Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: vfx2 on April 07, 2006, 05:57:00 AM

Title: more information about a virus
Post by: vfx2 on April 07, 2006, 05:57:00 AM

Hi,

Today, Avast Home has detected 2 infected files, with Win32:Adloader-S [Trj].

For example

file:
A0048373.EXE

Path:
C:\System Volumen Information\_restore{D8CEBAA5-3F41-4FAE-BBC9-F34F5CF68AEO}\RP384

Please, I need more information about this trj. :o

Title: Re: more information about a virus
Post by: Lisandro on April 07, 2006, 02:01:40 PM

If you find a virus keeps coming back after you delete it, it's most probably infected the System Restore folder, the best way to solve this is to disable System Restore, reboot your machine and then enable it again. After all, run a full avast! scanning. System Restore cannot be disabled on Windows 9x  and it's not available in Windows 2k.

Enable/Disable System restore on Windows ME: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887
Enable/Disable System restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405

Windows attempts to protect files that are deleted from the system folders (just in case it was an accident), so they can be restored if required.
The problem is many malware writers are wise to that and put their files in the system folders, this is also done to confuse you into thinking you could be deleting an important system file.

Disable system restore, reboot, scan and if clean enable system restore again.