BleepingComputer.com: Antivir warnings.

In the antivir logs after scanning, it says how many warnings and how many viruses etc.. how do they define the warnings?

And while I'm here to save me posting a separate topic, just wondering what SPR/PSW.ProductKey.AC is, because antivir found it on my computer and I was just wondering what it was.

Quote

What version are you using? Did you check the user manual?
User manual AVIRA ANTIVIR PERSONAL
User manual AVIRA ANTIVIR PROFESSIONAL

Quote

Did AntiVir provide a specific file name associated with this threat(s) and if so, where was it located (full file path) at on your system? Each security vendor uses their own naming conventions to identify various types of malware so it's difficult to determine exactly what has been detected or the nature of the infection without knowing more information about the actually file(s) involved.

Thanks for replying.

I can't remember the full path, but i think it was system restore or something like that

although i delete the 'infection' whenever i scan again, its always detected again.

Sounds like its an infected RP***\A00*****.exe/.dll file(s) in the System Volume Information Folder (SVI) which is a part of System Restore. This is the feature that allows you to set points in time to roll back your computer to a clean working state. The SVI folder is protected by permissions that only allow the system to have access and is hidden by default unless you have reconfigured Windows to show it.

System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points as an A00***** file. When you scan your system with anti-virus or anti-malware tools, you may receive an alert or notification that a virus was found in the SVI folder (System Restore points) but the anti-virus software was unable to remove it. Since the SVI folder is a protected directory, most scanning tools cannot access it to disinfect or delete these files. If not removed, they sometimes can reinfect your system if you accidentally use an old restore point.

To remove these file(s), the easiest thing to do is Create a New Restore Point to enable your computer to "roll-back" to a clean working state and use Disk Cleanup to remove all but the most recent restore point.

I thought restore points are set automatically by the computer no?

Hello FunkyChicka.

Quote

Yes. They can be created automatically from your computer however; they can also be created manually with what Quietman7 said.

Once you create a new restore point and use Disk Cleanup, it will remove all older restore points so it will remove all the restore points that were created after the day you create the new restore point. This will remove the infected files in the System Volume Information folder previously.

With Regards,
Extremeboy

You might have already gotten an answer to this, but I figured I'd give it a shot anyway.

I couldn't find any info on Avira on your particular threat, but I do know that SPR is a Security Privacy Risk, which Avira defines as "Software that maybe is able to compromise the security of your system, initiate unwanted program activities, damage your privacy or spy out your user behavior and might therefore be unwanted". I had an SPR threat on my computer a couple months ago and it was eBlaster, full Avira name SPR/Tool.eBlaster, which is a keylogger, plus it records emails, chats, IMs, websites visited, etc.

That's helpful too. Thanks.