Malware in restore points

Discussion in 'malware problems & news' started by ajcstr, Aug 5, 2007.

Thread Status:
Not open for further replies.
  1. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    183
    I understand that infections can carry into restore points but can someone explain to me how they get these filenames starting with "A" o_O? I have about 5 of these flagged by AV software all AXXXXXX.exe


    C:\SYSTEM VOLUME INFORMATION\_RESTORE{593172EE-14D9-4262-8426-24BF2115D284}\RP4\A0002079.EXE
     
  2. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I am not a hacker software writer, but I think the file names are randomly generated. Most malware file names consist of number and letter combinations from what I have seen.
     
  3. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    183
    Yeah, but these file names are are not on the PC, only in the restore points. That is what I don't understand. First thing I did with this pc was delete the existing restore points, so there never was a file named 'A0002079.EXE' actually on the pc.
     
  4. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    System restore apparently makes up file names for items that are stored in the folders. The actual name is stored in the log somewhere else. I am not sure why the Operating System would make up new names. You will probably have to direct that question to Microsoft.

     
  5. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    183
    Thank you! That is all I was looking for !

    Was that quote taken from a MS document or another post?
     
  6. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    10,035
    Location:
    UK
  7. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    183
    So I guess it would not ne wise to manually delete a folder? I don't want to wipe out all the restore points - just the ones with viruses.
     
  8. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
  9. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I am not sure if information in one restore point would have any connection to other restore points. I had a similar situation with a trojan file that was in a restore point. I just let the restore point get overwritten after I used a utility to deactivate the trojan. I did not have any recent important program updates when I got the trojan, so I could have done a system restore. But I decided to hit the trojan head on and remove it from the registry and system folders.
     
  10. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    183
    Again, Thank You
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.