The infected RP***\A00*****.exe/.dll file(s) identified by your scan are in the System Volume Information Folder
(SVI) which is a part of System Restore
. This is the feature that allows you to set points in time to roll back your computer to a clean working state. The SVI folder is protected by permissions that only allow the system to have access and is hidden by default
unless you have reconfigured Windows to show it.
System Restore will back up the good as well as the bad files
so when malware is present on the system it gets included in any restore points as an A00***** file. When you scan your system with anti-virus or anti-malware tools, they may detect and place these files in quarantine. When a security program quarantines a file, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat
. Thereafter, you can then delete
it at any time.
When an anti-virus quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat
until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "false positive
". If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure
. When the quarantined file is known to be bad
, you can delete
it at any time.
If the anti-virus cannot move the files to quarantine, they sometimes can reinfect your system if you accidentally use an old restore point. To remove these file(s), the easiest thing to do is Create a New Restore Point
to enable your computer to "roll-back
" to a clean working state and use Disk Cleanup
to remove all but the most recent restore point.