Author Topic: Hybris worm in "System volume information..."  (Read 8449 times)

0 Members and 2 Guests are viewing this topic.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Hybris worm in "System volume information..."
« Reply #15 on: August 25, 2004, 01:35:15 AM »
Well... this is not a bug, it's a feature. :)

Rename is just rename. If you want to move it from the system but still keep the file, that's what Move To Chest is for. It removes the file with the possibility to put it back later.


Cheers,
Vlk
If at first you don't succeed, then skydiving's not for you.

jimn

  • Guest
Re:Hybris worm in "System volume information..."
« Reply #16 on: August 25, 2004, 01:56:41 AM »
Fair enough about rename.

Do you know why Avast! is looking at those files AGAIN when they are not even "active" and have not been all day?

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Hybris worm in "System volume information..."
« Reply #17 on: August 25, 2004, 02:04:06 AM »
Because the System Restore service is touching them. Unless you disable system restore, the service will access them (you can use FileMon http://www.sysinternals.com/ntw2k/source/filemon.shtml to find out which process when accesses which file(s)).


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

jimn

  • Guest
Re:Hybris worm in "System volume information..."
« Reply #18 on: August 25, 2004, 02:14:00 AM »
Amazing what Windows will do when you aren't looking!

I caught Windows doing something else that is very aggravating. Since Win2000 apparently it will do an auto-defrag every 3 days or so if there is idle time observed! Since the applications I write benefit from fragmentation, this is a real PITA. There is no notification of this at all and worse there is no way to turn it off!

Thanks
« Last Edit: August 25, 2004, 02:14:27 AM by jimn »