Malware in restore points

Discussion in 'malware problems & news' started by ajcstr, Aug 5, 2007.

Thread Status:
Not open for further replies.
  1. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    I understand that infections can carry into restore points but can someone explain to me how they get these filenames starting with "A" o_O? I have about 5 of these flagged by AV software all AXXXXXX.exe


    C:\SYSTEM VOLUME INFORMATION\_RESTORE{593172EE-14D9-4262-8426-24BF2115D284}\RP4\A0002079.EXE
     
  2. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I am not a hacker software writer, but I think the file names are randomly generated. Most malware file names consist of number and letter combinations from what I have seen.
     
  3. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    Yeah, but these file names are are not on the PC, only in the restore points. That is what I don't understand. First thing I did with this pc was delete the existing restore points, so there never was a file named 'A0002079.EXE' actually on the pc.
     
  4. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    System restore apparently makes up file names for items that are stored in the folders. The actual name is stored in the log somewhere else. I am not sure why the Operating System would make up new names. You will probably have to direct that question to Microsoft.

     
  5. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    Thank you! That is all I was looking for !

    Was that quote taken from a MS document or another post?
     
  6. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,270
    Location:
    England
  7. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    So I guess it would not ne wise to manually delete a folder? I don't want to wipe out all the restore points - just the ones with viruses.
     
  8. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
  9. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I am not sure if information in one restore point would have any connection to other restore points. I had a similar situation with a trojan file that was in a restore point. I just let the restore point get overwritten after I used a utility to deactivate the trojan. I did not have any recent important program updates when I got the trojan, so I could have done a system restore. But I decided to hit the trojan head on and remove it from the registry and system folders.
     
  10. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    Again, Thank You
     
Loading...
Thread Status:
Not open for further replies.