While scanning today !

system · January 31, 2010, 8:39pm

While scanning today I hit upon (c:_restore\archive\f55.cab\a0000054.cpy (win32-----, could not see the rest, I believe it was Virus. Could not do any thing with it, did not try delete. Still in system. 3 others moved to suspect file. From chest. What to do ?

DavidR · January 31, 2010, 9:06pm

You should - Expand Column Width, hover the mouse pointer over the column header divider until the pointer changes (see image, click to enlarge) left click and hold down the key whilst dragging the pointer to the right.

Or you can go to the source file, using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and that contains all the information on the detection.

Infected Restore Points - There really is little benefit in chasing a detection in the c:_restore folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
Worst case scenario it isn’t infected and you delete it, you can’t use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
So if there is any suspicion about a restore point then it is best removed from the c:_restore folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

system · January 31, 2010, 9:19pm

Thanks DavidR, Short and to the Point as always. ;D

DavidR · January 31, 2010, 9:25pm

You’re welcome.

system · February 1, 2010, 8:25pm

DavidR, I can not even delete it !!

DavidR · February 1, 2010, 8:55pm

Why, give me a clue, error message displayed ?

Having reread the original post, the detection is within a .cab archive file, f55.cab and avast 4.8 can’t remove it from the .cab file without probably corrupting it. Since avast isn’t actually detecting the f55.cab file as infected it won’t send that to the chest or delete the f55.cab file.

avast 5.0 (which you with winME can’t install) has additional functionality were if this happens avast has an option to either move or delete the archive file.

So the only solution is the manual removal of the f55.cab from within the c:_restore\Archive folder, that too might be a problem as the c:_restore is a protected area. So to get rid of it you may have to disable system restore and reboot, that will clear all _restore points infected or otherwise.

system · February 2, 2010, 2:20am

Error Message, Sorry, I didn’t check that. I just can’t do any thing with it. Have tried your last resort, but still is there. Again thanks.

DavidR · February 2, 2010, 7:39pm

Windows ME, XP, Vista - How to disable System Restore

system · February 2, 2010, 7:45pm

Done !. Bad guy is now gone !!. Did the same thing yesterday, (you now suggested) and it was still there. My system RESTORE worked today. Again Many Thanks.

DavidR · February 2, 2010, 8:11pm

You’re welcome.

While scanning today !

Announcements