BetaONE will rise again!

BetaONE will rise again! (http:\\b1.hcanet.com\forum/index.php)
-   Hardware Support (http:\\b1.hcanet.com\forum/forumdisplay.php?f=36)
-   -   Trojan Question (http:\\b1.hcanet.com\forum/showthread.php?t=10444)

James55 24th Jan 04 12:50 AM
This was found by an online symantec security check and I swear I cannot find the files on my computer and nav does not detect it. What to do??

D:\System Volume Information\_restore{17AB8B64-AA5E-4A0C-B064-2B695B43C137}\RP56\A0004950.exe is infected with Trojan Horse
D:\System Volume Information\_restore{17AB8B64-AA5E-4A0C-B064-2B695B43C137}\RP56\A0004951.exe is infected with Trojan Horse

James55 24th Jan 04 12:54 AM
Found it in the registry under Search assistant/ACMru. Wtf?

James55 24th Jan 04 01:31 AM
Ok fixed the registry but another scan gave me this again:

Virus Status: Infected!
Your computer is infected with at least one known virus or Trojan horse.




Warning! The scan detected a virus that is active in your computer's memory.
The scan ended to prevent further infection.



D:\System Volume Information\_restore{17AB8B64-AA5E-4A0C-B064-2B695B43C137}\RP56\A0004950.exe is infected with Trojan Horse
D:\System Volume Information\_restore{17AB8B64-AA5E-4A0C-B064-2B695B43C137}\RP56\A0004951.exe is infected with Trojan Horse

war59312 24th Jan 04 01:41 AM
Disable system restore on all drivers and restart windows and re-enable system restore.

Problem soloved. That is if the scanner is telling the truth.

James55 24th Jan 04 02:20 AM
Scanning again now. Last scan after reboot gave me this before enabling system restore.

Virus Status: Infected!
Your computer is infected with at least one known virus or Trojan horse.

No viruses were detected in memory

D:\System Volume Information\_restore{17AB8B64-AA5E-4A0C-B064-2B695B43C137}\RP56\A0004950.exe is infected with Trojan Horse
D:\System Volume Information\_restore{17AB8B64-AA5E-4A0C-B064-2B695B43C137}\RP56\A0004951.exe is infected with Trojan Horse

James55 24th Jan 04 02:37 AM
I still get the virus warning on the scan again

DoG 24th Jan 04 02:46 AM
You will have to delete the infected files manually from this folder:
Code:
D:\System Volume Information\_restore{17AB8B64-AA5E-4A0C-B064-2B695B43C137}\RP56\
Make sure that the options to view hidden and system files is checked in folder options.

If windows says you are not authorised to access those folders then turn off simple file and folder sharing, assign youself access to the folders and then delete the files.

James55 24th Jan 04 02:55 AM
So far I cant find the folder. Its like it doesnt exist but I found stuff in the registry about it. This is too wierd and yes hidden files are enabled

SlickVic78 24th Jan 04 03:06 AM
war59312 should be right... The infected file was captured within a snapshot most likely from System Restore... In order for you to removed the virus, you need to turn off System Restore for that drive (D: in your case), then restart the computer. Next turn back on System Restore and then run another virus scan on your system to see if it comes back up. The _Restore is associated with your System Restore snapshots.

James55, you are saying that after turning off System Restore on your D: drive, and then rebooting the system did not remove all of you past Restore Points? that is very interesting... If that is the case, then I would say to do what DoG suggested which is to continue to have System Restore off for your D: drive and then going in and manually remove the Restore Point directory that contains the virus, which is RP56. Once that is done, you should be able to turn back on System Restore for your D: drive.

-SlickVic78

James55 24th Jan 04 04:36 AM
Still working on it. I did a scan with the recue disk and nothing found. Nav did not find it. Could it be that the online scan was screwed up?

James55 24th Jan 04 05:14 AM
This is driving me nuts. There is no system volume folder on d drive but nortons security ckeck on line finds it no matter what I do. Im beginning to think that the online scan is f&%*ked up

richardc2000 24th Jan 04 06:23 AM
try here
_http://www.trojanscan.com/

free on line trojan scanner

James55 24th Jan 04 08:32 AM
Did the scan and it says the computer is clean. Ran the online symantec scan and it still picked it up. Thats after disabling system restore and rebooting. Ran the symantec scan before enabling the system restore. One funny thing. I can see the file when I look at the drive with cute ftp pro. I have hidden files enabled but cant see it otherwise

Dave 24th Jan 04 09:37 AM
In addition to "show hidden files" you also need to uncheck the option "Hide protected operating system files".
Windows is hiding it through that second setting, thats why it's visible through your ftp client but not directly.
Dave

James55 24th Jan 04 10:00 AM
Thanks I see it now I should able to get it

James55 24th Jan 04 10:17 AM
Wooooo! This report finally:
Virus Status: Safe!
Your computer is free of known viruses and Trojan horses.
30971 files scanned, 0 file(s) infected on your disk drives.


No viruses were detected in memory. :D

Thanks for the assistance guys. Actually,this is stuff I should have already know but hey,its always a learning experience.


All times are GMT +1. The time now is 03:39 PM.

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.