Jump to content


  • Content Count

  • Joined

  • Last visited

About OldOzzi51

  • Rank
  1. Thank you Madeline and GuiltySpark for your assistance and concern. After talking to Michael at customer service I discovered that the SAS program that was installed was a version that was no longer supported. Uninstalling this and installing the latest version confirmed that the problem was indeed a false positive. What surprised me was that I had never received advice from SAS that either there was a newer version of the program available or that the version I was using was no longer supported. I would always click the update button before scanning but I never received a message other than one confirming that my database was up to date. Which as it turned out was actually incorrect. I'm still none the wiser as to how to open the SVI folder but now this is immaterial.
  2. Thank you for your continued help GuiltySpark. I use MS Security Essentials and neither this nor Malwarebytes detects any infection. I suspected it may be a false positive and so I used the SAS link to report it as a suspected FP. That was 5 days ago and I have received no feedback from them, and the SAS program continues to detect it, and so I assume it wasn’t a FP.
  3. Thank you for your continued help Madeline. Whether the methods discussed remove all of the restore points or not, I have tried ALL the methods offered, including using CCleaner and System Restore Explorer , and none of them remove the infected restore.dll file. Every time I run SAS it detects a restore.dll file infected with Trojan.Agent/Gen-FakeAlert.
  4. Thank you for your interest GuiltySpark. No, this is not an external drive that is infected. I'm sorry but I can't remember all of the methods that I have tried to open the SVI folder. All I know is that after Googling "how to open System Volume Information folder in Windows 7" I have tried every suggested method that I could find. However none were successful.
  5. Thank you Madeline for your suggestion but yes I have done this. My understanding of Windows 7 though is that it deletes all but the last restore point so doing this will always leave one. Thus the trojan remains. This is why I wanted to try and manually delete all restore points but I am still unable to open the folder. Is the only solution to reformat and re-install windows?
  6. SAS detects Trojan.Agent/Gen-FakeAlert in the System Volume Information Folder but it is unable to delete it. The OS is Windows 7 Home Premium. The SAS program says that the infected file is quarantined but even if I delete this from quarantine the Trojan is still detected if the folder is scanned again. I have turned off system protection for the drive but SAS is still unable to delete this Trojan from this folder. I have tried to access the folder so that I can manually delete this .dll file but I have been unable to open the folder. I have searched the net and I have tried all the suggested methods for opening this folder, including the C:\>cacls “c:\system volume information” /E /G username:F command in cmd.exe. However I still receive the message “access denied”. Can someone advise me either how to open the System Volume Information Folder or what to do so that SAS can access this folder?
  7. SAS detects Trojan.Agent/Gen-FakeAlert in System Volume Information folder and although SAS claims to quarantine it, it still detects it again when the HD is rescanned. Even when the infected restore file is delete from quarantine and system protection is disabled and re-enabled and all restore points are deleted. The computer has no other symptoms of an infection other than this detection by SAS. How can I tell if the computer is infected or if it is a false positive? If it is infected why is SAS unable to remove it? Neither MS Security Essentials or Malwarebytes detect this virus.
  • Create New...