore them…?) I wouldnt like to delete many of those files that contain useful texts(in Word.doc or Html formats). Also, copying their contents into text format in the Notepad is quite bothersom work…
It also showed some system files infectded, which it moved to chest (Kernel32.dll, winsock.dll, wsock32.dll, - C:\windows\system32). What to do to them?
My Windows Xp works well and I liked how Avast found so many viruses. Your kind advice on this problem would be much appreciated.
hard to say anything, cause we don’t know what type of malware is so spreaded in your PC… can you tell us more or pack the scan results and post them here as attachment?
avast manages the VRDB itself. Only some executable files could be restored (cleaned). It’s not a backup feature, rather a feature to recover some executable files from some infections.
If they are in the ‘System’ folder of the Chest, they’re there for backup purposes.
If they are in the ‘Infected’ folder, you can let them into Chest, without harm, for further analysis.
The VRDB only protects certain files, .exe, etc. it doesn’t protect data files or all files, it is not a back-up program, so there are going to be many occasions where repair won’t be an option.
Only true virus infection can be repaired, e.g. when a virus infects a file it adds a small part to it, provided that file is one that avast’s VRDB would monitor and you have run the VRDB, then it may be possible to repair the file to its uninfected state.
However, for the most part so called viruses, trojans (adware/spyware/malware, etc.) can’t be repaired because the complete content of the file is malicious.
Trojans generally can’t be repaired (either by the VRDB or avast virus cleaner), because the entire content of the file is malware, so it is either move to chest or delete, move to the chest being the best option (first do no harm). When a file is in the chest it can’t do any harm and you can investigate the infected warning.
Wow 1700 infected files? ? ?
Will be good to format your PC, reinstall Windows and install Avast! on the clean computer … not because Avast! can’t clean your system, because your system will not work good.
I’d hold off on the reformatting. Without knowing what the files and detections are, that sounds pretty drastic.
There’s false positive to take into account also.
Pelikan, you should take a few samples from a group of files with, say the .doc extention and submit them to http://www.virustotal.com It’s an online multiscanner. You would have to move them out of the chest to a temporary folder before submitting. Post back the results of the scans.
Absolutely agree a suggestion of a reformat based on insufficient information is too soon in the game.
Whilst 1700 infected files found is a bad situation indicating a possibly seriously compromised system. It is possible that there is/was a trojan downloader, backdoor or hidden elements, but that we have to find out.
Sometimes, just one of two infections could be due to such a high of infected files.
Without further information (name of virus, name and path of the infected files or some of them, etc.) is difficult to judge.
Thank you for this advises. Thank other members too for their insights. Will make decision after carefully weighing all cons and pros’.
Genrally, the viruses it shows in the list are these:
1)Win32:Adware-gen[Adw] (found in sinstaller2.exe)
2)Win32:VB-EQB[trj] (found in all other files(most of them Html, Doc))
As for system files like kernel32.dll and winsock.dll it moved to chest but doesnt show the definition of the virus.
Looking forward to ur comments, thanks a lot.
P.S. Does it help if after eventually deciding to format C:\ disk and reinstalling Windows, to additionally double-scan system by two alternative antiviruses, say Avast and KAV (Kaspersky av) ? I cudnt activate “healing” or “recovering” option in Avast Home edition. Does the Avast.Pro have it?
Hi, Sending a copy of Virustotal scan result of some of my files. its in *txt format, but if opened in *Doc can be seen the actual page of Virustotal scan results. It found a lots of virus names… :-\
The System Files section of the chest contains copies of important system files, they are not infected, they are placed there by avast as a back-up copy in case the original became infected. Only avast can uses these files.
I would imagine most of these .html files were found in the temporary internet files folder ?
If so these aren’t such a problem and I would suggest you completely clear your Temporary Internet Files.
The .doc files are more of a concern if they are your own .doc files that are infected ?
If I’m reading the malware name right this is a Visual Basic (VB) trojan, I don’t know how macros work in word if they are able to run VB from within the .doc file.
So I would appreciate some input from Maxx_original. Also since the majority of trojans aren’t infecters but completely malicious content, is this an exception that infects .doc files ?
@ Pelikan
Your attachment isn’t a txt file but garbled, just copy and paste the contents of the screen into the post.
If the nuclear option is chosen and we aren’t there yet, if you start from scratch, having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable.
Hi, I only can extract from virus chest and send by yahoo.mail attachment, cos I dont use resident email program(IMAP or SMTP) on my PC. To which email address can I send them?
no, unfortunately, those were mostly books and articles in Html format which I downloaded before from online libraries…
So I will wait till it clears up with viruses, if ALWIL lab can feedback on them and then make decision on reformatting or re-cleaning the whole system.
File infected_files.rar received on 10.21.2007 14:17:26 (CET)
Current status: waiting
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Compact
Print results
Email:
I would echo oldman’s question of how many files were in the .rar as there is a large spread of supposedly different malware types. This could be compounded if you also sent a mix of suspect .html and .doc files.
However, it does show that avast isn’t alone in its detections, unfortunately we can’t compare what has been detected on a file for file basis.
