I have been getting the same 4 viruses, located on archived files, every time I run my free version 4.5 of Avast antivirus software. I cannot delete or move the files no matter what I try. The viruses are Win32:Trojan-gen.(other) on 2 files and Win32:Trojano-490(Trj.) and Win32:BiSpy(Trj.) on the other 2. All of the files are located at: C:_Restore\Archive files, one is at FS12.cab\A0009234.cpy(upx), one is at FS13 with a different number, etc. The first error says “access is denied”, then when I try to move it says “cannot process”. When I try to delete it says “error 0x00001779 cannot process”. I might add that it takes HOURS (all day or all night) to run Avast , and at the end there are always 132 lines of archived files that are listed as “unable to scan archived file” even though I requested a thorough scan and a scan of all archived files. Neither AdAware or Spybot finds these files, and AVG never found them either. My computer acts like it has a virus, with slow logon speeds and locking up. What is making it take so long to run Avast, why can’t I remove or delete the files and why can’t it scan my archived files?

1. Disable system restore
Windows XP:

1. Right click on the “My Computer” icon on the Windows desktop.
2. Click “Properties”.
3. Click on the “System Restore”.
4. Place a tick in “Turn off System Restore on all Drives”.
5. Click OK.
6. Close and RESTART your system.

Windows ME:

1. Right click on the “My Computer” icon on the Windows desktop.
2. Click “Properties”.
3. Click on “Performance”.
4. Click “File system”.
5. Click “Troubleshooting”.
6. Check “Disable system restore”.
7. Click on OK.
8. Close and RESTART your system.

2. Do another scan

… and if your system is clean:

3. Re-enable system restore

Do as Spyros suggested. That will solve the problem.

About the archives:
Avast (as well as any other av) can only scan archives if they are in a format that is recognized and as long as the archive is not protected in anyway.

eg: Spybot s&d is encrypting some of its files in a way that is not known and so are some files from the Java package. This is perfectly normal behaviour and you should not worry about it.

let me know if this works. We are both having the same virus problem

splash

splash, it doesn’t really matter if you have the same virus problem or not, but whether they are in the same possition or not.
susihess wrote they are in C:_Restore, so cleaning out the space used by it usually gets the job done.

There are differences and we will need more information to be able to help fully.
- What OS are you using? is it up to date?
- What avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!)
- What was the filename, where was it found
example (C:\windows\system32\infected-filename.xxx)?
- What actions have you taken to try and resolve the problem?

Thank you very much for the advice-it worked! I had tried disabling the restore and going in to the .cab files to manually delete them and they would not delete. So I did as you suggested and disabled the system restore and let AVAST run again. It got 5 trojans moved successfully and took far less time to run. There were still 132 lines of files “unable to scan archived file”, which I am unclear about, but none of them had virus alerts. I am using Windows ME but am going to upgrade to XP as I am not happy with ME. I still have lots of problems with the computer and have to run AdAware, Spybot and Avast every day to get rid of malicious files. I also have ZoneAlarm firewall installed. I am hoping that XP will provide a more secure operating system. Thanks again.

Give us an example of some of the files and their location that can’t be scanned (C:\program files.…\notscanned-filename.xxx)? There are many justifiable reasons why they can’t be scanned.

Well, I have upgraded to XP and now I have a new problem. I can’t open the virus chest. When I click on the chest, I get error messages as follows:

“Initialization of chest files action was completed with errors. Program cannot use Chest client :(null). Virus chest server is not running. RPC communications failed. Program will try to load all chest files from the following server: (null)”

I should mention that I have had trouble today and yesterday with “error on page” messages now and then on my browser, which is IE6. I am considering downloading the latest security updates from microsoft for IE6 to try to fix this.

I don’t know if I even need the chest but it was always there before I upgraded to XP. The program runs just fine and is finding those same 5 or 6 Win32 trojan-type viruses every time I run it, and moving them successfully. I wonder WHERE it is moving them, since I can’t open the chest. Hmmm…

As far as the other problem with the archived files, you wanted to know where they are located. They are only in my Program files in 2 locations: “C:\Program Files\Lavasoft.…arrow1.bmp” (and many other .bmp files in Lavasoft), and “C:\Documents and Settings\All Users.…sbRecovery.reg” etc. I am not too worried about this as you said there is probably a good reason why they are not being scanned and there are no viruses being found anyway. Lavasoft is my AdAware free adware checker program.

While upgrading you should uninstall avast! and then install again.
If you did not do it yet, please, do it and boot between one and another…

Sure there is a good reason why they are not being scanned: they are password protected. Don’t worry, they are clean files

They are both legit and being protected by their programs AdAware and Spybot S&D. Though just why Lavasoft wants to protect the image files is beyond me.

However, the ones relating to S&D are usually the restore/back-up for items that the program has removed, so you may recover them if they were false positives, therefore removed in error. If they have been there for some time and there has been no harmful effect to your system, then they can be removed from S&Ds Recovery section.

I did uninstall and redownload avast. I had to because it was giving me errors. I will do it again and see what happens. I had to do that to AdAware and Spybot too. I have another problem as well, and they may be related. I cannot find my documents and pictures. I think it is related to users and passwords. I did not have any users or passwords on the computer before I upgraded to XP but when I upgraded it asked me for users and I set them up. I have not been able to locate my data, either documents or pictures, or my favorites on the browser. I have reinstalled Office 2000 and most of my other programs have the data intact. Have I lost the data? I realize I can go back and restore but this will remove XP, which I don’t want to do. My machine is running better with XP. I have most of the data backed up but I would like to find it all on the hard drive if possible. I have tried opening documents from Word and going in thru My Computer and C drive and there is nothing there. There is no music in the media player either, none of my playlists…

Susihess, I really suggest you use your backup.
I think it will be easy that you format, make a clean XP+SP2 installation…
Return your data and settings…, music and so on…

Losing documents, music and playlists will be just the beginning.
I did this last days and I do not regret: start again, clean, and restore the data 8)

You mean I have lost all that data? What happened? How did I lose it? Did I lose it when I disabled the restore and ran the scan or when I upgraded to XP? What do you mean it is just the beginning? If I do a restore won’t it bring back the data? I hope so because I am not sure I have it all backed up. Do I just put the restore CD in and pick a date that was before I installed XP? Or do I uninstall XP first. I have never done a system restore myself although the computer shop did one on this machine a few months ago. Surely the data is there somewhere on the hard drive… ???I don’t have any files that are password protected that I know of so why can’t I get to them…

If you know the name of one of the files you are missing you can do a search for it.
Is it found?
If not, it (and others) are likely gone.
If it is found, look at the location where it is found.

Upgrading, normally won’t delete files. Unless you don’t pay attention during the upgrade and say “yes” while you need to see “no” (or visa versa)

Windows System Restore is a very limited application for only system and drivers files.
It does not backup your data.
You did not lose your data if you can find it into your disk… Otherwise, documents, files, etc… could only be recovered by a backup right now…
I think neither the scanning nor the XP upgrade made you lose data… maybe a virus…

No, sorry, XP does not have this feature. You can’t go back only by XP.

You can’t uninstall XP… you can only upgrade it (Longhorn in the future) or format the disk…

Here we have the solution… Maybe the vendors could say ‘how’ they backuped the data… Some applications do it (Norton Ghost, RestoreIt, etc.).

About System Restore, can you take a look here?
http://forum.avast.com/index.php?topic=10379.msg88356#msg88356