Avast found this during a scan is this real or a FP?

Discussion in 'other anti-virus software' started by cheater87, Jan 13, 2007.

Thread Status:
Not open for further replies.
  1. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Its a Win32:Agent-EFO.

    Original file name A0045055l.exe,

    File ID 4.

    Its in C:\System Volume Infomation\_restore{129201FA-B0AC-49B3-96B2-DEB8B91I727B}
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    if u want to scan it at jottis or virustotal, u have to show "protected operating system files" to access it.

    otherwise, u can just disable/reenable System Restore to clear it out.
     
  3. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    How do I do disable and re enable it?
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  5. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    What will doing this do? Is it stuck in my system restores?
     
  6. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    idk if avast can delete a file from System Restore, so thats why i provided teh instructions on clearing it.
     
  7. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I put it in the virus chest to be safe. Is that a good place?
     
  8. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
    Have you tried a Boot Time scan with Avast.
     
  9. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    the virus chest is just like a quarantine.
     
  10. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I know.
     
  11. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Never did a boot time scan. What is it?
     
  12. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
    Boot-Time scan is an Avast feature that scans the computer on boot before windows starts up, very handy for getting rid of nasties that hide in places it's not possible to delete them from when the system is running.
    If you open Avast and right click anywhere on it a menu will pop up and on there you'll see "Schedule boot-time scan" click it a window will open to set the scan, make sure you tick "Scan all local disks" and "Scan archive files".
     
  13. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Ok. I'll do that later today. What should I do about the file in the quarantine?
     
  14. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    u can just delete it.
     
  15. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Upload the file to Jotti/Virus Total ;)
     
  16. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
    leave it there or delete it.
    Boot-time scans is just one thing that makes avast a winner.
     
  17. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Can someone tell me how to get to this file to have it sent to Jotti?
     
  18. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    open up Folder Options, go to the View tab, and untick "Hide protected operating system files".

    then just go to C:\System Volume Infomation\_restore{129201FA-B0AC-49B3-96B2-DEB8B91I727B} and the file should be there. just copy it to teh desktop or someplace and scan it using Jotti.
     
  19. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
    if you right click on avast you'll see virus chest
     
  20. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Where is folder options? Sorry its late.
     
  21. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    its in control panel or in the Tools menu of any Explorer window.
     
  22. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
    once your in the virus chest it gives you several options including emailing it staight to avast home
     
  23. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Oh i'll try that
     
Loading...
Thread Status:
Not open for further replies.