It’s safer and wiser send the file to Chest. Then you could analyze it and check if it is not a false positive, if the file is needed to the system… now the files are gone… you can’t recover them.
You can run avast at boot time and be careful to not mess with system files. Report first.
Go ahead… hope someone that knows more about cleaning could help you.
I had the very same thing on my latest scan this morning. Only I had 3 places, one on the c drive and two on the d drive. I placed all in the chest. The c drive one can be restored, but the two on the d drive can’t. I believe this is a part of my HP nVidia driver and is perhaps a false positive by avast???
I never tried, the avast file says non restorable and doesn’t give that option as it does for the file from the c drive. My d drive is my restoration drive. I restored the main file on the c drive and took a look at it. I’m sure this is a false positive my avast. The folder is on C:\HP\drivers\video_nVidia It contains 118 files and is 28.3mg in size created in 2005 when I first got my pc. Wonder why avast doesn’t give the option to restore those to the d drive??? Maybe I should just go and do a restore point back to yesterday???
What? I have a nVidia graphic card too! And I bought my PC in 2005 too. I hope I havent’t do something wrong with deleting of IKernel.exe - but how could be this file connected to nVidia files?
Click on the Menu button.
Choose Schedule Boot Time Scan.
Doing so displays a dialog allowing you to schedule virus scanning.
Check Archives, if you want scan all the archives.
Specify whether all the disks or just a specific folder should be scanned.
Select Advanced options for scheduling details.
Select how to automatically process infected files (suggestion: send to Chest)
Choose how to automatically process infected system files (suggestion: ignore/do nothing)
Click the Schedule button to confirm the settings.
Personally I would confirm the detection is good or not first.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here.
You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
I had this same worm turn up on my very old Nvidia driver in ikernal.ex_. I quarantined the worm in the virus chest and sent in for analysis. I suspect a false positive.
I would suggest confirming by submission to the VT link above. If confirmed an FP then you can exclude it form scans and restore it pending a correction by avast.
Finally back with good news and bad news. I did system restore back 2 days. Then had to redo all the program updates that I’ve done since that time. Ran a new avast scan and just ignored the indication on the c drive. The scan completed but “no indications of the two files on the d drive!” In other words, the restore does not rebuild the recovery drive as it does the c drive. Now the big question is "why does avast allow you to move items to the chest from that drive, but doesn’t provide the option of returning them?? I’m not at all happy with this and if I ever have to do a complete system recovery, I’ll be dead in the water! What I’ve done now is to exclude from scanning c:\hp\drivers\video_aVidia so at least that won’t show up in future scans. I’m convinced beyond a shadow of a doubt that this is a “false positive” by avast and could cause a lot of problems for many customers. I think the moral here is to “never” let avast move anything from your recovery drive to the chest!
It does and it is called Restore, see image.
Open the chest, select the Infected files if it was a detection by avast and you select the file you want to restore, right click and select Restore.
It would have been better to have asked this question before jumping in with a system restore.
Also, why does a “Google” only yield 2 links, and both to Avast’s forum’s? Is this a ‘worm’ that I and others should be worried about? I’m so confused.
David, If you would read and understand my post, avast gave “no” option to restore those two files on the recovery drive. That option was greyed out on both. The one for the file from the c drive was there, but none for the d drive!
Now it seems that it was indeed a false positive and has been fixed my avast. But too late, the damage has already been done in my case. I did exactly what I was supposed to do and moved 3 infected files into the chest for further inspection. I returned the one file off the c drive with no problem. But the two files that came from the d (recovery) drive, avast gave me “no” option of restoring them. Even on right clicking those files while in the chest and choosing properties, It said those files were unrestorable. Now they are lost forever and my recovery drive has been corrupted, no thanks to avast!! I will never trust avast again.