Someone please help me

ok one of the computers that is running the new antispyware found this:

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP300\A0029019.exe -> Heuristic.Win32.Dialer : No action taken.

I quarantined it. Can I remove it? I cannot send the file for support because I have no "Help" file. so now what do I do?


robin

 

Re: AVG Anti-Spyware 7.5 is the new Ewido release

and this?

can this be removed too? I also quarntined them

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP280\A0023918.dll -> Adware.Comet : No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP292\A0024008.dll -> Adware.Comet : No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0028971.dll -> Adware.Comet : No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP300\A0029039.dll -> Adware.Comet : No action taken.

 

Re: AVG Anti-Spyware 7.5 is the new Ewido release

wait a sec i lost you, I want to know if these files can be removed safely or is this a falst positive. I know how to remove them.

You did not answer that part.

robin

 

Re: AVG Anti-Spyware 7.5 is the new Ewido release

Unfortunately, without copies of the actual files, we cannot tell you anything, sorry... If possible, could you please submit them?

http://www.ewido.net/en/malware/

 

Re: AVG Anti-Spyware 7.5 is the new Ewido release

When they are in system restore format the only way to know what the actual file names are or if they are false positves would be to do a system restore which you probably do not want to do

Since you have them in quarantined....you could unquarantine those items and send them to the address peter.ewido suggested.

Bubba

 

I put this in another thread but i do not think it belonged there anyway.
I ran a full complete scan with the new AVG Pro antispyware on xp home service pak 2

It came up with these files below so I did not know if I should delete it completely so I put them in quarantine.


C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP300\A0029019.exe -> Heuristic.Win32.Dialer : No action taken.


C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP280\A0023918.dll -> Adware.Comet : No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP292\A0024008.dll -> Adware.Comet : No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0028971.dll -> Adware.Comet : No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP300\A0029039.dll -> Adware.Comet : No action taken.

Someone said to run the program with system restore off. Ok I went into Quantine and "restored" the files to see what would happen and turned off System Restore and ran a new complete scan. Now it comes up and says there are no infected files. (umm I restored them- why is it saying this?)

Ok so I turn System restore back on, rebooted the computer and ran another complete scan and it is clean. WHY? these files were restored back. What happened to them? And why did this happen in the first place, You normally do not turn off system restore when scanning.


thanks
robin

 

Re: AVG Anti-Spyware 7.5 is the new Ewido release

take a look at my post "please help me"

now explain what happend?

I did not click Delete- I clicked RESTORE


robin

 

Re: AVG Anti-Spyware 7.5 is the new Ewido release

Peter I cannot because they are gone- Look at my post Please help me"

Also peter, when are you going to add the Help file to the program. I am to return this computer to my client Thursday this week and I was wondering if this update was going to be done before then so I can update his program

robin

 

There was no problem but perhaps it is best that the assistance does continue in this thread you have started and I have taken the liberty to move all relevant posts here.

There are 2 parts to this situation so we'll need to separate them.

1) When you turned system restore off(which is a valid recommendation BTW)....you removed all evidence of system restore information which means there was zilch\nothing\nada for any anti-malware program to find.

2) We now have to determine what was actually contained in the quarantine. Did you happen to save a Report of what was actually found ??

Bubba

 

When you disable system restore you delete all your restore points. When you turn on system restore you create a new set of restore points.

Since your files were among your restore points they were deleted and cannot be recovered. It is very unlikely you would want them back again, so your problem is resolved.

Edit - beat me to it there Bubba

 

Yeah but there is # 2 if you wish to explain it better than I possibly did

 

That was the report, in the first post. I took that from the report info.

robin

 

Well that could be tricky 'cos I don't suppose the Report is going to be any more helpful regarding what has been deleted than that which has already been posted.

Edit - now you've beaten me robinb, I don't type quick enough.

 

That was my thoughts also but wanted another pair of eyes

If I was given a guess....I'd guess the adware.comet entry were cookies and why they weren't found in subsequent checks is mute and should be chalked up as oh well. The Heuristic.Win32.Dialer entries as far as We know could have been false positives initially since there have been a few posted in the past but with the actual file names We will never know and they also could be chalked up as oh well.

Bubba

 

I did a check all over the computer to see if anything was not working correctly. I looked in event viever and so no errors. Hopefully it did not delete anything that was really needed in the first place.

What I am concerned about this is going to be used by someone who really is cluless and will do the recommendations of the program. He will not know to shut off system restore nor will most un techy users.

He will just quarantine the files. Ewido (AVG antispyware) should know what to do with them in the first place.

robin

 

Unfortunately that individual has a rough road to hoe and they are only 1 of a million ? individuals that are less knowledgeable. However....FP's are a fact no matter what anti-malware We are speaking of. If these individuals desire further knowledge hopefully someone will suggest where they get this knowledge. If they are individuals that when presented with a scan result or a pop-up or any kind of decision making and they are those that simply say OK....what ever you need just do it ....then they are I'm afraid always going to have issues no matter what security\privacy program We are speaking of. If one wants to be on the net now a days and dance....you gonna have to pay the fiddler and learn safe hex. You can not put the whole monkey on the back of security\privacy programs. The days of wheely kneely on the net has long been gone unfortuantely.

Bubba

 

true but when you are dealing with the "older generation" (most of my customers are 55+) you are dealing with people that are totally clueless. I made a faq for Ewido for these type of users on what to delete and what to quarantine, and most of the time I have them quarantine the file. Safer than deleting them. The only ones I tell them to delete are the cookies. This way they run into less trouble. I have clients that I do a monthly maintenance on their computers because either they are totally clueless or terrified to do it themselves, but i also have clients who will do it themselves but are still clueless. In fact even the "younger generation" will get a program put it on and do nothing or do worse delete files that they really should not be deleting.

Even I do not know everything and that is why I come here for help since there are alot here much more knowledable then I am, especially in this program and I use what you tell me for future use with clients.

But the program needs to be a bit user friendly for the majority of the people who are clueless and I say it is a major majority.

robin