Viruses

First a reply for Cris: the people who use DC shouldn't put there programs or games that shouldn' t be shared, so don't pick on me for pirate programes. But that is OK, I understood your point (I hope:)).


Now the problem: I have Avira antivirus installed on my computer. I belived it was a good antivirus program at least considering that is free... But I start suspecting some activity on my PC... So I had installed a-squared antivirus. Well this one found a virus TR/BHO.Zango.A but didn't erase it, I erased with Avira. When I searched Avira database with viruses it was no information about it. And what bothers me most is the place where I found it: C:\System Volume Information. What is this C:\System Volume Information, because I looked on C:\ for such a folder or something and it wasn't anything? And more important, for how long could I have had this virus if I find it in that folder or what it is? Do you know by any chance what that virus could do, I mean not just damage because they all do that, but exacly what that virus does...


Thank you.

Comments

  • Hi Arina,


    Windows XP has a recovery system, called System Restore, which can be used to roll-back everything a few days (or more) in case something goes wrong and Windows doesn't function correctly anymore (like an infection, driver failure, or things like that).


    In the folder System Volume Information, folder which exists on every Drive you have, Windows keeps the information for these roll-backs (the information is called System Restore Point). This folder is a so-called system-folder and is hidden (you can make it visible from Folder Options). Also, thi folder is locked (if the partition is NTFS formatted) so you cannot access the files from it.


    Sometimes, a virus gets in these System Restore Points, by various ways:


    - when an AV product deletes a virus, Windows might think that the infected file might be important and makes a backup copy of it


    - viruses, sometimes, put a copy of themselves in this folder, especially because users will think that it's impossible to be a virus in a System Restore Point


    About the virus... as far as I found, it seems it's an adware, or a potentially unwanted program. You can find some details HERE and HERE.


    Cris.