Help restoring files

Last night, using Ewido Anti-Malware 3.5, I let my computer scan for viruses over night. Agrivated and exhausted this morning, when I woke up to see the progress, I was greeted with a typical windows ultimatum: "Ewido Anti-Malware was unable to remove blah blah blah do you want to remove the whole archive? Yes, or No." To the best of my recollection, I clicked No. However... when I checked said "archive" (which happened to be my AIM Log folder for Dead Aim) more than three-fourths of it--2 years of logs--had been removed, and Dead Aim no longer worked. I've tried to find what was deleted by using the quarantine option, but I can't seem to find it. I'm not sure what else to resort to. Advice? Solutions? HELP?!?!

 

This is a classic problem with archives. Often AVs cannot delete specific items within the archive so you need to delete the entire thing. generally there is no difficulty in doing this - unless the archive is your mail box and your AV has no POP scanner. This used to happen with AntiVir free, which would irretrieveably delete the entire mail box if you attempted to process an infected object within it!

The solution would normally be to go to the Quarantine section to get it back; but I just have the feeling that maybe items over a certain size are not quarantined. I'm not sure if that is the case with ewido 3.5 but it could be an explanation.

Another explanation is that the archive you processed was not the one that is missing - you should be able to check ewido's Report section (assuming you've kept a record and have not deleted it with CCleaner etc). However,if you clicked 'No' it should not have been quarantined because it was not processed. Infected objects within an archive are quite safe, so this is acceptable practice.

There could be some other reason why the archive was lost. System Restore only restores system files, not personal files, so I really don't know whether your archive would be covered by that.

The only solution I can think of is 'restore' software that can recover lost items (so long as they have not been overwritten by another file). A bit of Googling should help you to find a suitable prog. You could have a look at 'Restoration':-

http://www.aumha.org/a/recover.php

One big problem would be if ewido has overwritten the file (some AVs etc do this to prevent accidental recovery of infected objects), but I'm not sure if that would be the case here.

 

Yeah, my first hunch was to jump to quarantine and find it there, but after going through everything it listed, I could not find the directory or the virus it supposedly removed.

Just now, I checked the log, and this is what it states:

"C:\Documents and Settings\Lanan\My Documents\AIM Logs\Lanan400\LSCthulhu\2005-09-03 [Saturday]\aiminvader.zip/AIMInvader.exe -> Not-A-Virus.Flooder.Win32.VB.n : Error during cleaning"

Error during cleaning? I have no clue what that means. I'm prepared to try a restore program, if that will work, and I am actually looking into finding a more recent version of Ewido. I'm also very sure that the directory I'm looking for is missing. Well, at least everything past "LSCthulhu" is missing, which if you look at the log, was where the virus was found. Still trying to make sense of all this, it seems...

 

'Error during cleaning' suggests to me that you did indeed click to process the file, rather than clicking to skip or ignore it, and ewido could not clean within the archive. This is particularly unfortunate since the object was stated to 'Not-A-Virus' which means 'riskware'. Riskware (if you know that the file was placed there by you rather than by malware) is not a threat and is only an informational finding - so there was absolutely no need to process it at all!

The new version of ewido/AVG-AS gives you the option of not scanning for riskware or simply creating an exception so that the file doesn't get scanned at all. That would have solved your problem.

It could be that ewido got rid of the file, in which case you'd better hope it merely deleted it rather than wiping it, else you won't ever recover it.

Have you tried running a search for the .zip file? (Start/Search/all files and folders; remembering to enable 'more advanced options'/'hidden files and folders', before running the search).

Edit - the file path may be covered by system restore, so it's probably worth trying, if you have a suitable restore point.