Infected RP***\A00*****.exe file(s) identified by your scan are in the System Volume Information Folder
(SVI) which is a part of System Restore
. This is the feature that allows you to set points in time to roll back your computer to a clean working state. The SVI folder is protected by permissions that only allow the system to have access and is hidden by default
unless you have reconfigured Windows to show it.
System Restore will back up the good as well as the bad files
so when malware is present on the system it gets included in any restore points as an A00***** file. When you scan your system with anti-virus or anti-malware tools, they may detect and place these files in quarantine. When a security program quarantines a file, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat
until you take action to delete it. If not removed, they sometimes can reinfect your system if you accidentally use an old restore point.
To avoid this and be sure all malware file(s) have been removed after your system has been cleaned, you should Create a New Restore Point
to enable your computer to "roll-back
" to a clean working state and use Disk Cleanup
to remove all but the most recent restore point.
When you experience or encounter strange behavior, always check for new, unknown or suspicious processes that may be running on your system in Task Manager
Anytime you come across a suspicious file or one that you do not recognize, search the name using Google or the following links:BC's File DatabaseBC's Startup Programs DatabaseFile Research CenterThreatExpert Malware Search
Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click
on the file, Properties
and examine the General and Version tabs.
You can download and use Process Explorer
or System Explorer
to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location
. If you right-click on the file in question and select properties, you will see more details about the file.
If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan
. In the "File to upload & scan
" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
-- Then post back with the results of the file analysis.