FWIW, my K drive is an external drive used for backups only. I use DriveImage to back up my data files to the K drive.
I didn’t take any action when the warning popped up. Normally, I’d just delete the file, but although I am not a technical person, I know better than to fool with the System Volume Information folder!
How would I send the file to Virus Total? It’s in the System Volume Information folder, so I get “access is denied” if I click on it. How can I get at the specific file?
If I disable system restore, isn’t that going to turn it off for my entire system, not just the K: drive? And will it wipe out my restore points on my other drives? Although to be honest, I don’t know what restore points are. I assuming they restore my system to an earlier state and would be used only in catastrophic circumstances. Since I do regular DriveImages, I’m not sure I’d use restore points, but I don’t know enough about it (well, I don’t know ANYTHING about it) to determine of restore points would be more useful.
What if I reformat my K drive? Since the files are just backups, I can move the backup files to another drive and reformat K. It’s a Seagate and there are some Seagate files on it (warranty, EULA, etc.), but I don’t think there’s anything special about the drive that would preclude my reformatting it.
I submitted the file to Virus Total, but I’m not sure I understand what the analysis report means. Apparently 20 out of 32 virus scanners found some sort of cooties in the file – there were several different names (of malware) listed. But Avast! was blank. (I’ve saved the report.)
So what does this mean, and what should I do next?
It means the file probably really was a malware file.
Your options are: let avast! delete the file and break that restore point.
Ignore the detections and wait for that restore point to get destroyed as new ones are created. Bear in mind that if you ever use that restore point, you will possibly restore live malware.
Create a new, clean restore point and get rid of all the old ones, including the infected one. Here’s how:
Letting Avast! delete the file and break the restore point sounds fine to me. The filedate is October 2007. It’s in a folder with hundreds of font files and more .exe files (some as large as 50 MB). No idea what they are. But since this disk has been used only for backups, I’d never bother to restore it. If anything went haywire with the drive, I’d just reformat it (or replace it).
How did the file get infected in the first place? Did I back up an infected file (which would have since been deleted) that in turn caused an infected restore point to be created?
Avast! didn’t find any other infected files, just that restore point.
I still don’t quit understand how restore points work. I have two folders in System Volume Information, one dated Oct 07 and the other dated July 08. Each has several subfolders, all of which contain just a couple of files, except for the subfolder that contains the infected file and hundreds of other files.
Anyway, if letting Avast! make that restore point walk the plank solves the problem, I’ll be happy.