?
Solved

MS defender detected it but couldn't remove it

Posted on 2006-04-02
2
Medium Priority
?
311 Views
Last Modified: 2013-12-04
Hi all

I just ran MS Defender and it found something,I checked remove all and it said action failed
but I should remove this immediatly:

C:\systemvolumeinformation\-restore{93E92BA8-09C7-4DE1-9B39-8FE34AC0FD1A}\RP390\A0029859.EXE->(WISE0009)

any ideas on what it is and how to get rid of it?

thanks

lneilson
0
Comment
Question by:lneilson
2 Comments
 
LVL 32

Accepted Solution

by:
masnrock earned 2000 total points
ID: 16355073
It found something in a backup of your system settings, files, etc. But you cannot access that by default.

Turn off System Restore then try to clean again. Also, you should try running another scan with the computer started in Safe Mode.

It's a trojan of some sort... but cannot really tell you which one based on the data you've given.
0
 

Expert Comment

by:ggunnigle
ID: 16355573
What masnrock said should work - turning off System Restore pretty much deletes all the restore points. Running the scan again is a good idea to ensure complete cleansing of the virus/spyware from whatever "remnants" might exist of the Restore archives.

In my experience, Windows Defender has difficulty removing an infected file from an archive. Restore Points are archives, but there are other archives where you can open them (if you have the right software) and delete the problem file without deleting the entire archive, which might be something necessary or useful.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month15 days, 18 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question