I edited your topic to remove your HijackThis log as they are
not permitted in topics outside the
Virus, Trojan, Spyware, and Malware Removal Logs forum. Further, HijackThis
only scans certain areas of your system/registry to help diagnose the presence of undetected malware in known hiding places. Therefore, its log may not always show all the malware on your system. As such, HijackThis has been
replaced by newer tools like
DDS, RSIT and
OTL which provide comprehensive logs with specific details about more areas of your computer.
The Malware Response Team members are all volunteers who contribute to helping members as time permits but currently there is a backup and you may have to wait for assistance. Referrals are made to the
Virus, Trojan, Spyware, and Malware Removal Logs forum if we cannot assist you here or more powerful tools are required for disinfection.
The detected _restore{GUID}\
RP***\
A00*****.xxx file(s) identified by your scan are in the
System Volume Information Folder (SVI) which is a part of
System Restore. The
*** after '
RP' represents a sequential number automatically assigned by the operating system. The
***** after '
A00' also represents a sequential number where the original file(s) were backed up and renamed except for its extension. To learn more about this, refer to:
System Restore is the feature that protects your computer by monitoring a core set of system and application files and by creating backups (snapshots saved as restore points) of vital system configurations and files before changes are made. These restore points can be used to "
roll back" your computer to a clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. See
What's Restored when using System Restore and What's Not.
The SVI folder is protected by permissions that only allow the system to have access and is
hidden by default on the root of every drive, partition or volume including most external drives, and some USB flash drives. For more detailed information, read
System Restore Overview and How it works and
How antivirus software and System Restore work together.
System Restore is
enabled by default and will
back up the good as well as malevolent files, so when malware is present on the system it gets included in restore points as an
A00***** file. If you only get a detection on a file in the SVI folder, that means the original file was on your system in another location at some point and probably has been removed. However, when you scan your system with anti-virus or anti-malware tools, you may receive an alert that a malicious file was detected in the SVI folder (in System Restore points) but the anti-virus software was unable to remove it. Since the SVI folder is a protected directory, most anti-virus and scanning tools cannot access it to disinfect or delete these files. If not removed, they sometimes can reinfect your system if you accidentally use an old restore point.
If your anti-virus or anti-malware tool cannot move the files to quarantine (or they keep returning as detections), they sometimes can reinfect your system if you accidentally use an old restore point. In order to avoid reinfection and remove these file(s) if your security tools cannot properly remove them, the easiest thing to do
after disinfection is
Create a New Restore Point to enable your computer to "
roll-back" to a clean working state and use
Disk Cleanup to remove all but the most recent restore point.
Vista and
Windows 7 users can refer to these links:
Create a New Restore Point in Vista or Windows 7 and
Disk Cleanup in Vista.
Help
Back to top
