On demand scanner query

Discussion in 'NOD32 version 2 Forum' started by seakiwi, Aug 1, 2005.

Thread Status:
Not open for further replies.
  1. seakiwi

    seakiwi Registered Member

    Nov 4, 2004

    I have NOD set to do a full system scan once a day, which runs during the night. When I got up this morning there was a notification saying an infiltration was found during the scan. When I checked the log details I found:

    C:\System Volume Information\_restore{E6ACBCE2-A3E9-47F4-BB7D-59DA41CBFBE7}\RP522\A0022080.exe - Win32/Adware.BackWeb.A application
    C:\System Volume Information\_restore{E6ACBCE2-A3E9-47F4-BB7D-59DA41CBFBE7}\RP549\A0023277.exe - Win32/Adware.BackWeb.A application

    I'm not too worried about the backweb thing - evidently it comes as part of the HP center (for HP updates?) which I recently turned back on just out of curiosity to see if any updates would show up (they haven't so far).

    The two things I want to know are:

    When the on demand scanner notifies of an infiltration there doesn't seem to be any options anywhere to actually do anything about it. If I right click on those entries there is no option to delete, quarantee, fix etc. If I want to do one of those things, how do I do it from there? Do I have to go track down those files manually and deal with them?

    Secondly, those entries appear to be within a system restore point file - is that correct? Is there any special way one should deal with those?

    BTW I ran full scans with SpyBot and Adaware and they both came up clean. Neither of them tagged these files.

    TIA to anyone who can enlighten me with this.
  2. ronjor

    ronjor Global Moderator

    Jul 21, 2003

    Turn off system restore, restart, do another scan, and you should be clean. Turn on system restore when through.

    Although NOD sees the virus or trojan, Windows is not going to allow programs to mess about in System Restore.
Thread Status:
Not open for further replies.