| Other > Viruses and worms |
| Binary.vista.vbs-please help. Trying to move to vault but there is an error. |
| (1/1) |
| Computerme101:
I just recently switched over to Avast. Not even one day and this thing comes up. I've run the scanner like 10 times now hoping that it will finally just move to the chest. I've even run the scanner in safe mode via F8. The message reads Trojan Virus. I'm using XP service pack 2. Can someone help? I read on the bleepingcomputer forum of a similar issue, and the user was instructed not to panic and just rename/move it then run a virus removal program. They said that it was just tracking cookies? Here is a copy of the files. C:\System Volume Information\_restore{C1BC276B-188F-4688-896A-E645B6C1FDE7}\RP22\A0004106.msi\Binary.vista.vbs C:\System Volume Information\_restore{C1BC276B-188F-4688-896A-E645B6C1FDE7}\RP22\A0004108.msi\Binary.vista.vbs C:\System Volume Information\_restore{C1BC276B-188F-4688-896A-E645B6C1FDE7}\RP23\A0004115.msi\Binary.vista.vbs Name of file C:\System Volume Information\... \Binary.vista.vbs Result Infection: VBS:Agent-CM [Trj] Operation Error occured during moving file to chest. This operation is not supported for this type of archive. |
| YoKenny:
Welcome Computerme101 The System Volume Information is for System Restore and should be cleaned out as it can contain old infections that have been removed. Clear System Restore Points for Performance http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx Windows XP Service Pack 3 has been available for over a year and provides many Critical Updates plus performance improvements. You need to start Internet Explorer then go to Tools then Windows Update and download all of the available updates. Go to Control Panel then Automatic Updates then select Automatic (recommended) or at least Notify me but don't automatically download or install them. Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable: http://secunia.com/vulnerability_scanning/online |
| DavidR:
--- Quote from: Computerme101 ---Operation Error occured during moving file to chest. This operation is not supported for this type of archive. --- End quote --- This is because avast can't extract the infected file from with in the .msi file without the possibility of corrupting the complete .msi file. That is the unsupported bit for the type of archive as an .msi file is an archive. So for the same reason you couldn't just choose delete rather than move to chest. So it is difficult for a user to dive into the System Volume Information folder find the infected restore points and delete them manually as they are hidden and protected. This leaves little choice but to clear the restore points as YoKenny suggests. - Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore. - Worst case scenario it isn't infected and you delete it, you can't use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is. - So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point. |
| Computerme101:
Thanks DavidR and YoKenny for all of your support. All good now. Thanks again. :) |
| DavidR:
No problem, glad I could help. Welcome to the forums. |
| Navigation |
| Message Index |