Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG says I'm infected I can't get it removed HELP!!


  • Please log in to reply
5 replies to this topic

#1 rpm2

rpm2

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 29 April 2013 - 10:44 AM

My AVG says I have a bug. Avg will not fix the problem. So I have ran my Malwarebytes, and it  will not remove it either. I need to get this bug removed before I can fix the editor.

This is what I am getting from AVG:

Detection Name: The file is signed with a broken digital signature, issued by Malwarebytes Corp.
Description:     C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1605\A0259403.exe
Severity:        Message
State:           Infected
Source:          Scan
Date:            4/29/2013


Any ideas on this??

 

 

Thanks

Robert



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:15 PM

Posted 29 April 2013 - 11:11 AM

Looks like a file in your System Restore folder, these are not scannable by malware tools.
 
 Reset your restore points to remove it..
 
 Create a New Restore Point (alternate method) to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then use Disk Cleanup to remove all but the newly created Restore Point.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rpm2

rpm2
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 29 April 2013 - 12:40 PM

How should I go about removing this from my system? AVG will not remove it nor will Malwarebytes. What do you suggest??

 

Thanks

Robert



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:15 PM

Posted 29 April 2013 - 01:52 PM

Following the instructions provided by boompe will get rid of that file.


The detected _restore{GUID}\RP***\A00*****.xxx file(s) identified by your scan are in the System Volume Information Folder (SVI) which is a part of System Restore. The *** after 'RP' represents a sequential number automatically assigned by the operating system. The ***** after 'A00' also represents a sequential number where the original file(s) were backed up and renamed except for its extension. To learn more about this, refer to:System Restore is the feature that protects your computer by monitoring a core set of system and application files and by creating backups (snapshots saved as restore points) of vital system configurations, registry and files before changes are made. These restore points can be used to "roll back" your computer to a clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. See What's Restored when using System Restore and What's Not.

The SVI folder is protected by permissions that only allow the system to have access and is hidden by default on the root of every drive, partition or volume including most external drives, and some USB flash drives. For more detailed information, read System Restore Overview and How it works and How antivirus software and System Restore work together.

System Restore is enabled by default and will back up the good as well as malevolent files, so when malware is present on the system it gets included in restore points as an A00***** file. If you only get a detection on a file in the SVI folder, that means the original file was on your system in another location at some point and probably has been removed. However, when you scan your system with anti-virus or anti-malware tools, you may receive an alert that a malicious file was detected in the SVI folder (in System Restore points) but the anti-virus software was unable to remove it. Since the SVI folder is a protected directory, most anti-virus and scanning tools cannot access it to disinfect or delete these files. If not removed, they sometimes can reinfect your system if you accidentally use an old restore point.

If your anti-virus or anti-malware tool cannot move the file(s) to quarantine (or they keep returning as detections), they sometimes can reinfect your system if you accidentally use an old restore point. In order to avoid reinfection and remove these file(s) if your security tools cannot properly remove them, the easiest thing to do Create a New Restore Point and use Disk Cleanup to remove all but the most recent restore point.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 rpm2

rpm2
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 30 April 2013 - 08:32 AM

No threats this morning when I ran AVG. Thanks for the help!!!!



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:15 PM

Posted 30 April 2013 - 08:40 AM

boompe did the work...I just provided amplifying information.

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users