I have the Win32:Trojan-gen virus in my C:\System Volume Information_restore folder and now I can’t restore my system at all! I have it in the Virus Chest and now don’t know what to do? If I delete it, will the system restore work again or will I delete the restore capability also? Any suggestions for this computer novice would be greatly appreciated…
Why would you need to restore your system, allowing avast to deal with one infected restore point shouldn’t break system restore, all that would happen is that that restore point wouldn’t be available. Earlier restore points should still work.
System Restore is far from perfect and these things can habben even without infection being detected in a restore point.
Generally some advise when trying to deal with infection in system folders to disable system restore to stop copies being placed in a restore point. That would have the effect of deleting all restore points clean or infected.
avast however should be able to extract the single infected restore point without you having to resort to disabling system restore deleting all restore points.
You can however start from square one by removing all and creating a new clean restore point assuming your system is otherwise clean.
– Create Clean Restore Point - Clear old Restore Points.
Now you are clear of infection create a clean System Restore point:
- Click Start, All Programs, Accessories, System tools, System Restore.
- In the pop-up that appears fill in the radio button to Create a Restore Point
- Click NEXT
- Enter a useful name that you will remember if you need to find this again (Clean Restore Point)
- Click CREATE
You now have a clean restore point, you should clear the old ones:
- Click Start, All Programs, Accessories, System tools, Disk Clean Up
- Click OK on the C: drive
- Click the More Options tab
- In the System Restore section click the Clean Up button
Thanks, I would rather not delete all the restore points either but the last 4 dates that I tested won’t restore to those dates. Maybe coincidental but would appear that it’s related to this virus. I’m also not able to download the SuperAntiSpyware file either. I try the download but it won’t open or even allow me to save it. I tried e-mailing the download from another computer and it won’t open that either. I scanned with Malwarebytes and it found no infections, I’m scanning with Avast! now… Any suggestions?
You can try
Dr.web cureit http://freedrweb.com/cureit/?lng=en
Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en
That is entirely possible, even without the virus issue the system restore frequently had issues unable to set restore points. It isn’t 100% by some way and I gave up on it many years ago. I prefer to use a drive imaging software that gives me great recovery potential.
When you try to download it, change the name that you save it as like tcs29_SAS_setup.exe, as there are occasions were malware is on the lookout for the SuperAntiSpyware installation file. You could also try running MBAM from safe mode.
I just received the results of the avast! scan and it says “0” infected items but then the “Results of last scan” window pops up with 3440 lines with “name of file” such as C:\Program Files\Yahoo…adrevolver or yieldmanager or tribalfusion etc… and “Result” Unable to scan: Ar…
What are these and what “Action” should I take?
Probably very basic stuff for you all, but this is all new to me.
Thanks for your help!
Do Nothing, if you expand the column width you can see the full text, which would probably be Archive is password protected and avast or you don’t know the password.
Files that can’t be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.
Many programs (usually security based ones) password protect their files for legitimate reasons such as AdAware and Spybot Search & Destroy, there are others (and avast doesn’t know the password or have any way of using it even if it did know it).
When you run scans with the above programs and you delete harmful entries that they detect, a copy is kept (in quarantine/restore/backup) in case you need to reverse what you did. These are usually password protected, you should do some housekeeping and delete old backup/recovery/quarantine entries (older than two weeks or so), this will reduce the numbers of files that can’t be scanned.
By examining 1) the reason given by avast! for not being able to scan the files, 2) the location of the files, you can get an idea of what program they relate to.
Thanks! I’ll do nothing. So, if there are no infections found now, any ideas as to why I wouldn’t be able to download the SuperAntiVirus file?
The fact that nothing is found doesn’t mean everything is clean as some malware is hidden by rootkit. What you are describing with SAS could be malware at work, which would be either a) undetected, unusual when multiple scanners found nothing or b) a rootkit could be involved hiding the malware from scans.
I already said why it might be blocked in my reply after you first mentioned it and what to do to try and get past that, see Reply #4.
Have you not tried the tools Pondus suggested ?
I tried changing the name of the SAS file,with no success, and I am not able to download the Norman Malware Cleaner either.
Are you able to access the site ?
Or is it not able to download only, and if so what error is displayed ?
– HOSTS file redirect a common malware tactic to block AV sites making it difficult to remove malware - 127.0.0.1 check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there.
Once open you are looking for entries with security based web sites, like avast.com, etc. on the line, you may well see other AV sites, post the contents of the hosts file. http://en.wikipedia.org/wiki/Hosts_file
At SUPERAntiSpyware support they recomend trying the online scan if you are not able to download/install the program
http://www.superantispyware.com/onlinescan.html
SAS you can use its tools to repair your system restore point^^
Somewhat difficult if you can’t download/install it if you read the topic you would see that in Reply #2 ???
I’m back and thanks for the replies! I am able to access the sites( SAS, Norman, FreeDrWeb etc…), I just can’t download the programs. I’ll start trying some of the suggestions and report back.
Oh, and no error message is displayed, it just wont download…
But what are the errors you are getting when you ‘can’t’ download them and error could provide us with valuable information ?
I am getting no error message. The screen flickers for a second and then nothing. Now I can’t even access the SAS site. I can get to the cnet download site, but it still blocks the download. I did see the word “blocked” in the address bar one time.
Also, I am also not even able to open the “internet options” section in the “tools” to add a “trusted site” as the cnet download help suggested.
Yes, internet explorer.