My Avira scanner found this in it's regular scan last night and performed the action noted:
QuoteVirus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\System Volume Information\_restore{68480595-7674-485C-A152-6C9D5382B3BE}\RP1056\A0187627.exe.
Action performed: Deny access
Then Windows did an update. After the computer rebooted, I created a new system restore point.
I see that the malware found was in a system restore point. I'm assuming I should delete all restore points but the one I just made. Is that correct? And, once I do that, is there anything else I need to do?
As always, thank you so much for your help!
Hi, pastywhitegurl. Yes, that would be the best step to prevent inadvertently restoring the computer to an infected point.
First, create a fresh restore point:
1. Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.
2. Click Create a Restore Point, and then click Next.
3. Name your restore point. (i.e., clean)
4. Click the Create button.
5. When the new restore point has been created, click Close.
Now select the files to be removed as well as all but the new restore points:
- Click start-->Run and type cleanmgr into the run box and then click "OK".
- Select the drive where Windows is installed (if you have more than one drive) and click "OK".
- When the scan completes, check/uncheck desired boxes.
- Next, please click the More Options tab at the top.
- Click the "Clean up..." button under the System Restore section at the bottom.
- Answer Yes to the question "Are you sure you want to delete all but the most recent restore point?".
- Click OK and answer Yes again.
The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.
Have you run an updated scan with MBAM and/or SAS?
Did the clean up of old restore points as instructed.
And the MBAM scan showed everything clean.
I appreciate the help, Corrine. Thanks!