Unfortunately there are some virus files in the folder System Volume Information, under subdirectories like _restore{AF5…}, which cannot be removed/deleted/renamed or what soever. They even cannot be removed/deleted at a new startup.
I tried any possibility, and whether the main directory System Volume Information is read or write protected or not, files in these (sub)directories cannot be removed at all.
So every time that the automatical start of avast! tries to eliminate these virus files, the only thing is to ignore these messages, and let these files remain on the harddisk!
I assume there must be a (better) solution for this!
It's radicalb21. First let me welcome you to the forum. What MacLover2000 told you is correct. There is no way I know of other then what MacLover2000 said. But once you have put a checkmark in the box on the system restore tab. Restart your machine. Once the system has been restarted do not forget to uncheck the box you checked in the the system restore tab to turn system restore bis is done ack on. Once this is done I would suggest some form of backup to either CD-ROM or DVD medium that way if you become infected you can restore your system to an earlier time prior to infection. Also for future reference you can go into disk cleanup under system tools go under more options tab and click the cleanup button under system restore section and it will delete all but your most recent system restore point. Hope this helps.
One other option is to look at a third-party restore utility. My new (last fall) system came with Farstone’s Restore-IT already installed – that has the advantage that it creates daily incremental restore points for the whole drive, not just system files. So I never touch XP’s restore at all.
And there’s no conflict with System Restore – if I do need to restore to an earlier point, since the whole drive is “back-dated” that includes Win’s own restore-point files.
Since it came as part of my system package, I haven’t a clue what it would cost by itself, but that should be easy enough to find.
In my opinion the option “Boot Time Scan” should also be able to remove the infected files, because this scan is done before Windows XP starts and no restrictions are active at that time.
Thank you for your reply! That’s exactly what I thought! I was convinced that avast! was able to remove those files, as before booting Windows they couldn’t be in use or in some other way unaccessable, but this didn’t work out!
So, unfortunately, we have to accept that: also in other situations I noticed that the Boot Time Scan option doesn’t work at all! I think this is a great bug in avast!
Does someone has the same experiences? If so, please, let me know.
I noticed that the Boot Time Scan option doesn't work at all! I think this is a great bug in avast!
Boot Time scan works great at least on my PC! I just did a Boot Time Scan today and it found three Java Trojans in the Java Cache directory. Strange that the online scanner didn’t detect them…
PS. (Meanwhile I know that it couldn’t be found because it was in a *.zip file)
But as for avast missing some trojans, don’t forget
that even the best AV programs can miss them cos strictly
speaking they are not viruses. To cover all bases
it’s best to install a dedicated trojan scanner as well
as anti-virus.
There is another way to get rid of these files by following the directions at http://support.microsoft.com/default.aspx?scid=kb;EN-US;309531 which allow you to get into the system volume information directory and then manually delete the file or just run avast with the user you enabled on the directory and it will clean the files for you as it does with other files.
This behaviour is not limited to avast, virtually every AV company when giving indtruction in removal of a virus, warn that in XP you will probably have to disable System Restore because it is protected (windows system, hidden, etc., tec.) and going to be back.
If you are having problems getting the scan at boot I suggest that you download RajZors avast! External Control Tool and run/set it up from their.
I hate System Restore - I see so many people get into a complete mess, going from one restore point to another, to last known good configuration, etc. that they don’t really know where there system is at. Resulting in not knowing if the latest windows.updates are applied.
I too would recommend a third party backup/restore program. I use Drive Image 2002 and it takes a full image of my C:, D: partitions and saves it to my second HDD. If I have a problem I copy back the last image. Another Imaging tool is Acronis - True Image 7.0, this has much more functionality than Drive Image 2002, such incrimental image backup… This cuts down on the image creation time time.
The link to show how to view and access System Volume Information, I believe could be more dangerous than disabling SR. MS doesn’t got to the kind of trouble to hide it for nothing. This should carry a health warning.