ewido and system restore folder

Have just started using ewido did a scan yesterday and it found a couple of files in the restore folder which it cleaned, what i don't understand is i thought the restore folder could not be cleaned. thinking it could not have deleted the files in there i rebooted computer and ran another scan and it came back clean and the files it cleaned are in quarantine so how can ewido clean these files when antivirus software can not touch anything in this folder

 

i emailed edwido on this matter and they said i must have had system restore deactivated but i haven't also if system restore was not turned on then surely nothing would be found in there. what i need advice on is should i restore the items and then turn off restore which will delete all the restore points and then turn it back on system restore seems to be working ok as it is making restore points everyday have attached a log on what edwido found and cleaned any advice would be very helpfull

 

personally, I would end the system restore service / disable it

reboot into safe mode (beginning boot process press some times F8 - choose safe mode)

then let adaware, spybot and ewido run. if they come up clean: reboot into normal mode and enable your system restore again.

there is not point in keeping the compromised restore points.

just my two cents


Inf.

 

spybot, adaware say there is no malware found and edwido after cleaning files from restore show everything is clean,
what i have a problem with is what are the files edwido has cleaned from restore when nothing is allowed to alter or modify anything in your restore folder
i always delete all my restore points every week then turn back on, i had only just done that the day before edwido found infected files
i am just worried that a program has been able to clean out infected files in restore. should i put the files back in restore then turn off restore

 

thank you for replying my worry is this, not that i have any malware or trojens on my system i always delete all my restore points once a week then turn back on plus all my other malware program scans come up clean, my problem is that edwido cleaned files from restore when Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations. not even edwido support staff have been able to tell me how it has managed to clean infected files from restore folder i just think it is a bit worrying

 

the way I see it: Ewido uses a low level kernel driver and therefor can scan/modify/clean exe's, dll's or whatever used by the system, even if they are in use.

that is what is happening. (I think)

if someone can correct me: please do (shouldn't be that much of a prob here at wilders I guess )

Opt.

 

had a email back from ewido and this was there answer
Thank you for your request.

Unfortunately, we are as surprised as you are.

We really don't know how this was possible, maybe there is a problem with the
System Restore feature of Windows XP or it has been temporarly disabled by
some kind of malware.
so i am still none the wiser as system restore seems to work ok and nothing had disabled it

 

Maybe you made a mistake and thought that the system restore viruses had been deleted when in fact they were only reported...
Turning off system restore deletes all past restore points.. so if you did that before running a new scan.. it would then show the computer as clean... making you think that ewido had cleaned the files.

 

ewido said it cleaned files from restore i didn't belive that it could have so ran another scan which came back clean but i did not disable system restore.
Thinking that something is wrong here i am now scared to disable restore in case i can't get it to work again.
the funny thing is i had done a scan with ewido a couple of days before and it found nothing the only thing that changed from then to it finding malware in restore folder was me doing the security upgrade to mesenger which when i first tried somehow ended up with the beta 7 version so uninstalled that and got the upgrade to 6.2 all of which shows up in restore.