Avast WEBforum

Other => General Topics => Topic started by: Avastfan1 on December 15, 2010, 05:54:45 PM

Title: A0358766.com is infected by EICAR Test-NOT virus
Post by: Avastfan1 on December 15, 2010, 05:54:45 PM

Dear Forum,

Can I safely delete the file A0358766.com from a System Volume Information folder?

Avast detected EICAR Test-NOT virus in C:\System Volume Information\_restore{..}\RP1061\A0358766.com, and as far as I am aware, this file is harmless.

I would like to delete it if possible. I am not sure, however, whether this will twat any Window$ files.

Thanks in advance!

Avastfan1

Title: Re: A0358766.com is infected by EICAR Test-NOT virus
Post by: Lisandro on December 15, 2010, 06:02:54 PM

You can always delete files from C:\System Volume Information\_restore{..}\
You'll lose that particular restore point (once broken, all the point is discarded).
I suggest you run a full avast scanning.

Title: Re: A0358766.com is infected by EICAR Test-NOT virus
Post by: SpeedyPC on December 15, 2010, 06:03:29 PM

Yes you can delete it only IF you have move this file to Chest after the full scan that way you can delete from the chest section easier and not from the restore point as Tech said.

Title: Re: A0358766.com is infected by EICAR Test-NOT virus
Post by: DavidR on December 15, 2010, 06:20:12 PM

This file is only in the C:\System Volume Information restore point because it was previously deleted or moved, so yes you can delete it without issue.

Generally deletion isn't advised, but to move it to the chest and leave it there for a few weeks, scan it again and if still detected delete it from within the chest.

But in this case:
- Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
 
- Worst case scenario it isn't infected and you delete it, you can't use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
 
- So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

Title: Re: A0358766.com is infected by EICAR Test-NOT virus
Post by: Avastfan1 on December 15, 2010, 08:34:47 PM

Thanks for the advice. I manually deleted the EICAR file.

A second boot-time scan found another instance of EICAR in another System Volume restore point directory.

This is to be expected, as the first scan was aborted after finding the first file.

I manually deleted the EICAR second file.

Now, for a complete third, and hopefully final, boot-time scan.

Will post the results when it is finished.

Avastfan1

PS: The second scan completed with no other instances of EICAR or anything else.

Title: Re: A0358766.com is infected by EICAR Test-NOT virus
Post by: DavidR on December 15, 2010, 09:56:17 PM

You're welcome.