topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Saturday December 14, 2024, 9:53 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

« previous next »
Pages: [1] • bottom

Author Topic: System Restore Trojan?  (Read 4148 times)

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,778
    • View Profile
    • Read more about this member.
    • Donate to Member
System Restore Trojan?
« on: June 27, 2008, 06:33 PM »
How is this even possible? These are hidden, protected OS files/folders.

System Restore Virus.png

EDIT: Please note that D: is the new drive that has only had the contents of the old drive copied over to it. Though I suppose this quarantine was made before the old drive started failing, and it is just remembering the location the file used to be at.
« Last Edit: June 27, 2008, 06:36 PM by Deozaan »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,914
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: System Restore Trojan?
« Reply #1 on: June 27, 2008, 06:38 PM »
deo it's not clear to me if:
1) you have a serious trojan on your pc which is locking and hiding it's files to avoid detection and removal
or
2) if you have an antivirus program that decided a good way to block a suspected trojan is to delete it and move it somewhere as a hidden locked file in quarantine.
or
3) something else

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,885
    • View Profile
    • Donate to Member
Re: System Restore Trojan?
« Reply #2 on: June 28, 2008, 02:51 AM »
If you had something on your system before, it is likely that System Restore made a backup of your infected files and that is what your antivirus is detecting.

The proper way to rid your PC of an infection, should you have one, is to turn off System Restore before removing it, that way it won't make a backup of the infected files...and it also will clean out the restore folder.

Most antiviruses can't clean the Restore folder because Windows locks it and won't let them.

The remedy for you right now to clean it up, is
  • turn off System Restore
  • reboot
  • turn it back on
  • reboot again
  • set a new restore point (right away!)

Until you do this, I would not trust any of your previous restore points as being clean and trustworthy.
Pages: [1] • top
« previous next »