A virus scan showed a file was infected and I moved it to the chest. The file name is A0014650.EXE and the virus description is Win32:Malware-gen. The folder it was in is “C:\System Volume Information_restore” with a lot of numbers after that. When I tried to start a game already loaded on the computer, Avast pop up said there was a virus in it. I uninstalled the game and during installation the popup again said there was a virus (I don’t see how since I was installing direct from the CD). So I thought the original Win32:Malware virus I moved to the chest was maybe a false positive and causing the problem and tried to restore it, but even though it says the restore was “completed successfully” it isn’t; it stays in the chest. I tried restoring it both from the chest files window and the ‘infected files’ window but makes no difference. Why can’t I restore it?? Same with the 2 infected game files, I couldn’t restore them after I sent them to the chest, so deleted them and then had to uninstall the game again since it wouldn’t load. Other than the game, I don’t see any problems with the original WIN32 file being quarantined, but now I can’t install the game and still can’t restore the WIN32 file, if it needs to be. Thanks
First why do you want to restore ?
Second if you aren’t aware the system volume information folder is a protected area and I believe this is why avast can’t put it back as this is controlled by system restore.
-
Infected Restore Points:
-
There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
-
Worst case scenario it isn’t infected and you delete it, you can’t use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
-
So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.
I doubt that the detection in the _restore point was causing the problem as the files in the system volume information folder are inert, and were previously deleted or moved from system folders as I mentioned above.
So the detection from the CD a wasn’t in a system folder, so wouldn’t have been in the system volume information folder.
You can't restore the game files as they were on the CD (and still are) as the CD is, a) write protected and b) would require CD burning to do so if 'a)' wasn't correct and avast can't burn to CD.
****
Whilst it is possible the game files detected from the CD could be a false positive detection there is no information to even try to check that out.
What is the malware name, the infected file name, where was it found e.g. (malware name, C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe
- Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.
I’m not all that computer literate… if the only issue I’m having is not being able to install the game CD because I get Avast infection warnings during installation, could I go offline, turn off avast and install it that way? And if I still can’t play it with Avast on, could I go offline and turn Avast off whenever I want to play it? Or is that too risky? (I thought most infections are received while online). Or do I need to just dump the game now (even though it is important to me)? Thanks
I would not disable avast!
The best option for you would be to find out the name of the infected file, and where it came from (what game…).
Right click avast icon–>click ‘Avast log viewer’–>click ‘warning’ section–>look at the bottom of the log (or click the date time header to bring the most recent to the top)
Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.
-Scott-
EDIT: I just realised DavidR already mentioned this…oops…
But again, would having Avast off for 5 minutes offline to install the game be that risky? Aren’t most infections received online?
In my first post I gave the name of the infected file (A0014650.EXE), but don’t see what good it does me to know that since avast can’t repair it and recommends sending it to the chest. Then the game can’t install.
From notepad log there were 2 things found, but I don’t know what I’m supposed to do with this. Thanks
11/22/2009 7:27:32 AM 1258900052r 1212 Sign of “Win32:Malware-gen” has been found in “C:\Program Files\eGames\Live Billiards\gbrowser.exe” file.
11/23/2009 7:01:05 AM 1258984865 1224 Sign of “Win32:Malware-gen” has been found in “C:\Program Files\eGames\Live Billiards~GLH0045.TMP” file.
Also, and I don’t know what this means but it occurred at same time of infection, the date/time on my system restore calendar is stuck on yesterday, can’t change it. It changed the date/time on my computer task bar which I changed back last night but had to do it again this morning. Would it help to disable system restore, reboot and then enable?