removing trojan n system restore ???

[DEE747]

wen my pc did a defrag i found a virus warning pop up after it saying found and quarntined but later wen checking system restore out it was all frozen at that date i cudn`t go backwards or do nothing ?? i tried to look into the folder

systemvolumne information wer it was found but ACCESS IS DENIED !!!

So i restore the file and went back to system restore and it was working again ?? but still cannot access the folder ?? this is wat it found

Trojan horse Generic4.OXA
D:\System Volume Information\_restore{BB7BA11E-2018-4AFF-B131-A626DDB286C9}\RP138\A0088408.exe5/23/2007 6:48:44 AMA0088408.exe25.5 KB



i hae searched for this and found nothing any info appreciated ta

 

[witchy]

Disable system restore, boot into safe mode and run your scan, it'll find teh naughty file and remove it, turn the pc back on and enable system restore (that is if you want to use system restore, pile of cack if u ask me )

 

[DEE747]

will that allow me to access the folder system volumne information ??

 

[Baaheeduk]

DEE have you ran CW Shreader from the download section? I would run that first as it's usually good at getting and deleting trojans?

 

[F.E.A.R]

you cant access "System Volume Information" from Explorer cos its a protected folder.
you can however access it if you install a FTP server and set your home folder as the drive root then connect with FTP client
you are prob just as well disabling system restore though its a waste of space imo

 

[RobbinHood]

i agree, system restore is the first thing is disable after fresh install as virues like to hide in there, try xoftspyse too as it is good at getting rid persitant trojans.

 

[DEE747]

THANX for info guys will try them i disabled system restore and did a scan in save mode but found nothing with avg or avast but i know i restored the file from the virus vault ?? so wers the little fooker gone lol i will try again now i`m home cheers again

 

[Bio]

Hi All,
I hate to say this but I had a similar issue. I ended up rebuilding the machine and ghosted the machine using norton
Regards
BIO

 

[DEE747]

plz explain more ?? are you saying i have a virus ?? cos i cannot find it anywhere ?? wat did you have and why did you have to rebuild ??

 

[davelichfield]

I thought that when you switched off system restore, that it deleted the stored (system restore) files. Therefore you would have deleted your trojan when doing this.

 

[m00se]

plz explain more ?? are you saying i have a virus ?? cos i cannot find it anywhere ?? wat did you have and why did you have to rebuild ??

It looks like the virus scanner is picking up the original executable. Assuming the only place it's finding it is in the system restore folder then no, you're no longer infected. Any virus scanner worth anything should be able to remove files from system restore also. It's possible to access that directory by right clicking and selecting properties/security and adding yourself into the username list. This probably won't be possible if you're using XP home edition.

 

[DEE747]

i am using xp home edition so the wud explain not being able to open folder and dave if wat u say is correct then wen i restored the file to system restore and then disabled it and started up in safe mode to scan , the fact the file wud have been deleted explains why i cud`t find it anymore .. lol

well hope thats the end of it cheers for all the tips guys very usefull the trojan in question was from IMTOO 25-1 RAR file so mite not have been a real trojan as i`m aware hat crack files show up as unwanted sh-t but most my scan finds are discrbed as HARMFULL HACKTOOLS and they don`t end up in system restore and disable my functions !!but looks like its gone now cheers all again guys

 

[Bio]

When I ran an on-line scan it stated that I had a virus, although I could not find one.
I tried to use the system restore functionality and this did not work.
As a last ditched attempt I had to rebuild the machine. As I did not want to do this again I also ghosted the laptop so future rebuilds, if required are easier!
Regards
BIO
ps. sorry but I can't recall the exact file that returned the error/virus file

 

[Kris]

When you disable system restore, all the system restore files are deleted. That should be the end of it. Just re-enable system restore then.

 

[fezzy]

Hi Guys

There are tons of virus killers out there and most have bugs in them, and
a lot of them will not remove trojans, or they just can,t find em. I use
norton , only because its free with my browser. When i am in the deep and
need to remove a virus i use F-Sav. Do a search and you will find a free
trial download, its good for other things aswell. Its not very well known but
its very good, try it.

fezzy

 

[digidayz]

nice little freebie from mcafee h**p://vil.nai.com/vil/stinger/ for some worms and trojans, helped me out a few times this one.