SYSTEM RESTORE FILE MOVED?

[kokobaby]

Hi,

I hope I am posting this in the correct Forum, if not, please accept my apologies.
I am brand new to Avast Home Edition Antivirus. So far, I really love this program! I just had to reformat my new PC for the 3rd time a week ago after using PC Tools Internet Security 2009.

I just scanned my PC and a file was infected, but what concerns me is that it's a "System Restore" file.
I said it couldn't be repaired due to an error. So, I just told it to move/rename the file. I don't know if that was the right thing to do or not? 

Any advice would be greatly appreciated. 

Below is the scan report, so you can see what happened.

Thanks!
Lorrie

===================

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, March 23, 2009 8:01:59 AM
* VPS: 090322-0, 03/22/2009
*

Infected files: 0
Total files: 9529
Total folders: 1
Total size: 1.6 GB

*
* Task stopped: Monday, March 23, 2009 8:02:09 AM
* Run-time was 10 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, March 23, 2009 8:04:41 AM
* VPS: 090322-0, 03/22/2009
*

C:\System Volume Information\_restore{D2F5CD82-6D54-4726-A248-CCAA360CEF0D}\RP1\A0001350.CMD [L] BV:Malware-gen (0)
During the file repair, error occurred: The file was not repaired.
Infected files: 1
Total files: 203173
Total folders: 5062
Total size: 13.1 GB

*
* Task stopped: Monday, March 23, 2009 9:22:59 AM
* Run-time was 1 hour(s), 18 minute(s), 18 second(s)
*

[DavidR]

First that isn't a system file, but a restore point in the system volume information folder. How it got there if you delete a file from a system folder, etc. then system restore creates a restore point in that location.

I would have been most surprised if it could have been repaired as it is only true virus infections that can be repaired, malware/trojans are almost entirely malicious, so nothing to actually repair.

Your best option is to send to the chest (a protected area where it can do no harm) on your next scan it will be detected again but in the moved folder and the file name would now be A0001350.CMD.vir this is the rename bit.

Unlike the chest the Moved folder (C:\Program Files\Alwil Software\Avast4\DATA\moved) isn't protected and can be scanned by avast, where files in the chest can't as they are encrypted and protected.

So I would suggest that you find the file in the moved folder and right click on it (avast may alert first) and select 'scan selected areas for viruses' from the menu. avast should alert, send it to the chest this time.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

[kokobaby]

Hi,

Thank you for your prompt reply. I meant to say System Restore File. Sorry about that. lol
It's been a hectic past week.
There are some things in the Virus Chest. I am trying to get familiar with this program, so please bare with me. 

I just remember the box appearing and it had a few choices, and one was to "move it/rename it". I don't know where to look for it now. lol! Yikes!

That's all I need is PC problems again due to infections. That's why I had to reformat in the first place. 

I have been reading through the "About Avast" sections trying to figure all of this out.

Okay... update.. I just went into the "Moved" folder and found the .vir file and right clicked on it and scanned it. Then I selected "move to chest". I hope this remedies the problem now. I also wasn't aware that the VRDB wasn't running yet. It said, "Not Done" on the Avast Interface, so I have that running in the system tray now.
It's just going to take me awhile to get used to this AV Program. 

Thanks again!
Lorrie

[DavidR]

No problem, glad I could help.

• The only area you should be interested in is the Infected Files section, this is where the files detected by avast and selected by you to move to the chest are placed.
• The User Files section is where the user can add files they suspect of being malware but not detected by avast.
• The System Files section is where avast keeps back-up copies of important system files in case the original becomes infected (leave them alone).
• The All Chest Files is a collation of the three sections.

Now it is in the chest it can do no harm there, technically it wouldn't do any harm in the system volume information folder unless you used system restore at some point in the future and it included this restore point. So it is better in the chest where that can't happen.

If you haven't already found the avast help file, it is a valuable source of information. A direct link for it, C:\Program Files\Alwil Software\Avast4\ENGLISH\HELP\help.chm.

Welcome to the forums.

[kokobaby]

Thank you David!!
I appreciate all the valuable information!
Is this site set up to where we can't add anymore information onto our profiles?

Have a great day!

Lorrie 

[CharleyO]

***

Welcome to the forums, Lorrie.   

You need to make 20 posts before you can add to your profile.


***

[DavidR]

Thank you David!!
<snip>
Is this site set up to where we can't add anymore information onto our profiles?
<snip>

You're welcome.

- The problem comes from drive by spammers, who having registered put objectionable or commercial links in their profile signature to try and gain link promotion, etc.

There have also been cases of the PM function being abused to spam forum members, so you will notice that you can't use the PM function either.

Unfortunately because of the actions of others legitimate members suffer by the actions to prevent this spamming.

[kokobaby]

Understood,

Thank you very much!

Lorrie

[DavidR]

OK only 16 to go