Eicar.com in restore folder ?

Discussion in 'NOD32 version 1 Forum' started by Jaewyn, Jan 19, 2003.

Thread Status:
Not open for further replies.
  1. Jaewyn

    Jaewyn Registered Member

    Joined:
    Jan 18, 2003
    Posts:
    30
    Hi. After testing of eicar.com file, I delete it then empty my trashcan...
    And hours later, suddenly amon warned me it has found eicar.com in a restore folder.

    First question : how is it possible eicar.com ended in this folder ?

    Second question, how to delete it from there ? If I searched for eicar.com in my computer it doesnt find it. And I have heard there are some stuff to do to delete something from restore folder, but I have searched and I havent found again where I have found the information yesterday :)

    Thanks :)

    And congratulation for NOD32, it is a very good AV :) I hope your upcoming firewall will be so good :) Don't forget a firewall should be easy to use and powerful :) I like kerio interface, I hate tiny firewall 4 interface (too hard to do something with it) :)
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi Jaewyn,

    Have a look at this thread on how to act if ever a real virus were to end up in your restore folder: http://www.wilderssecurity.com/showthread.php?t=4066;start=0

    Regards,

    Pieter
     
  3. Jaewyn

    Jaewyn Registered Member

    Joined:
    Jan 18, 2003
    Posts:
    30
    Thanks, it is fine to have such a quick answer...

    I wonder how this file ended in this folder :)
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Obviously a restore point was created during the time the Eicar file was still present on your system.
    There is no need to remove it by the way, it will disappear in time.

    Regards,

    Pieter
     
  5. Jaewyn

    Jaewyn Registered Member

    Joined:
    Jan 18, 2003
    Posts:
    30
    I did the procedure to remove it, because it was ennoying to have the amon warning message :)
     
Thread Status:
Not open for further replies.