Help

[hkw]

There is occurrence of harmful or infected files/folders found in System Volume Information by Avira AntiVir Premium from time and time. Is there any means to avoid this occurrence or how can I deal with this from now on except scanning and removal by Avira in normal way?

Thanks for the kind assistance!

[daledoc1]

Hi, hkw:

Until someone more expert arrives, it sounds as if you have some malware remnants in your computer's restore points.

You can just turn off System Restore, which will wipe out all your restore points.

Then scan again with fully updated versions of MBAM and Avira.

You can turn System Restore back on after that.

HTH,

daledoc1

[hkw]

Do you mean I have to back-up all my documents and start deleting all old system retore files/folders?

Can you clearly specify the steps of performing this task as haven't been dealt with before? Aferwards, how am I going to set up again my System Restore again?

Thanks for the advice and guidance!

[hkw]

Will someone render assistance and help on this problem? Many thanks!

[daledoc1]

Hello, hkw:

I don't think you mentioned what OS you have, so here are instructions to turn off/on System Restore for both Vista/Win7 and XP

For Windows 7/Vista:

http://www.sevenforums.com/tutorials/81500-system-restore-enable-disable.html

For Windows XP:

http://support.microsoft.com/kb/310405

If the positive malware detections are ONLY in those old restore points, then temporarily disabling System Restore should eliminate them.

This does not delete your files and folders.

Then, update your AV and MBAM and scan with both programs.

If you are clean, then it is OK to enable system restore again.

If not, let us know, and we'll go from there.

HTH,

daledoc1

PS Backing up your data files is a ~separate issue, and it's always a good idea to regularly backup your files/folders either to an online, off-site service (such as Carbonite or Mozy), and/or to an external HDD, using Windows backup, simple copy/paste, or any one of several 3rd-party backup utility programs.

[hkw]

I'll backup my files first and have System Restore turn-off and resume thereafter and advise you on the result.

Many thanks!

[hkw]

daledoc1: I have sytem restore closed as recommended and performed complete system scan by Avira Antivir Premium and MBAM. I removed all trojans and adwares detected thereafter. There is one file left after detection by your MBAM which cannot be removed. The file details are :

File: C:\Documents & Settings\funshion\historytorrent\十三刺客.MP4.fsp

Detected as Adware funshion

I tried to remove it from Quarantine and it still exists after exit & reclick on MBAM icon again.

The file still exists on quarantine page even with its removal & system reboot.

Please advise how I can remove this file before I can resume my System Restore back again and thanks for the assistance again.

[daledoc1]

Hi, again, hkw:

It appears you have some lingering malware remnants on your system.

Alas, we cannot work on malware detection/removal in this part of the General MBAM forum.

The following information will help you get started on the cleaning process.

If you would like expert assistance with cleaning your system, there are 3 support options from which to choose:

• Option 1 -- Free, Expert advice in the Malware Removal Forum
  
• Option 2 -- Free support for paying customers using MBAM PRO -- Contact MBAM Support via email
  
• Option 3 -- Premium, Fee-Based Support
  

OPTION 1

As we don't deal with malware removal in this General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so that a qualified helper can help you fix any malware related problems/infections you may have.

• First, please print out, read and follow the directions here, skipping any steps you are unable to complete.
  
• If the infection has so crippled the computer that you cannot follow most/all of the requested steps, then please just proceed as advised below:
  
• Then please post a NEW topic here.
  
• When posting your new thread, please make sure that, under "options", you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  
• One of the expert helpers there will give you free, one-on-one assistance when one becomes available.
  
• Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  

IMPORTANT NOTE:Please DO NOT post back to your topic or "bump" it within the first 48 hours.

Replying to your own posts changes the post count from zero. Helpers are looking for topics with zero replies. If you reply to your own post, helpers may think that you're already being helped and thus may overlook your post. This will only delay your obtaining assistance.

• 
  o If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
  Or
  o You may send a Private Message to a Moderator asking for assistance.
  

OPTION 2

Alternatively, as a paying customer using MBAM PRO, you can contact the help desk at support@malwarebytes.org or here.

OPTION 3

If you would like to use the Malwarebytes Premium Services (Comprehensive solutions to all your computer support needs -- from installation and set-up to troubleshooting and tune-ups), please go to the Malwarebytes Premium Services support site.

Please be patient -- someone will assist you as soon as it is possible.

Thanks very much!

daledoc1

PS If you are using torrents and other P2P software, you will always be prone to infection. So, it would be best to uninstall all such programs before starting the cleaning process. You malware removal expert might actually require that you do so, in order to conform to MBAM support policy.

[hkw]

daledoc1 : Thanks a lot for your guidiance and processing steps which I will then perform and start a new post in Malware Removal - HijackThis Logs if those failed to seek for your expert assistance.