Hi,

I am evaluating TDS-3 and I received an alarm for a suspicious file named:

a0000566.hta in the system volume information/_restore folder. Should I be concerned and should I delete this file. Thanks for any info that you can provide.

Rich

Hello richrf and welcome!
Youmight like to disable system restore a moment, reboot, enable system restore and make another new system restore point; with the first action all former system restore points are deleted, with the next you have a new clean point to start with so eventual infections or suspiciousities form former occasions can't come back in the running system anymore!
Happy evaluating!

Hi,

Thanks for the reply. From your reply it looks like there should not be a .hta file in the system volume/_restore folder. Is this right? Also, can you tell me how do I turn off the system restore feature and then turn in on again. Thank you for all of your help.

Rich

Hi richrf,

-{ Quote: "From your reply it looks like there should not be a .hta file in the system volume/_restore folder. Is this right?" }-

Well that's not exactly right. The System Restore area can end up with all kinds of files in it, good ones and bad ones. Windows copies various files from your active system to the System Restore area in order to allow you to "roll your computer back" to how it was at a previous point in time. If you have a problem with your computer today, you can use System Restore to set it back to a point when it was working fine, like yesterday.

To do all this, System Restore will make "restore points" and copy many types of files into these areas. Sometimes virus and trojan files can end up in there, too. The only way to safely clean virus or trojan files out of the System Restore area is to cycle it off and then back on which removes all the old restore points (and those bad files) and let's you start fresh and clean again.

-{ Quote: "can you tell me how do I turn off the system restore feature and then turn in on again." }-

Here are a couple links regarding how to cycle / clean out System Restore. They are both good. (I provide both because sometimes one site of the other may not be available at the moment you may click the links):

http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039

Hi,

That detection in TDS-3 is a little overly sensitive now that Microsoft uses a lot of HTA files - especially in Windows XP. I think they use them for the tour and welcome, among other things :)

I'd just leave it, any dangerous HTA files and others involved in exploits and viruses should be positively detected by your AV or TDS, or both.

Thank you very much for your help and replies.

A warm holiday season to all,

Rich