Solved

Trojan Horse dialer 6.F. remove residue from System Volume Information

Posted on 2004-03-28
3
2,039 Views
Last Modified: 2012-05-05
My AVG antivirus free version 6 has detected a Trojan Horse Dialer 6.F.. It removed it to the virus vault and I deleted it. However when my PC returns from screen saver mode or from idle (I'm not sure which) I get a warning that says the virus was detected in
C:\System Volume Information\_restore{3ED5D9B9-22FF-481B-BD35-02123C5251EF}\RP103\A0009906.EXE
and I should run AVG to remove it. I have tried running AVG but it it does not find any virus and when I have tried to search my C drive in System Volume Information access is denied.

I am using Windows XP Home Edition.

I suspect the virus has been removed but perhaps a copy or some residue is stored in a file and may be restored at some stage.

Can anyone provide any information on this virus and tell me how I can safely remove this residue.

Thanks.
0
Comment
Question by:Poljes
3 Comments
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 250 total points
ID: 10698831
I would guess one of the ways is to disable system restore in your machine . SO the OS would delete all the restore points.

After that restart your computer and check for virus.

You may also want to read through this http://www.experts-exchange.com/Applications/Viruses/Q_20524124.html

0
 
LVL 6

Expert Comment

by:parkerig
ID: 10701496
Agree with above to disable system restore points
From memory - my computer, right mouse clicks, properties, system restore.
I also would do the below.

Make sure you have
(1) virus checker installed and latestest updates. eg mcafee
(2) spyware detector software and latest updates eg adaware
(3) firewall software eg Zone Alarm latest version

run netstat -an looking for unusual open ports
Run msconfig (or startupCPL) and uncheck everything - except stuff you have to have.
I use http://www.mlin.net/StartupCPL.shtml
Check IE settings and restore defaults. I always use blank for home page.
Start ie6 and reset security and advanced stuff to defaults - high security
With Zone Alarm or equivalent. Set to disable all traffic.
Disconnect from network - remove cable
Boot into safe mode - no networking
Do your virus scan
Do your adaware spybot etc
Zone alarm will alert you if PC is trying to communicate with the outside world. If so find out why.
KEY to all this is to be in SAFE mode / NETWORK unplugged.

It is also possible that the swapfile is corrupt - resize to recreate.

Hope this helps.
Ian
0
 

Author Comment

by:Poljes
ID: 10707357
Thanks to you both for the advice. It really was as simple as disabling the system restore and re-enabling once the restore points had been deleted. You probably saved me loads of time looking for something more complicated. Points and accepted answer to Sunray 2003 being quickest on the draw.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Suggested Solutions

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now