A friend of mine caught a virus this week so I installed AVG on his system and ran it. It found 15 files infected with win32magistr24876. It "healed" 2 files and put the other 13 in the "Virus vault". I use InnoculatePE and am unfamiliar with AVG. It would appear that my friend now has the option of deleting the files in the vault. Should he be doing this and why is it that the program healed 2 but not all the infected files? The help manual doesn't seem to explain this in much detail. Any advice would be appreciated. Thanks.

I think you are experiencing the over-simplification of the help files.

The actual wording from the V V help file:....
Quote
The AVG Virus Vault is a special directory that stores infected files. The name of the files are changed and their content is encrypted so they cannot be used and virus infection cannot spread. It is almost the same as ordinary deleting techniques; however, the AVG Virus Vault gives you the ability to restore the files, if necessary. Unquote

Go ahead and delete the files. They're no use where they are. The file structure and names have been altered.

I have to say it is great to see someone put this sort of trust in a freeware program.
AVG has been on my system for most of my time on the net and has never let me down. Test files and a couple of real viruses have all been caught. :)

i run nortons and a while back i got a virus and nortons put the infected file in "quarentine" which i assume basically the same thing. it really bothered me that it was there so i deleted it. well, that was the wrong thing to do - the infected file seemed insugnificant but once i deleted it - windows was all screwed-up. i had to reinstall it and alot of my other software. so tell your friend to be careful about deleting it. it the files can't run, they can't spread the virus so he'd prolly be better off leaving well enough alone.

With AVG, the file "quarantined" in each case was the incoming virus as it was opened. All experiences with viruses and test files are from coming in on the back of emails. AVG caught all and I had no problems with deleting.

When a copy was d/loaded to a friend's system and the scan was on it's first run it found a virus on his system. This was "quarantined" in the vault and deleted without incident.

Suggestion... Look in the Norton Help Files for the way it Quarantines and what it holds. Maybe paste the info here.

You see what I'm trying to get at. The help file says vaulting is the same as deleting except it deletes some files but not others. An explanation of why some files are "healed" and some are "vaulted" would be helpful. If its all the same thing why does the program "heal" one and "vault" the other? Why not just heal them all? Mr. Croc I respect your opinion and have seen it expressed here eloquently many times, but it seems there is a difference of opinion. I am no expert on the issue of security and my unfortunate friend knows even less. Can we safely delete the files without damaging the integrity of his system or is there some bigger reason why the proggie vaulted those files and deleted 2 others? Thanks for your responses. By the way as much as I'm an Innoculate fan I give AVG great reviews. Nice layout, good database and runs nice and quiet. Excellent program. Can anyone tell me how often they update?

I do see your problem and I can see why you are hesitant to remove the file from the Virus Vault. Have you looked at the Norton help file? Any differences there in the description of what it does to infected files?
AVG Virus Vault has a storage capacity that is preset and configurable. If you don't want to delete the file then leave it in the Vault. As the size of the store capacity is set, the oldest file stored will be the one that will drop off to make space for the newest file to be stored. Appreciate the number of files that can be stored without losing one of them, then associate that with the number of virus attacks you have experienced. This should give you an answer on the need to store or not.
As I have said before, my Virus Vault is empty. When I have received a virus I have deleted the file in the Vault.
Hope this helps a bit.

Croc

I think the reason that some were "healed" and some were "vaulted" was because AVG tries to clean all the files but the ones it can't clean go in the vault. Not every file can always be cleaned. It cleaned the 2 it could and the others it couldn't, it added to the vault.

I see what you're suggesting but isn't that just delaying the process. If the file is "bumped" out of the virus vault after it reaches capacity it is, presumably, deleted at that time. If that won't destabilize the system then is it not reasonable to assume that deleting it now will have the same result? Can I suggest an amateur hypothesis? It looks like this virus does 2 things to an infected system. First it attaches itself to one or more existing files and then it creates additional files on its own. Could it be that AVG "healed" the existing files which the virus had infected and put them back where they belong in the system (this would account for the 2 healed files) and "vaulted" the files the virus created itself (this would be the other 13). Just a theory but it would explain alot. I guess I'm still lost as to what to do here.

I'm sorry, but I can't see any way this can be sorted given the circumstances.

The Vault has effectively deleted the Vaulted files by encrypting them.

The names of all the files have been changed as well.

IMHO this means that the files are useless to the system because they are structurally different and have been removed from the active area of the system by being locked away.

The system is still operating (?).

The only option you are able to use the restore option.

This will put the file/s back into the system in such a way that they will re-infect.

You could try a support@ email to Grisoft. I have had responses from them in the past, however these responses have been at best, very brief as they do not support the free edition this way.

Croc

You're probably right about e-mailing the company. The option of deleting trhe files is available in the virus vault menu so the program must contemplate that they can be deleted. In the meantime I guess the bottom line is the system is clean and operating. It would be nice to remove the bullet from the patient but maybe this time it will have to stay there!