Thread: "TROJAN" in System Volume Information folder
View Single Post
  #4  
Old 01-05-2006, 04:18 AM
David H. Lipman
 
Posts: n/a
Default Re: "TROJAN" in System Volume Information folder
From: "lazaruslong" <lazaruslong@discussions.microsoft.com>

| Thank you David; but I DID follow that procedure...four times. I also
| followed the procedures you prescribed for getting rid of the NETSKY virus to
| someone in this newsgroup 11/15/04, i.e. ran Sysclean and Stinger. Both to
| no avail. Both report "access denied" to numerous files. Sysclean's log
| reports it found 8 viruses but also reports it FAILED to clean the 8. And
| Earthlink's SPYAUDIT program STILL reports the "Trojan DP" mentioned.
| Any other possibilities?

The log you provided specifically showed...

"C:\System Volume
Information\_restore{60C4F85F-FA27-457A-A148-4E83D6FC2482}\RP346\A0045023.exe"

That is definitely the System restore Cache. I down't want to belittle you are berate you
but if you properly disabled the System Restore cache as in the directions in the following
URL -- http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm and rebooted the PC,
then the System Restore Cache will be flushed out and no infector will exist there.

Here is what I want you to do. Follow the directions for Disabling the System Restore cache
and then reboot the PC.

Download the following tool which provides anti virus scanners from; Trend Micro, Sophos,
Mcafee and Kaspersky. Go through the menu and download the files needed for each scanner.
However, don't run the scanners just yet. After you download the the needed files for the
AV scanners, choose "Reboot the PC" from the menu and then go into Safe Mode ( hit the F8
key during boot up to get into Safe Mode ) and re-run the utility and then scan the computer
using the AV scanners in Safe Mode.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe



When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Reply With Quote