The following came up and as it is the first I have received after using Node32 for some years I am not sure how to tackle it: Threat found Alert Object: E:\System Volume Information\_restore(6DED10A1-A7...\A0116173.exe Threat: a variant of Win32/AdInstaller application Comment: Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. Please submit this object to ESET for analysis. Can someone explain what I should do about it please. How to I submit it to ESET?. I hit the 'Leave' button: should I hit the 'Delete' button?.
That's a heuristic detection by ESET. Do this, locate the file and upload it here (to check if it's a false alarm or not). If it's not please purge your system restore. If you want to submit it to ESET, locate the file, put it in a password protected zip and e-mail it to samples(at)eset.com. Include the zip's password and this thread's URL in the e-mail body. thanatos
Anything "found" in the System Volume Information folder is being deleted from System Restore. In other words you (or NOD32) deleted the file ages ago, Windows backed it up in System Restore (SR) and now it's being deleted to make room for more files. The file is not active and is detected by NOD32. It's not infecting your PC, it's just being deleted from the SR folder. There is nothing more to do really as it's gone from your PC...
Hi! Submission of files detected as "a variant of" and "probably variant of" isn't necessary, because it's generic detection, not AH. Submit these files only if you know that it was false positive. Regards, Lukas
Thanks for the info you have put my mind at rest as I certainly didn't know how to tackle it. Cheers.
I appreciate your help. I wasn't sure how to submit the file to ESET although on this occasion I won't submit this file after reading some of the other replies. Cheers.