FP Win32:Malware-gen?

Viruses and worms
1

similar topic (couldn’t post my problem there) http://forum.avast.com/index.php?topic=81789.0

My avast! Has a similar detection & inability to repair/move these files to container, the 3 of which, according to the full system scan I had started (with custom settings), are infected by “Win32:Malware-gen”:

C:\System Volume Information_restore{…msi|>Binary.cmdhide

I started (hidden) files & folders search to find out when it was created etc.
The date puzzles me, because I can clearly remember that I didn’t use my netbook then - neither that afternoon nor during the next 2 days (it didn’t even have a battery in it)

However, I had been installing something during the 2 days before that: apart from starting to use avast!, I went to the official page to download a slightly newer version of flash player, opted out of installing any additional software, started flash player installation - at the end: error - couldn’t be installed.

I can’t remember installing anything else lately, apart from Win updates, a USB modem and an internet security trial version (after uninstalling avast!)
During the next 2 weeks: also tried an other internet security product and then switched back to avast!
A couple of days later avast! detected those 3 infections above, created about 2 weeks ago

Could you explain a bit further, please? How to clear that? I’ve found instructions on how to disable system restore. Should I do that? My system seems to be working fine. Might this be a FP?

In order to scan those files online and post the results here, I have to use VirusTotal, for example. This might not be a sharp question, but how can I browse, find & upload them there if they’re hidden? Do I just copy-paste the file name?

2

Delete a restore point
http://windows.microsoft.com/en-US/windows7/Delete-a-restore-point

3

Meanwhile, I collected some more info on the 3 “infected” files - and got more confusing dates of creation/modification:

It says, the author was one of the internet security software providers I’ve tried recently.
The 1st file was created and modified a week before I even installed the trial version.
The 2nd file created & modified the day I tried internet security.
The 3rd file was modified a week before I even installed the trial version.

However, thank you - I’ll try deleting restore points,
without doing any damage along the way…

4

Honestly, there is little value in trying to get information on system report files as the names are changed.

Infected/Suspect Restore Points:

  • There really is little benefit in chasing a detection in the system volume information folder, allowing avast to deal with them is the way to go. It is only there because it had previously been deleted or moved from the system folders, etc. and this is a back-up created by system restore.

  • Worst case scenario it isn’t infected and you delete it, you can’t use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.

  • So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

5

I appreciate the info!

6

You’re welcome.