One step forwards and two back

Thanks to this BBS, most of my problems have been solved but today another ugly head has arisen: Ad- Aware reports the follosing as being a virus:-

C:/System Volume Information\Information\-Restore{307E305A-A4E2-42F4-9C5C-826CDD7F245B}-RP48\A002183.exe

It suggest running AVG for Windoss to deal with it. Running AVG shows no viruses resident.
Any help in removing and innoculating against sould be appreciated as well as how I can find the files mentioned in the above path. Search of all hidden files doesn't show them (excuse typoz- getting used to french keyboard)

TIA

 

Wait to see what others have to say. But I believe that is being found in and exsting Restore point.

It apparently existed when the Resotre point was made. And the only way that I know of to fix it is to shut down System Restore and then restart it to make a new ( hopefully clean ) Restore Point.

AV cleaners ( at least as far as I know ) will not clean up dirty Restore Point.

BillyBob

PS.
That is what I had to do some time back.

BB

 

I agree with BillyBob.

Turn off System Restore => Enable and Disable System Restore. Then run AV scan again. You also might want to run some of the Online Virus and Trojan scanners also.

RAV - Online Virus scanner
TrojanScan - Online Trojan scanner

Once clean turn on System Restore and create a new restore point.

 

Hello bg9208,
Some of the following may be known to you already but as other members may be reading this from an archive search I tend to lean towards nfo overflow as I have no way judging what is new news to any particular person. So that being said....on with the show...

Yup! System volume information folder is your restore folder. No av will clean this unless your in safemode and this is a virus your brand of scanner can detect and clean. I suspect adaware has detected the file is infected with a known malware/spyware ugly most Virus Scanners will not detect and find these, in any case, even on a scan. A lot of what is categorized as malware/spyware are legal agreed upon user inflicted applications installed as part of the small print, usually hidden in the User agreements screens as you install another application. They come as excess baggage whether you are aware of it or not. The more crafty uglies sneak in using various other ways of trickery or through unpatched security vulnerabilities.

As suggested disable system restore which flushes your restore points or take your chances and know that should you or your system ever use this restore point you will most likely be struck with what ever adware/spyware malady is lurking in there, waiting for you. The previous OR is definitely not advised as some of these guys have gotten very sophisticated and difficult to get rid of or clean up.

NOTES:AS snipped, saved and quoted from a previous post by fellow member and much respected Viral Guru, "noahdfear ":
in the future, try booting to safe mode to delete files in the temp folder. Most easily done by clicking start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. Yes to restart. This will restart your computer in safe mode. Empty all temp folders, including the ones in C:\Documents and settings\username\Local Settings\temp. Do this for all usernames. **Note that the Local Settings folder is a hidden folder. Also open C:\Windows\Prefetch, select all and delete. Then open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and OK.
Uncheck the /safeboot box in msconfig and ok to reboot.

This is in addition to and after disabling "System Restore "! After the cleanup remember to reenable system restore and a new clean restore point will be made.

In an effort to be as thorough as practicle for this post and at the risk of clouding the waters I should point out that depending on what was named or detected, (if supplied) and you know what this can be attributed to the following may apply:

On the flip side some users opt to leave or continue using some of the more harmless varieties. My google toolbar for instance falls somewhere into all this and I always opt out of any scan choice that would envolve disabling or removing it. I use google at least zillion times a day.

 

Tks

Thanks to all for your help- The knowledge base on this BBS is truly AWESOME ! Makes Windows Help look like a reading primer.

 

Hi bg9208,

I'm glad, using explanations offered, helped tie the adware&virus detection&removal of any file found in your "system volume information folder ". Thanks for updating your post and your most welcome.

May I suggest that you also edit/change the Topic Title of you post to make this post easier and more member user friendly. This is needed (among other reasons) so when someone uses the search feature of the board they can more easily find and determine if this post will be relavent to what they are looking for. In addition to being a board rule you are also pushing down heavily on one of Aries "Pet Pieves" buttons.

Might I suggest a Topic Tiltle such as Adaware in "system volume information " or something similar.