Avast WEBforum

Other => Viruses and worms => Topic started by: Dark Horse on November 03, 2009, 03:17:53 PM

Title: Win32:malware-gen infection
Post by: Dark Horse on November 03, 2009, 03:17:53 PM

I'm totally new to all of this ??? i need some help please. :'(

When i scanned my pc with super anti spyware, spybot, and malware bytes i found no infections.

But when i scanned it with avast it said i had a virus, i tried to move it to the virus chest but it did not work.

So i did a boot time scan with avast it came up with:

File D: System Volume Information\_restore(4B96135D-50A4-4ED8-BCE5-1B49908F ACEC)\RP11\A0001758.exe\ MsnMsgs.msi\ MsgrCore.cab\ msmsgsexe.ADEB440D_7847_4F65_80BD_899870ED2EC9 is infected by win32:malware-gen.

I then tried to move it to the virus chest but it came up with:

Move to chest: Error 42111 (The operation is not supported for this type of archive)

Any help is greatly appreciated,

Thanks

Title: Re: Win32:malware-gen infection
Post by: superhacker on November 03, 2009, 04:09:14 PM

go to the chest and add the whole archive manually:or extract the whole archive to a folder and may avast detect the infections alone so avast can move it to chest then send it to virus lab through virus chest"you may disable avast when you extract the archive because avast will cancel the operation because of the virus"

Title: Re: Win32:malware-gen infection
Post by: Pondus on November 03, 2009, 04:21:38 PM

http://www.bleepingcomputer.com/forums/lofiversion/index.php/t170460.html

Title: Re: Win32:malware-gen infection
Post by: evilfantasy on November 03, 2009, 04:24:18 PM

Quote

D: System Volume Information\_restore

This is a Restore Point. Flush your old Restore Points to remove it.

Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)

Windows XP System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial56.html)

Title: Re: Win32:malware-gen infection
Post by: Dark Horse on November 04, 2009, 04:51:07 PM

I have flushed my restore points and avast is still reporting a virus.

As recommended on the bleeping computer thread, i used that Dr. web cureit program and it did not find a problem, but avast is still saying there is an infection.

Any other ideas???

Title: Re: Win32:malware-gen infection
Post by: DavidR on November 04, 2009, 05:21:34 PM

What, the same restore point you reported earlier ?

If so then it didn't work, have you rebooted after disabling system restore for all drives, expecially as this one is on the D:\ drive/partition ?

- Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
 
- Worst case scenario it isn't infected and you delete it, you can't use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
 
- So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

For those reasons I wouldn't worry about what other scanners said, so don't even scan the restore points.