Avast detected Win32:malware Gen on boot scan and can't move,delete, or repair.

Viruses and worms
1

On boot scan Avast detected Win32: Malware-Gen and the file is C:\system volume information\restore[129201FA-BOAC-49B3-96132-DEB8B91E727B]\RP2269\A0557668.MSI 1>DATA 1. CAB 1>El show spyabout.exe.[UPX] I delted the old restore points and did a ESET scan and it found 2 items and took care of that. I also ran Malwarebytes and it found nothing. Has anyone had this problem and what can be done about it? Thanks

2

There really is no way to tie this to any unique instance as the win32:malware-gen is a generic detection.

You don’t say what the other two items found on the other can were, that may help or be unrelated.

Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.

  • Worst case scenario it isn’t infected and you delete it, you can’t use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.

  • So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

3

Hey David thanks for the info. The eset scan found a couple of unrelated minor issues that it took care of. I ran another boot scan with avast and this time it found nothing. This was after i deleted the old restore points. Do I need to do anything with the volume folder? Thsnkd for your help.

4

No problem, glad I could help.

No, avast should have been able to remove the suspect restore point. Removing the old restore points will also help anyway.

Welcome to the forums.

5

I did not realize that Avast could remove old restore points. I did notice that after removing the old restore points and running Eset and doing a TFC clean that the computer is much queiter and faster. I have been very happy with Avast. Would you also recommend using superantispyware. Thanks for your help.

6

It doesn’t remove old restore points as such, only infected restore points.

I dispensed with system restore many years ago as I never had full confidence in it and replaced it with drive imaging software to make exact copies of my partitions, saved to a second hard drive.

The one thing about system restore if you don’t periodically keep it in check it can be a monster I have seen them in excess of 1.5GB. By default windows takes a large percentage of the hard drive for system restore and with big hard drives this space can be huge.