Threats found in SystemRestore Folder

Hi there!
My COMODO found these threats, most of them are in SystemRestore Folder. How should I proceed?

[attachment deleted by admin]

I think you can safely delete the threats found in system restore but wait for the experts comments here.

The last 2 threats found in G drive needs to be checked. You can upload them to & & post the results here.

I am scared about deleting them because they are in System Restore and I am concerned if I do delete them that System Restore won’t be working properly.

The other two entries are known to me, they are ok

Try malwarebytes or something else to verify the findings.
When one thing finds something.

I ran Malwarebytes and it found nothing, including all partitions (system partition and two data partitions).
What do you think, can I delete these threats placed in System Restore Folder?

If malwarebytes did not find anything, we are still on the point where false positives are possible.

I would now make a scan with emsisoft free (a-squared) to be sure.
I suggest that because you get two second opinions from “3” different engines.
Malwarebytes is very handy. So its the first hint.
As it did not find something,
its time for the last step.

If BOTH do not find anything, i would personally expect the only detection as a false positive.
Then you could send these files to comodo (if you are fine with that) as a false positive and look what happens.

I didn’t find this version you suggested.
I found:
EMSISOFT Internet Security Pack 7.0 (30 days test version)
EMSISOFT Anti-Malware 7.0 (30 days test version)
EMSISOFT Emergency Kit 3.0 (free)

Emsisoft antimalware is a package that provides more than the antivirus.
You can use this package for 30 days as a trial.

But you can also choose to use the free version in it!
Thats just the scanner. As allways, look in the windows before you press ok.
A second opinion should NOT contain a guard or something. To avoid interferrences. Thats why the free versions of these two are ideal.
Additionally they have a slightly different approach. And 3 engines.

In my eyes a good combination.

you mean with these two malwarebytes and emsisoft, right? So I should install free version of emsisoft antimalware and in this free version is just the scanner? What do you mean with 3 engines and 2 second opinions?
thx for your help!

Emsisoft antimalware (former a-squared) uses two engines.

It includes a trial for the full version. And a free version. This is what you want to choose. Look what the windows say.
Malwarebytes free is just a scanner too.

Both will have to be manually updated. No guard. So ideal 2 second opinions in case of false positive. And also good scanners if you want to scan something on demand.
Dont forget to update before.

Keep your eyes open while installation. In general.
Make settings.

Here’s the Emsisoft result:

the last entry has to be a false positive, SIW is secure

[attachment deleted by admin]

I would have suggested to send specific files to virus total as a last resort.
But, your results arent files?

If you dont use these “programs” anyway, maybe its the right time to clean them away. (Thats what i would do, at least.)

Find informations about the findings. Especially from the vendor that finds them.

Were the findings equal to the first test that lead to your posting?

But ANY “poker” thing in a virus report is something wrong to play with.

I do not bother with system restore anymore.If i need to i always restore an image from an external hard drive which for me is quicker than using sysrestore. ;D

I am in contact with Emsisoft Forum for cleaning these poker and bitlord things, because when I delete them from Emsisoft they appear on the next scan.

Anyhow, Emsisoft didn’t find those files that COMODO did. Due to impossibillity to get into the SystemRestore Folde and to try to date these files that COMODO found, I don’t know what I am deleting out of COMODO.

So, this an update of what’s been going on in a meanwhile:
these files (registry entries) detected by Emsisoft are still there, we tried everything, OTL, Fix.reg and so on, but it still doesn’t work. I cannot find this entries in the registry either (by regedit). Weird.

These .data files detected by COMODO (from the last folder RP818 and RP820 of System Restore Information) are a bundle of restore points that don’t exist anymore, because the first restore point is from beginning of february and some .data files are more than 6 months old (some of the almost a year), ergo I couldn’t even restore those points if I wanted to, in my opinion.

Maybe they should be added to the false positives?

New update:
I managed to clean those files (partypoker and bitlord) found by Emsisoft, because I started the scan from the user mode (the files were used in User Mode and not Admin Mode, from which I always started Emsisoft from).

In a meanwhile I got alerts from COMODO without starting a scan, ergo in Live Mode.

I attached the new foundings, seems it has something to do with Firefox.

[attachment deleted by admin]

When on XP follow this Microsoft Knowledgebase article on how to open System Restore Folders and then remove the offending files. Make sure the av solution that removes them quarantines them and be good to go.

well, if I understood the nature of these files, these are not only one .data file but a bunch of some other files is also in it. Am I right? In that case, I wouldn’t be sure what I am deleting.

You can let the av delete the av files in the system restore folders.

So, I found out through VirusTotal what kind of infections he’s talking about. I think the easiest way is to turn off system restore, restart and turn it on again.
What do you think?
For I know what I installed the past week, this should be no problem. Any I don’t have many restore points left, because my C: is shredding. ;D ;D ;D