Avast has detected a couple of problems in my C:\system volume…one is a virus and the other is adware…but after shutting down the xp system restore and running a new thorough scan, Avast finds the problems but shows errors when either attempting to send to vhest, or during a second scan…trying to delete.
So the problems appear to be remaining.I have tried this four times and this is the last log listing for the item that avast says “error, cannaot delete(or remove to chest)” when attempting to either delete or remove to chest:
Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\System Volume Information_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP44\A0006987.exe{app}\NNGLZA638.EXE[Embedded#08138]” file.
Can avast home version not remove these from system restore?
Also, can someone explain to me how adware or a virus makes it into a system restore volume when avast is running constantly and I daily run a thorough or boot scan and definitions are updated automatically?
I’d appreciate any help both ridding my computer of these problems and in learning how to prevent them from occurring in the future.
I am not highly technical, so I may only be able to follow somewhat limited technical advice.
Thank you.
The C:\System Volume Information folder is a part of the system restore function and as such is protected by windows, the only really effective way to clean infected _restore points is to disable system restore and reboot. This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.
Files get into System Volume Information folder by system restore when they are deleted, usually from system folders, this is just in case you made an error it can later be restored.
Thank you for your reply and guidance.
I did, however, disable system restore after Avast first found the problems.
It was during the follow up scans (4) by avast, with system restore disabled, that avast seemd incapable of removing the offending items.
Each time the avast log indicated it could neither delete nor move to chest and that avast experienced an error each time.
It is the most recent version of avast home edition and the latest definitions.
So, despite disabling restore avast has not gotten rid of the problems or atleast tells me it encounters an error of some sort each time.
The key is to reboot after disabling system restore that clears all restore points. Even with system restore disabled the System Volume Information folder is still protected if there is anything in it, so the reboot is essential.
You don’t say why avast couldn’t deal with it (e.g. what the error was), I suspect that if you try to move it to the chest the file is too big, there are size limits for both the max file size and total chest size. These can be adjusted using the Program Settings, Chest.
Thank you very much for your reply.
I did reboot after disabling system restore.
The error message from avast was “an error occurred during (either)moving file to chest or deleting”(as I tried both methods twice after new scans and I rebooted each time as well).
I will try your advice in expanding the file and chest size via program settings.
Expanding the size of the chest and file size to 10 mbs. didn’t fix the problem as avast once again stated an error occurred in both delete and move to chest processes.
What I can’t understand is how there can be any detections in the C:\System Volume Information folder when you have disabled system restore and rebooted, that should completely empty the System Volume Information folder/s (if you have disabled SR for all partitions/drives). So there should be nothing there to detect they should be empty ?
If they aren’t empty then there might be problem with the system restore function itself. In which case you could try scheduling a boot-time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php
There’s lots more on that page that’s worth reading too. Note especially the sections on “Does System Restore protect personal data files?” (the short answer: no); “What should I do if System Restore does not work?”; “Why are my restore points missing or deleted?”; “Why does the System Restore Wizard lockup?”; and so on. Just a few minutes on that page ought to convince just about anyone that System Restore is not intended for heavy-duty system protection!
I do want to point out that after disabling system restore each time, then rebooting, then running avast scan…it is avast that continues to locate the offending items…even after I then tried resetting system restore later on and running the avast scan again, it still came up with the same items and the same inability to either delete them or move to chest.
As a certified non techie, I really have no clue at this time why those items are remianing steadfast in the restore volume.
I will read the information you all have offered and see where that may lead.
We know that avast is detecting it, that isn’t in question, but avast can’t magic the files from thin air if they aren’t there than avast shouldn’t find them.
Have you read the link I gave about accessing the system volume information folder, that is how you will see if there is anything there and if so system restore isn’t doing what it should of clearing the system volume information folder/s when disabled and a reboot done.