Malware in restore points

I understand that infections can carry into restore points but can someone explain to me how they get these filenames starting with "A" ? I have about 5 of these flagged by AV software all AXXXXXX.exe


C:\SYSTEM VOLUME INFORMATION\_RESTORE{593172EE-14D9-4262-8426-24BF2115D284}\RP4\A0002079.EXE

 

I am not a hacker software writer, but I think the file names are randomly generated. Most malware file names consist of number and letter combinations from what I have seen.

 

Yeah, but these file names are are not on the PC, only in the restore points. That is what I don't understand. First thing I did with this pc was delete the existing restore points, so there never was a file named 'A0002079.EXE' actually on the pc.

 

System restore apparently makes up file names for items that are stored in the folders. The actual name is stored in the log somewhere else. I am not sure why the Operating System would make up new names. You will probably have to direct that question to Microsoft.

 

Thank you! That is all I was looking for !

Was that quote taken from a MS document or another post?

 

So I guess it would not ne wise to manually delete a folder? I don't want to wipe out all the restore points - just the ones with viruses.

 

Here is the link to the article that I quoted.

http://www.maxpc.co.uk/tutorials/default.asp?pagetypeid=2&articleid=44376&subsectionid=710

 

I am not sure if information in one restore point would have any connection to other restore points. I had a similar situation with a trojan file that was in a restore point. I just let the restore point get overwritten after I used a utility to deactivate the trojan. I did not have any recent important program updates when I got the trojan, so I could have done a system restore. But I decided to hit the trojan head on and remove it from the registry and system folders.

 

Again, Thank You