Jump to content
Shanks

Unclassified.Unknown Origin?

Recommended Posts

Three weeks ago my weekly scan picked up:

Adware.ZToolbar

E:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP168\A0017087.INF

I assumed SAS dealt with it and left well alone.

I have noticed now that on subsequent weekly scans I get the message:

Unclassified.Unknown Origin

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019697.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019698.EXE

D:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019699.EXE

D:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019700.EXE

E:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019701.EXE

E:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019702.EXE

H:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019703.EXE

H:\SYSTEM VOLUME INFORMATION\_RESTORE{7A04CA2E-79E9-4FC4-9F6D-0797D9DDF49A}\RP172\A0019704.EXE

How come when the file has a .inf suffix it is recognised as adware, but when it has the .exe suffux it is unknown?

As it is only in the restore files should this be a concern to me anyway?

Cheers

Share this post


Link to post
Share on other sites

Welcome Shanks.

Nick can confirm, but I suspect that SAS is finding .exe variants of the ZToolbar that it detects as malware, but hasn't classified it yet.

The System Restore Folder is a very precarious folder to scan. I've noticed that scanners often show different results when scanning that folder. Once I've disinfected a system, I delete the restore points by disabling System Restore, rebooting, then enabling System Restore.

That should clear up the subsequent scan issue for you.

Share this post


Link to post
Share on other sites
Thanks for the response Seth :) I will disable System restore, restart and see what happens on the next scan.

Cheers

Please let us know what you find. You can also tell SUPERAntiSpyware not to scan the System Volume Information folder.

Share this post


Link to post
Share on other sites

Thanks to both of you for responding to this thread, I did what you suggested.

Turned off System restore, rebooted and ran a full scan. It came up clean as a whistle - no infections or malicious files found anywhere.

I was aware that you could ask SAS not to check this area but i had thought - perhaps mistakenly and due to one of those internet myths - that some infections can get themselves in there and cause all kinds of havoc if you ever tried a restore with that file.

Anyway the way it works now is fine for me - check everywhere and find nothing :D:D

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×