Shanks Posted June 4, 2007 Three weeks ago my weekly scan picked up: Adware.ZToolbar E:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP168\A0017087.INF I assumed SAS dealt with it and left well alone. I have noticed now that on subsequent weekly scans I get the message: Unclassified.Unknown Origin C:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019697.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019698.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019699.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019700.EXE E:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019701.EXE E:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019702.EXE H:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019703.EXE H:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019704.EXE How come when the file has a .inf suffix it is recognised as adware, but when it has the .exe suffux it is unknown? As it is only in the restore files should this be a concern to me anyway? Cheers Share this post Link to post Share on other sites
Seth Posted June 4, 2007 Welcome Shanks. Nick can confirm, but I suspect that SAS is finding .exe variants of the ZToolbar that it detects as malware, but hasn't classified it yet. The System Restore Folder is a very precarious folder to scan. I've noticed that scanners often show different results when scanning that folder. Once I've disinfected a system, I delete the restore points by disabling System Restore, rebooting, then enabling System Restore. That should clear up the subsequent scan issue for you. Share this post Link to post Share on other sites
Shanks Posted June 4, 2007 Thanks for the response Seth I will disable System restore, restart and see what happens on the next scan. Cheers Share this post Link to post Share on other sites
SUPERAntiSpy Posted June 4, 2007 Thanks for the response Seth I will disable System restore, restart and see what happens on the next scan.Cheers Please let us know what you find. You can also tell SUPERAntiSpyware not to scan the System Volume Information folder. Share this post Link to post Share on other sites
Shanks Posted June 9, 2007 Thanks to both of you for responding to this thread, I did what you suggested. Turned off System restore, rebooted and ran a full scan. It came up clean as a whistle - no infections or malicious files found anywhere. I was aware that you could ask SAS not to check this area but i had thought - perhaps mistakenly and due to one of those internet myths - that some infections can get themselves in there and cause all kinds of havoc if you ever tried a restore with that file. Anyway the way it works now is fine for me - check everywhere and find nothing Share this post Link to post Share on other sites