Solved

Trojan Horse dialer 6.F. remove residue from System Volume Information

Posted on 2004-03-28
3
2,042 Views
Last Modified: 2012-05-05
My AVG antivirus free version 6 has detected a Trojan Horse Dialer 6.F.. It removed it to the virus vault and I deleted it. However when my PC returns from screen saver mode or from idle (I'm not sure which) I get a warning that says the virus was detected in
C:\System Volume Information\_restore{3ED5D9B9-22FF-481B-BD35-02123C5251EF}\RP103\A0009906.EXE
and I should run AVG to remove it. I have tried running AVG but it it does not find any virus and when I have tried to search my C drive in System Volume Information access is denied.

I am using Windows XP Home Edition.

I suspect the virus has been removed but perhaps a copy or some residue is stored in a file and may be restored at some stage.

Can anyone provide any information on this virus and tell me how I can safely remove this residue.

Thanks.
0
Comment
Question by:Poljes
3 Comments
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 250 total points
ID: 10698831
I would guess one of the ways is to disable system restore in your machine . SO the OS would delete all the restore points.

After that restart your computer and check for virus.

You may also want to read through this http://www.experts-exchange.com/Applications/Viruses/Q_20524124.html

0
 
LVL 6

Expert Comment

by:parkerig
ID: 10701496
Agree with above to disable system restore points
From memory - my computer, right mouse clicks, properties, system restore.
I also would do the below.

Make sure you have
(1) virus checker installed and latestest updates. eg mcafee
(2) spyware detector software and latest updates eg adaware
(3) firewall software eg Zone Alarm latest version

run netstat -an looking for unusual open ports
Run msconfig (or startupCPL) and uncheck everything - except stuff you have to have.
I use http://www.mlin.net/StartupCPL.shtml
Check IE settings and restore defaults. I always use blank for home page.
Start ie6 and reset security and advanced stuff to defaults - high security
With Zone Alarm or equivalent. Set to disable all traffic.
Disconnect from network - remove cable
Boot into safe mode - no networking
Do your virus scan
Do your adaware spybot etc
Zone alarm will alert you if PC is trying to communicate with the outside world. If so find out why.
KEY to all this is to be in SAFE mode / NETWORK unplugged.

It is also possible that the swapfile is corrupt - resize to recreate.

Hope this helps.
Ian
0
 

Author Comment

by:Poljes
ID: 10707357
Thanks to you both for the advice. It really was as simple as disabling the system restore and re-enabling once the restore points had been deleted. You probably saved me loads of time looking for something more complicated. Points and accepted answer to Sunray 2003 being quickest on the draw.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL BACKUP - 2008 R2 8 62
Compromised PC? 17 171
Auto Smartport macro for Dell and HP laptops 2 53
Exchange 2013 "Connection closed unexpectedly" 2 25
Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now