some help on A00647896.exe safe removal

[yankanuk]

Hi,
I keep getting this alert when running my Avast! It is found in:
C:\system volume information\_restore{279652C7-28D4-4A08-94C8-5555A2
Virus description: Win32:Trojan-gen. {other}

I've been reading posts and it says to disable system restore and then reboot. BUT, I am using a Beta version of SP2 and there is a restore point  that will let me revert back to the SP1. So I'm leary about that. Is there any way of removing the problem without losing my restore point?
Windows XP version:6.02900.2149.xpsp_sp2_rc2.040610-1520
Avast free home edition

Thanks,
Peter

[Eddy]

Just disable system restore (info) and you will be fine.
Remember that SP2, although it is about to be released, still has many issues  

And as MS says "don't use SP2 in a operational environment"

[yankanuk]

Just disable system restore (info) and you will be fine.
Remember that SP2, although it is about to be released, still has many issues  

And as MS says "don't use SP2 in a operational environment"

Ok,, for my next question, is that trojan-gen harmfull to my system?
Oh, by the way, I've used SP2 for almost 2 months now and it is much superior to SP1 and I didn't bother using the windows firewall, I use Sygate.

Now, if I turn off system restore and reboot...when I turn on system restore, will I still have that trojan?
Thanks,
Peter

[bob3160]

Hi yankanuk
The infected files are in one of the restore points on your system. To get rid of the virus notification, you have to clear the system restore points and the AFTER A REBOOT, RESTART system restore.
Just follow the instructions: Disable SystemRestore

[whocares]

(from: Bagmaster50 on avast)

There is a way to get into the system volume information folder and delete singly restore points.
1st, open folder options, view, hidden files and folders, check show all files and folders.
2nd, turn off simple file sharing, click apply and then close the folder options.
3rd, browse to the C:/system volume information folder, right click on it, select properties. You'll now see a Security tab, click on it.
4th, On the security page under Group or users names click on "add", on the Select Users or Groups page that opens type in your user name in the enter window then click on check Names button to verify the name with. Now click on the ok button.
5th, now you can give yourself full control in the Permissions window, click apply and you're done.
Now you can turn back on simple file sharing and still be able to open the system volume information folder.

[yankanuk]

(from: Bagmaster50 on avast)

There is a way to get into the system volume information folder and delete singly restore points.
1st, open folder options, view, hidden files and folders, check show all files and folders.
2nd, turn off simple file sharing, click apply and then close the folder options.
3rd, browse to the C:/system volume information folder, right click on it, select properties. You'll now see a Security tab, click on it.
4th, On the security page under Group or users names click on "add", on the Select Users or Groups page that opens type in your user name in the enter window then click on check Names button to verify the name with. Now click on the ok button.
5th, now you can give yourself full control in the Permissions window, click apply and you're done.
Now you can turn back on simple file sharing and still be able to open the system volume information folder.

Thanks for all that info, sure appreciate it. But what I was told to do was turn off system restore. What I really need to know is...will that trojan-gen return after I turn system restore back on.
Thanks

[Eddy]

Not the exactly same, but yes, it is very likely you will get again this false positive

[yankanuk]

Not the exactly same, but yes, it is very likely you will get again this false positive

So my final question....is this trojan-gen harmfull to my system?

[whocares]

Hi eddy,

how would you know that this is a false positive ?? Or that he will get it again ?

yankanuk should
- upate avast & reboot and rescan
- tell us where (if at all) the trojan was found outside the  RESTORE-folder -> avast's reports/logs and XP's event-Log need to be examined..

[yankanuk]

Thanks for all the replies,
I'm gonna up-date and reboot and then re-scan and post back what's going on,
Thanks

[bob3160]

yankanuk

Thanks for all that info, sure appreciate it. But what I was told to do was turn off system restore. What I really need to know is...will that trojan-gen return after I turn system restore back on.
Thanks

Turning System Restore off, clears the restore points from your computer.
If the virus or trojan is still on your system and again winds up in a restore point, before you get rid of it, then, you would be back to where you started.
Clear system restore. Makes sure the virus is gone and then restart system restore and create a clean restore point.
Hope that's clear.

[yankanuk]

yankanuk

Thanks for all that info, sure appreciate it. But what I was told to do was turn off system restore. What I really need to know is...will that trojan-gen return after I turn system restore back on.
Thanks

Turning System Restore off, clears the restore points from your computer.
If the virus or trojan is still on your system and again winds up in a restore point, before you get rid of it, then, you would be back to where you started.
Clear system restore. Makes sure the virus is gone and then restart system restore and create a clean restore point.
Hope that's clear.

Hi, Thanks for the reassuring help. I did what you said and then did a new virus scan and so far there is no virus yet....touch wood!
Thanks,
Peter

[bob3160]

yankanuk
Your welcome. Nothing nicer than a clean system. Keep your operating system and Avast! uptodate at all times and it should stay that way.
Providing you surf sensibly.