01-20-2012 12:16 PM
It is as I said a pc I kept off line since 2009. Restore points available are from now and back to 4 months only. But it 's impossible that the infection occurred during the last 4 months off the net and not 3 years ago, besides kuang2 is an old trojan comparatively.
So it's rather sure that the infected restore point is prior to the 4 months available to restore now, and thus I can never return there.
The problem that arises it's I want to install a new AV and before that I scanned for infections, given that I know there were such.
Do not want to install AV on infected system.
As for the rest, I see that everybody that argued before, afterwards accepted the first answer, that is delete infected file through AV, shut down and reopen system restore and rescan.
I only do not understand why AV did not detect the infected file itself but the address of it so to speak in system volume information folder.
01-20-2012 01:03 PM
You got it correctly.
The windows will create System Restore points automatically by taking snapshot of the windows files, disregard of good/bad or virus files. And those files were protected by WFP (Windows File Protection) , which will not allow other softwares or AV's to modify or remove them. That's why they are pointing their hands towards sys volume info if a threat has been detected.