win32:subseven22(trj)???

Avast Free Antivirus / Premium Security
1

Every time I use the home edition i get hundreds of files where the location is “System Volume Informating_restore” and it says the virus is “win32:subseven22”. Also lots that are "Win32:trojan-gen. (upx!).

I obvuousily dont know squat about any of this, any help would be greatly appreciated!

2

Please, go to Control Panel > System > System restore > Disable it > click apply > Enable it again.
You will ‘delete’ all the restore points and with them the infected files there, locked by Windows and that cannot be cleaned by avast.

Hope this help.

3

Thanks for that info on how to get rid of the infected system restore files. Is it safe to delete the files in the Virus Chest? Over the past
5 hours, 21 files with Trojano-180 and Dumar infections have been placed there? Many of them are system files, which might be important? The Avast documentation doesn’t give me good advice
on how to repair these files using the VRB. Please advise. Thankyou.

4

The worms cannot be repaired (because there is no “original” file that was infected) - they can only be deleted.
If the files are in the Virus Chest, they are already deleted, in fact (they were moved to Chest). So, if your system works correctly without them, you can delete them from the Chest as well.

The worms usually copy their files to the system directory - but it doesn’t mean they are important system files. If you post the exact filenames, it would be possible to say more, but I guess you don’t have to worry about them.

5

See Igor’s answer. If you can work with your system (boot, run applications…) so it’s safe to delete that files. If you’re not sure, let them there for a while. They are safe there and cannot infect your system.

If you said so… the infection was spreding into your system.
How are you right now? Did you run a full scan?

Some files were posted there by avast (backup purposes) other could be infected.
Like Igor said, we need to know the names (and path) of that system files.

See User’s FAQ link on my signature and, please, browse there a little until you find VRDB explanations. Anyway, it’s an automated way, you can’t do (manually) so much 8)