space_man Posted March 19, 2010 AVG has started reporting threat detected File Name C:\System Volume Information\_restore etc. see attached jpg for details Threat Name Trojan Horse SHeur3.GWS detected on open The process name reported is C:\WINDOWS\system32|svchost.exe Which I assume is a restore checkpoint the system is trying to create. As the only option is to place offending file in tthe virus I don't think the checkpoint is being completed. All scans using Superantispyware do not detect any infections. Share this post Link to post Share on other sites
Seth Posted March 19, 2010 Hello. Please upload the the file to the following and post the results. http://www.virustotal.com/ After seeing the results, I'll provide further suggestions. Share this post Link to post Share on other sites
space_man Posted March 19, 2010 Unfortunately I cannot upload the offending file as when I attempt to restore it from the virus vault AVG then sees it as a threat and only allows it to go back to the virus vault. Is there any log file that I can provide to assist with the investigation ? Share this post Link to post Share on other sites
Seth Posted March 19, 2010 IMO, remove AVG and install Microsoft Security Essentials. With that being said, I suggest "layered" protection, as no antimalware product is 100% effective. If you agree to such, then I can offer further suggestions. Share this post Link to post Share on other sites
space_man Posted March 20, 2010 It seems that this has been caused by an attack earlier which whilst I cleaned it out, clearly left some carbage in the system restore file. This prevented the system taking automatic checkpoints. I just deleted all the system restore points and all is now OK. Thanks for your assistance, anyway. Share this post Link to post Share on other sites