I was scaning my PC with “avast! version 4.7 home edition” and I found the “Win32:Pskill-E” virus in the “C:\WINDOWS\RESTORE.INS\C:\OEMCUST\TOOLS\WIN32\PSKI” file. However the avast informed me, that is impossible to process the file.
I don’t know if it’s realy a virus, or if it’s a false positive. In afirmative case, how can I remove it? Help me please…
Hi Ronaldo :
IF you had used this forum's "search" feature, you would
have found :
http://forum.avast.com/index.php?topic=22979.0 .
Windows in its infinite wisdom protects files in use (even malware), so it is likely that avast! can’t delete or move files in use. So schedule boot-time scan in avast’s menu if you have XP, win2k or NT, otherwise boot into safe mode and run an avast scan. This should ensure that the file isn’t in use and avast should be able to deal with it.
Send it to the chest rather than delete so it gives options after investigation.
What is your OS ?
A google search for restore.ins returns many hits here are a couple, http://forum.grisoft.cz/freeforum/read.php?4,54003,backpage=10,sv=, http://www.mcse.ms/message827328.html, so it would appear that the detection is correct.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
Thank’s to DavidR. I did it with Virus Total , and several Antivirus found it. I’ll try clear now.
??? About the forum’s “search”, I used it first, but since I don’t speak French…
No problem, welcome to the forums.
Good luck, let us know if you need any more help.
I had the same malware very strange is was a file from the year 2000.
However it was found by other scanners when I used Joti.
So it must be a virus.
Jan Paul.