I keep having the same ?virus?

Viruses and worms
1

Hi,

I keep having the same alert, again and again. From what I can tell, the alert occur when my system is inactive, like 10-20 minutes.

Here’s the message:
c:\System Volume Information_restore{F15AF987-DCA-4A67-99
win32:Banshee[Wrm]

When I installed Avast, I launched a scan on boot. It detected the same ?virus?, like it was everywhere. I selected to put it in quarantine, like the software recommended to do. But after a while (there was so many), it says that c: was full (it is not but it’s probably the quarantine file that was full). Then I selected “delete”. It keep deleting for like 15 minutes! I stop it because I was scared that, after so much files removed, my OS will be broken and I won’t be able to boot.

But now I keep having the alert mentioned above.

What’s going on?

2

The c:\System Volume Information\ folder is a part of the windows system restore and is a protected area, so I doubt it is being deleted.

The only way to remove infected _restore points is to disable system restore and reboot. That will remove ALL restore points, do another scan of your system and if clean enable system restore and reboot.

3

Hi,

If it wasn’t deleted, wouldn’t Avast tell me? I mean I have no message that the file wasn’t deleted.

I’m not sure I understand the second part of your message. Can you provide more deatails please.

4

avast might well try to delete it but windows will be protecting it, I’m unsure if there is any failure message as you would usually also get a windows message as well.

Win XP-ME - How to disable System Restore

5

Well, I did what you said:

  • disabled system restore (I have XP sp1)
  • Full scan (Avast 4.6 with latest definition)

Guess what, Avast found nothing!
What should I do? Leave system restore disabled (what is it for anyway)? If I enabled it, Avast will keep giving me a virus alert. Is it possible that this is a false alert? A file Avast think it,s a virus while it’s not?

Thanks

6

Anybody?

7

Better if you can have SP2…

System restore is what the name suggests… allow restoring the system to an earlier (supposed good) system situation.
After you get clean, for sure, you can enable it again.

I don’t think it’s a false positive…

8

:slight_smile: Hi Spartacvs :

 As a double-check as to IF the worm is no longer on your
 computer, I recommend you run a "Full Scan" of "Ewido"
 from www.ewido.com/en . This good & FREE program
"specializes" in detecting and removing worms, trojans,
 generic dialers, etc . There is a tutorial at :
 www.greyknight17.com/spy/Tutorials/ewidoQuickGuide.pdf

 P.S. You should NEVER install XP SP2 unless you are
 absolutely free of spyware .