During a scan Avast detected a virus and I added it in the chest. It is labeled A0356825.exe and was found in the system volume information\restore.
It is supposed to be a Win32:Trogan-gen (other). I can find no information on it using google and was trying to check it with virus total. Where do I direct the scanner to look. I found an Ashchest.dll and an Ashchest.exe but nothing labeled virus chest?
Files in the Chest are encrypted (i.e., there’s no way to read 'em). You’ll have to export the file from the Chest, to the desktop and upload it from there. You’ll also need to temporarily disable avast! or it will block the upload.
Frank, I have the option to restore, delete, or extract. Did you mean one of those?
You have done the right thing, ‘first do no harm’ don’t delete, send virus to the chest and investigate as you are.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
Personally any suspect restore point is better in the chest so in the future if you use system restore that infected/suspect restore point could bite you in the rear.
The trojan-gen is a generic signature that is designed to detect multiply variants of a type of trojan so you are extremely to get any decent information, e.g. specific information about a generic detection. The same is true of the file name as system restore generates this file name and it isn’t the same as that of the original file. The same file name then could be on multiple system be the original file name could be different.
You can’t scan anything in the chest from outside it as it is a protected area and files have the name changed and are encrypted. You have to export the file from the chest to a temporary location, exclude that location from scans and then upload it to virustotal.
To be honest for a suspect restore point it isn’t worth the effort. The reason a file is in the system volume information folder is because it has either been deleter or moved from one of the system folders, etc. and if missing all it means that you can’t use that restore point in the future. I’m not entirely sure how successful avast would be in placing it back in the system volume information folder assuming it wasn’t infected.
‘If in doubt keep it out’ of the system volume information folder.
‘Extract’ is the one.
Ok, thanks guys!