volc Posted November 25, 2008 ID:36406 Share Posted November 25, 2008 I've made various analyses these days and every analysis show me an alert for things like:C:\System Volume Information\_restore{AF11A44E-87A6-4ABD-8713-3C178D60C753}\RP297\A0131762.sysThe strange thing is MBAM can remove it (after restarting the computer) but if I do another analysis the day after, or sometimes the same day, I have another file, at the same place but with a different name, for example:A0131762.sysA0114805.sysA0131682.sys...I also have Avira Antivir personal (free antivirus) and SpybotMy OS is Windows XPIs this a false positive?As aked before, here is the log in developer mode:-------------------Malwarebytes' Anti-Malware 1.30Database version: 1422Windows 5.1.2600 Service Pack 325/11/2008 13:20:57mbam-log-2008-11-25 (13-20-57).txtScan type: Full Scan (C:\|)Objects scanned: 188605Time elapsed: 1 hour(s), 45 minute(s), 30 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\System Volume Information\_restore{AF11A44E-87A6-4ABD-8713-3C178D60C753}\RP298\A0131994.sys (Trojan.Downloader) -> Quarantined and deleted successfully. [4134524130538380756679153780887977806669708313012225262018196620672123241918682266242218702169221919196625266770] Link to post Share on other sites More sharing options...
nosirrah Posted November 25, 2008 ID:36407 Share Posted November 25, 2008 This will be fixed in the next update . Link to post Share on other sites More sharing options...
volc Posted November 25, 2008 Author ID:36410 Share Posted November 25, 2008 OK thanksA question: I deleted this oneC:\System Volume Information\_restore{AF11A44E-87A6-4ABD-8713-3C178D60C753}\RP297\A0131737.sysIs it a problem for my computer?Also what should I do with all the same type files in my MBAM quarantine? Do I restore them? Link to post Share on other sites More sharing options...
nosirrah Posted November 25, 2008 ID:36427 Share Posted November 25, 2008 These files are in system restore and an be removed or restored without any problems either way . Link to post Share on other sites More sharing options...
volc Posted November 25, 2008 Author ID:36431 Share Posted November 25, 2008 all right, thanks to everyone for the replies! Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now