Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Trojan Horse dialer 6.F. remove residue from System Volume Information

Posted on 2004-03-28
3
Medium Priority
?
2,056 Views
Last Modified: 2012-05-05
My AVG antivirus free version 6 has detected a Trojan Horse Dialer 6.F.. It removed it to the virus vault and I deleted it. However when my PC returns from screen saver mode or from idle (I'm not sure which) I get a warning that says the virus was detected in
C:\System Volume Information\_restore{3ED5D9B9-22FF-481B-BD35-02123C5251EF}\RP103\A0009906.EXE
and I should run AVG to remove it. I have tried running AVG but it it does not find any virus and when I have tried to search my C drive in System Volume Information access is denied.

I am using Windows XP Home Edition.

I suspect the virus has been removed but perhaps a copy or some residue is stored in a file and may be restored at some stage.

Can anyone provide any information on this virus and tell me how I can safely remove this residue.

Thanks.
0
Comment
Question by:Poljes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 1000 total points
ID: 10698831
I would guess one of the ways is to disable system restore in your machine . SO the OS would delete all the restore points.

After that restart your computer and check for virus.

You may also want to read through this http://www.experts-exchange.com/Applications/Viruses/Q_20524124.html

0
 
LVL 6

Expert Comment

by:parkerig
ID: 10701496
Agree with above to disable system restore points
From memory - my computer, right mouse clicks, properties, system restore.
I also would do the below.

Make sure you have
(1) virus checker installed and latestest updates. eg mcafee
(2) spyware detector software and latest updates eg adaware
(3) firewall software eg Zone Alarm latest version

run netstat -an looking for unusual open ports
Run msconfig (or startupCPL) and uncheck everything - except stuff you have to have.
I use http://www.mlin.net/StartupCPL.shtml
Check IE settings and restore defaults. I always use blank for home page.
Start ie6 and reset security and advanced stuff to defaults - high security
With Zone Alarm or equivalent. Set to disable all traffic.
Disconnect from network - remove cable
Boot into safe mode - no networking
Do your virus scan
Do your adaware spybot etc
Zone alarm will alert you if PC is trying to communicate with the outside world. If so find out why.
KEY to all this is to be in SAFE mode / NETWORK unplugged.

It is also possible that the swapfile is corrupt - resize to recreate.

Hope this helps.
Ian
0
 

Author Comment

by:Poljes
ID: 10707357
Thanks to you both for the advice. It really was as simple as disabling the system restore and re-enabling once the restore points had been deleted. You probably saved me loads of time looking for something more complicated. Points and accepted answer to Sunray 2003 being quickest on the draw.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing h…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question