Author Topic: AV did not detect virus in Win XP Restore file  (Read 8789 times)

0 Members and 1 Guest are viewing this topic.

Offline johnt2004

  • Newbie
  • *
  • Posts: 10
AV did not detect virus in Win XP Restore file
« on: April 05, 2005, 07:56:28 PM »
Symantec did but was unable to clean. it was the symmantec named virus Trojan.Tooso.E living in C:\System Volume Information\_restore{39090519-5C79-4094-B9A1-BDAF783FCB1C}\RP331\

Usiing bart update from April 04/05

Sorry in my attempt to get my system going the file was deleted. so I do not have a sample to send you.

John.


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: AV did not detect virus in Win XP Restore file
« Reply #1 on: April 05, 2005, 08:01:38 PM »
Windows attempts to protect files that are deleted from the system folders (just in case it was an accident), so they can be restored if required. The problem is many malware writers are wise to that and put their files in the system folders, this is also done to confuse you into thinking you could be deleting an important system file.

Disable system restore, reboot, scan and if clean enable system restore again.
Start > Control Panel > System > System restore > Disable
Click Apply
Enable it again
Click Ok

I can't imagine why the infected file was not detected...  ::)
The best things in life are free.

Offline w0mbat

  • Full Member
  • ***
  • Posts: 149
  • I'm a wombat!
Re: AV did not detect virus in Win XP Restore file
« Reply #2 on: April 06, 2005, 01:54:51 AM »
Looks as thou it's a variation of the W32.Beagle@mm family.

I can't imagine why it was not detected either  ???

-Steve
To Insanity and Beyond!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: AV did not detect virus in Win XP Restore file
« Reply #3 on: April 06, 2005, 05:49:47 PM »
Looks as thou it's a variation of the W32.Beagle@mm family.
I can't imagine why it was not detected eitherĀ  ???

Steve, can't you warn virus@avast.com of this?
John, can you send the sample to this email? (zip and password the file, mention the password and this thread on the message body)  ;)
The best things in life are free.

Offline johnt2004

  • Newbie
  • *
  • Posts: 10
Re: AV did not detect virus in Win XP Restore file
« Reply #4 on: April 07, 2005, 07:43:56 PM »
When I turn off system restore it deleted the items under 'system information' where the infected file was.
Prior to doing that I was scanning after booting off Avast/Bart. It scanned the file but reported no virus.

Sorry I don't have a file to send you.