For some reason, out of the blue this week, bicololo-n (trj) began flagging as a high threat on the following files for a windows 7, 32-bit computer that is rarely, if ever, online:
If I delete them then it screws up the current windows backup.
If I delete them and start windows backup again, then everything is fine until the backup completes then it flags again.
I’ve run malwarebytes, avast root scans, avast extreme scans (my customized scan with everything checked and highest heuristics) and no other files are flagging. If I delete them then I have 0 infected files, but the second I run backup again, these items are flagging.
Just disable system restore/system backup and the problem is solved.
It is crap anyway.
Think of it, what good would a backup do if you can’t access it because the drive fails?
I use system restore/system backup often and have for some time. The backups and system images which can be restored to any drive are kept on an external drive, but this is now far off topic.
This just started last week and I believe it to be a false positive from avast. I’ve sent the files to avast and there is at least one other person experiencing this as determined by a google search.
If this is an actual virus then why is avast not finding the root cause (i.e., no virus until the backup is complete… if there was something being added to the catalog that was a virus why can’t avast identify it)
Also as I look at the forum in the last couple of days it seems quite a few people are now experiencing false positives.
The cause is how windows compresses/encrypt the files.
It sure does look like a false positive and it will be fixed.
Since this is not a high priority issue, it may take a few vps updates before it is.