SpyWare BeWare! ASAP
July 20, 2017, 07:45:12 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: [1]   Go Down
  Print  
Author Topic: Restore Point File Names  (Read 1218 times)
0 Members and 1 Guest are viewing this topic.
Stardance
Newbie
*
Offline Offline

Date Registered:August 06, 2008, 03:57:02 AM
Posts: 2


« on: June 13, 2010, 06:18:04 AM »

While I was watching a Malwarebytes' Antimalware scan, it was processing files in the System Volume Information directory,
which contains restore points.

Some files were being displayed as having names such as ... A000180.exe, A000181.dll, A000182.com, A000183.exe, A000184.sys ....
and incrementing each filename by the digit 1 in the rightmost character, and increasing the digit to its left when the rightmost digit
reached 9 and became 0 for the next filename.  In other words, the names of the files were serial numbers with typical executable
filename extensions.

Is that how the files are named by Windows XP for Restore Points??  I always thought that they would have the actual, original
filename and extention, at least, even if not the entire pathname for each file.  From time-to-time, MBAM drops to a longer line
and appears to flash a longer pathname which seems normal, but it is too quick for me to really read before it resumes the series
that I described above.

This is important because that filename format is used by a certain program, and the developer's tech support will only say that
they have received and read my message, but they do not offer any actual information, advice or aid.

Thank-you for your assistance.

UPDATE: Malwarebytes' Antimalware tech support has advised me that the files stored in Windows XP System Restore Points
do, in fact, have names which are in the format that I have described.  As to why the other AV developer uses that filename format
for files that their software has "neutralized" on the supposition that they contain malware, only they know and they're not telling.

Logged
Pages: [1]   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!