Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: System Restore archiving sandbox files?

  1. #1
    Cyber 14 Guest

    Default System Restore archiving sandbox files?

    Hi all,


    I posted on this earlier, but I have new information that redirects the questions. If I am meant to edit the old question instead of post a new one, please inform me so that I may do that in the future.

    Zonealarm picked up a virus in my system restore data the other day called Virus.DOS.horse. Quarantined it and all was well. However, I am baffled as to how it got in there. I am careful with my browsing and downloading, I keep ForceField browser virtualization on at all times, and ZoneAlarm never alerted me previously to any infected files, even after scheduled scans. My only theory is that a temporary file from some internet-based program got infected and archived. Now, I've heard that some virtualization programs can archive sandbox data in system restore, and perhaps a sandbox infect-me decoy file from ForceField got archived somehow. Anyone know anything about this, or how to stop it? I haven't cleared my virtual data in some time. Not too worried as restore is an archive and viruses cannot run out of it unless a restore point is restored. It's just rattling anxiously around in my brain until I can get an answer.

    Secondly, I'm baffled as to how this file was brought to my attention. I had no scans scheduled for that day, and viruses cannot run out of restore, so on-access scanning is out. I did leave the computer idle for roughly ten minutes after starting it up, and my scheduled scans do get backed up as I don't use that computer too often, so it could have done a quick scan and picked it up, although I didn't know that quick scan scanned the restore files. Is there some background monitoring that could have picked it up even though it wasn't accessed? I'm using Zonealarm Extreme Security.

    Anyone have any alternative explanations for these questions? Anyone have any info on this virus?

    Thanks.

    Peace out and God bless.
     
     

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: System Restore archiving sandbox files?

    Hi!

    please follow ALL steps suggested here:
    Malware Clean-up Guidance

    Also read here for the future:
    xyz was not detected. What I should do?

    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    Cyber 14 Guest

    Default Re: System Restore archiving sandbox files?

    So you're saying I could still be infected? How come ZL didn't notice if it noticed it in the restore point so readily? A super scan came back with nothing, but I wasn't in safe mode.

    Thanks.

    Peace out and God bless.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: System Restore archiving sandbox files?

    Could be a false positive or a inactive left over. As suggested in guideline ensure to remove your restore point after you have cross checked you are clean and the system works fine.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    Cyber 14 Guest

    Default Re: System Restore archiving sandbox files?

    I'll remove the restore points the next time I boot up that computer. It's an old computer of mine and not at home, so I'll have to do it when I get time at work, where it is.

    I haven't had any problems, per se. Is it necessary to do the scan even if a regular super-scan picks up nothing? I would assume that ZL would pick up on virus-like behavior and alert the user even if it couldn't automatically stop or clean it.

    Thanks.

    Peace out and God bless.

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: System Restore archiving sandbox files?

    In case of infection (or possible malware presence) its always better to cross-check that your system is clean. Once scan of ZA is enough, but you shuould also use other free available malware tools. This is just for peace of mind. Again the malware cleanup guideline details the process.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    Cyber 14 Guest

    Default Re: System Restore archiving sandbox files?

    Just for clarification, a super scan in regular mode would still pick up any viruses, but they may only be able to be removed in safe mode?

    Also, I backed up some files from that computer after ZL quarantined the virus; pictures, documents and savegames mostly. I then took them home on a Lacie drive and scanned them, while still on the drive, with both ZL Extreme Security and McAffee Security Center, on different computers. Both scans found nothing. Does this mean they're clean. Can viruses elude security programs this well. I never knew viruses to be that subtle.

    Thanks.

    Peace out and God bless.

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: System Restore archiving sandbox files?

    Quote Originally Posted by Cyber 14 View Post
    Just for clarification, a super scan in regular mode would still pick up any viruses, but they may only be able to be removed in safe mode?
    Yes, this is the most common scenario

    Quote Originally Posted by Cyber 14 View Post
    Can viruses elude security programs this well. I never knew viruses to be that subtle.
    Unlikely with software like ZA Extreme where you have multilayer defence. But cannot be excluded.

    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    Cyber 14 Guest

    Default Re: System Restore archiving sandbox files?

    Thanks. I'm pretty sure I'm clean, but I'll run the additional scan just to be sure.

    I highly doubt that there's anything in the files I backed up. Considering all the scans I did, and the fact that ZL picked up the original virus so easily, and the fact that all of these backed-up files are on my main terabyte drive on my main PC as well, as a backup for the backup, and there are no problems on this PC, aaaand the nature of the files themselves, (excuse the run on sentance) I'm confident that they are not infected. Something would have given me some warning, even if they weren't cleanable.

    Correct me if I'm wrong.

    Thank you for your help.

    Peace out and God bless.

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: System Restore archiving sandbox files?

    yes... yes... as already said you are 99% fine... I can't speak however for the remaining 0.1%... you never know

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [Solved] Fix for trojan in your System Restore files..
    By gardenperson in forum Security Issues
    Replies: 5
    Last Post: November 6th, 2009, 12:25 PM
  2. Restore Quarantined files
    By zakeith in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 8
    Last Post: September 25th, 2008, 03:57 AM
  3. system restore
    By marklz in forum Access Issues
    Replies: 1
    Last Post: July 9th, 2008, 08:53 AM
  4. Are "bloated" system restore files due to ZA?
    By alandavidson in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 0
    Last Post: June 9th, 2007, 04:52 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •