Trojan Horse dialer 6.F. remove residue from System Volume Information

My AVG antivirus free version 6 has detected a Trojan Horse Dialer 6.F.. It removed it to the virus vault and I deleted it. However when my PC returns from screen saver mode or from idle (I'm not sure which) I get a warning that says the virus was detected in
C:\System Volume Information\_restore{3ED5D9B9-22FF-481B-BD35-02123C5251EF}\RP103\A0009906.EXE
and I should run AVG to remove it. I have tried running AVG but it it does not find any virus and when I have tried to search my C drive in System Volume Information access is denied.

I am using Windows XP Home Edition.

I suspect the virus has been removed but perhaps a copy or some residue is stored in a file and may be restored at some stage.

Can anyone provide any information on this virus and tell me how I can safely remove this residue.

Thanks.
PoljesAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
sunray_2003Connect With a Mentor Commented:
I would guess one of the ways is to disable system restore in your machine . SO the OS would delete all the restore points.

After that restart your computer and check for virus.

You may also want to read through this http://www.experts-exchange.com/Applications/Viruses/Q_20524124.html

0
 
parkerigCommented:
Agree with above to disable system restore points
From memory - my computer, right mouse clicks, properties, system restore.
I also would do the below.

Make sure you have
(1) virus checker installed and latestest updates. eg mcafee
(2) spyware detector software and latest updates eg adaware
(3) firewall software eg Zone Alarm latest version

run netstat -an looking for unusual open ports
Run msconfig (or startupCPL) and uncheck everything - except stuff you have to have.
I use http://www.mlin.net/StartupCPL.shtml
Check IE settings and restore defaults. I always use blank for home page.
Start ie6 and reset security and advanced stuff to defaults - high security
With Zone Alarm or equivalent. Set to disable all traffic.
Disconnect from network - remove cable
Boot into safe mode - no networking
Do your virus scan
Do your adaware spybot etc
Zone alarm will alert you if PC is trying to communicate with the outside world. If so find out why.
KEY to all this is to be in SAFE mode / NETWORK unplugged.

It is also possible that the swapfile is corrupt - resize to recreate.

Hope this helps.
Ian
0
 
PoljesAuthor Commented:
Thanks to you both for the advice. It really was as simple as disabling the system restore and re-enabling once the restore points had been deleted. You probably saved me loads of time looking for something more complicated. Points and accepted answer to Sunray 2003 being quickest on the draw.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.