no_viruses_plz Posted September 1, 2008 Hello, I found the following viruses and would just like to know if it is okay to remove. I just want to make sure that it's okay to remove these viruses, in case I accidently delete something I need. From the quick scan, I found four files: Trojan.Unclassified/C00-WL/A C:\WINDOWS\SYSTEM32\__C0011971.DAT C:\WINDOWS\SYSTEM32\__C0011971.DAT Trojan.Unclassified/C00-Installer C:\WINDOWS\Prefetch\~.EXE-3B3A448A.pf C:\WINDOWS\SYSTEM32\~.EXE From the deep scan, I found one file: Trojan.Unclassified/C00-Installer C:\SYSTEM VOLUME INFORMATION\_RESTORE{00A0FBA4-8A7B-4558-BAF6-C51A17F285BD}\RP222\A0012038.EXE Thanks. And how do you know if it's okay to delete something and not like, mess up the computer? If someone could explain to me, that would be very helpful. Share this post Link to post Share on other sites
Seth Posted September 1, 2008 If you're unsure of a particular file, you can upload it to VirusTotal: http://www.virustotal.com/ Share this post Link to post Share on other sites
no_viruses_plz Posted September 1, 2008 I can't upload it to VirusTotal, because I can't seem to find it/it doesn't show up when I click on Browse. Share this post Link to post Share on other sites
Seth Posted September 1, 2008 Right click on "My Computer" (or "Computer in Vista) and choose Explore to find the files. Or Start>Run, then type in explorer. You may have to 'Show Hidden Files" under Tools>Folder Options. Share this post Link to post Share on other sites
fatdcuk Posted September 1, 2008 Well first off when SAS removes files/reg values etc then they get held in quarantine zone of the software. They are not actually deleted from the computer completely and are easily restored should SAS delete something in error by going to quarantine option in SAS. As far C:\SYSTEM VOLUME INFORMATION\_RESTORE{00A0FBA4-8A7B-4558-BAF6-C51A17F285BD}\RP222\A0012038.EXE This is a file held by system restore. I usually flush system restore after cleaning an infection from a PC.This can be achieved by switching system restore *off* then swithching it back on again http://www.real-knowledge.com/flushres.htm HTH:) Share this post Link to post Share on other sites