Thread: "TROJAN" in System Volume Information folder
View Single Post
  #5  
Old 01-05-2006, 04:18 AM
lazaruslong
 
Posts: n/a
Default Re: "TROJAN" in System Volume Information folder
Dear Dave;

Sorry for the delay in responding to your last post…we had yet another
emergency (not computer related).

We have not yet had opportunity to download/run the utility or scanners you
referred us to but are beginning that procedure now.

In the meantime, further reflection on our dilemma made us realize we may be
speaking of two DIFFERENT Trojans, and following the procedure you
prescribed, i.e. turning off System Restore and re-booting to flush the
Volume Info folder may, in fact, have gotten rid of the

"C:\System Volume
Information\_restore{60C4F85F-FA27-457A-A148-4E83D6FC2482}\RP346\A0045023.exe"

We have now realized the virus mentioned above was reported by AVG (thus it
was put in the Virus Vault). Earthlink however, continues to report a “DP
TROJAN” in our system but doesn’t give any further information as to
filename/path/etc. And contact with Earthlink is an exercise in futility.

We HAVE, in perusing the posts on this page, become intrigued with KASPERSKY
LAB, and attempted to run its FREE ONLINE SCANNER as a check against
Earthlink’s SPYAUDIT. Kasperky’s scanner downloaded and APPARENTLY
INSTALLED, along with ALL the current def files, and reports it is “READY”,
but we have found NO WAY to START the program. Reading the help file
provided tells us it will ACTIVATE by accessing the website from within the
program, but we can’t seem to get INTO the program. Any ideas there? We
sent an email request to Kaspersky’s tech support (two days ago), but, as
yet, haven’t gotten any response.

Thanx for all your time and attention to our plight.

BTW, we’re pretty thick-skinned and don’t take any of your suggestions as
“belittling” or “berating”.

--
lazaruslong


"David H. Lipman" wrote:

> From: "lazaruslong" <lazaruslong@discussions.microsoft.com>
>
> | Thank you David; but I DID follow that procedure...four times. I also
> | followed the procedures you prescribed for getting rid of the NETSKY virus to
> | someone in this newsgroup 11/15/04, i.e. ran Sysclean and Stinger. Both to
> | no avail. Both report "access denied" to numerous files. Sysclean's log
> | reports it found 8 viruses but also reports it FAILED to clean the 8. And
> | Earthlink's SPYAUDIT program STILL reports the "Trojan DP" mentioned.
> | Any other possibilities?
>
> The log you provided specifically showed...
>
> "C:\System Volume
> Information\_restore{60C4F85F-FA27-457A-A148-4E83D6FC2482}\RP346\A0045023.exe"
>
> That is definitely the System restore Cache. I down't want to belittle you are berate you
> but if you properly disabled the System Restore cache as in the directions in the following
> URL -- http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm and rebooted the PC,
> then the System Restore Cache will be flushed out and no infector will exist there.
>
> Here is what I want you to do. Follow the directions for Disabling the System Restore cache
> and then reboot the PC.
>
> Download the following tool which provides anti virus scanners from; Trend Micro, Sophos,
> Mcafee and Kaspersky. Go through the menu and download the files needed for each scanner.
> However, don't run the scanners just yet. After you download the the needed files for the
> AV scanners, choose "Reboot the PC" from the menu and then go into Safe Mode ( hit the F8
> key during boot up to get into Safe Mode ) and re-run the utility and then scan the computer
> using the AV scanners in Safe Mode.
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
>
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> file.
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> * * * Please report back your results * * *
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
Reply With Quote