Solved

Trojan Horse dialer 6.F. remove residue from System Volume Information

Posted on 2004-03-28
3
2,045 Views
Last Modified: 2012-05-05
My AVG antivirus free version 6 has detected a Trojan Horse Dialer 6.F.. It removed it to the virus vault and I deleted it. However when my PC returns from screen saver mode or from idle (I'm not sure which) I get a warning that says the virus was detected in
C:\System Volume Information\_restore{3ED5D9B9-22FF-481B-BD35-02123C5251EF}\RP103\A0009906.EXE
and I should run AVG to remove it. I have tried running AVG but it it does not find any virus and when I have tried to search my C drive in System Volume Information access is denied.

I am using Windows XP Home Edition.

I suspect the virus has been removed but perhaps a copy or some residue is stored in a file and may be restored at some stage.

Can anyone provide any information on this virus and tell me how I can safely remove this residue.

Thanks.
0
Comment
Question by:Poljes
3 Comments
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 250 total points
ID: 10698831
I would guess one of the ways is to disable system restore in your machine . SO the OS would delete all the restore points.

After that restart your computer and check for virus.

You may also want to read through this http://www.experts-exchange.com/Applications/Viruses/Q_20524124.html

0
 
LVL 6

Expert Comment

by:parkerig
ID: 10701496
Agree with above to disable system restore points
From memory - my computer, right mouse clicks, properties, system restore.
I also would do the below.

Make sure you have
(1) virus checker installed and latestest updates. eg mcafee
(2) spyware detector software and latest updates eg adaware
(3) firewall software eg Zone Alarm latest version

run netstat -an looking for unusual open ports
Run msconfig (or startupCPL) and uncheck everything - except stuff you have to have.
I use http://www.mlin.net/StartupCPL.shtml
Check IE settings and restore defaults. I always use blank for home page.
Start ie6 and reset security and advanced stuff to defaults - high security
With Zone Alarm or equivalent. Set to disable all traffic.
Disconnect from network - remove cable
Boot into safe mode - no networking
Do your virus scan
Do your adaware spybot etc
Zone alarm will alert you if PC is trying to communicate with the outside world. If so find out why.
KEY to all this is to be in SAFE mode / NETWORK unplugged.

It is also possible that the swapfile is corrupt - resize to recreate.

Hope this helps.
Ian
0
 

Author Comment

by:Poljes
ID: 10707357
Thanks to you both for the advice. It really was as simple as disabling the system restore and re-enabling once the restore points had been deleted. You probably saved me loads of time looking for something more complicated. Points and accepted answer to Sunray 2003 being quickest on the draw.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question