Solved

How do i delete the malware infected file in I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

Posted on 2007-11-19
8
1,439 Views
Last Modified: 2013-11-22
My Malware software Bull guard is not able to delete the following files ...even in the command mode..

Malware:      Application.Xolox.B
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016
0
Comment
Question by:joseph301074
8 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 20311833
System Volume Information is for storing system restore points
so just disable your system restore and then re-enable it back, it will delete all the restore points, thus getting rid of the infected files too.

How to Enable/Disable System Restore
http://www.pchell.com/virus/systemrestore.shtml
0
 

Author Comment

by:joseph301074
ID: 20311950
I checked the checkbox on the "system properties"=>"system restore tab" in "my computer"
properties

Individually i selected the i drive which is a USB removable hard drive and turned off the system restore.

after a while a unchecked the box.

Then ran the scanner on the I drive alone .. still i gives me the same log ...

I have given below the scan details

__________________________________________________________

BullGuard Scan Report
Scan Profile: "~10"
___________________________________________________________


----[  System Info  ]------------

OS Version:      Microsoft Windows XP Professional - Service Pack 2 (Build 2600) [1 * x86 CPUs]
Physical memory:      512 MB
System up-time:      0 days, 00 hours, 22 minutes, 41 seconds
BullGuard up-time:      0 days, 00 hours, 21 minutes, 28 seconds
TopLayer Version:      7, 0, 0, 1
FileSpy5 Version:      N/A
BdFileSpy Version:      3.8.0.58 built by: WinDDK
BsFileScan Version:      7, 0, 0, 29
Reconn Version:      1.1.0.5 built by: WinDDK
MailProxy Version:      7, 0, 0, 10
AntiVirus Version:      7, 0, 0, 27

----[  Scan Parameters  ]------------

Folders to scan:
    I:\System Volume Information

Excluded folders:
    None

Files to scan:
    None

Scan type:
    [o] Scan all files
    [ ] Scan program files only
    [ ] Scan custom extensions:

    [ ] Exclude user extensions:

    [X] Scan boot sectors
    [X] Scan packed files
    [X] Scan archives
    [X] Scan emails
    [ ] Scan running processes
    [ ] Scan registry
    [ ] Scan IE cookies
    [X] Enable heuristic detection

    [ ] Scan default action
___________________________________________________________

Scan Statistics
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:13:15
Scan duration:      0 days, 00 hours, 01 minutes, 30 seconds
Completion status:      Successful

Total files scanned:      1948
Total files skipped:      1
Identified viruses:      3
Scan speed:      21.64 files/sec

Files skipped:
    I:\System Volume Information\MountPointManagerRemoteDatabase [Open Failed]

___________________________________________________________

Infected Files
___________________________________________________________

----[  Infected Files  ]------------

Malware:      Application.Xolox.B
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Infected Spyware Files  ]------------

Malware:      Adware.Mywebsearch.BL
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 0
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:11:45
Scan duration:      0 days, 00 hours, 01 minutes, 30 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 1
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:13:25
Scan duration:      0 days, 00 hours, 00 minutes, 30 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Disinfect Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Disinfect Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 2
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:14:01
Scan duration:      0 days, 00 hours, 00 minutes, 15 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Failed moving to quarantine
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Failed moving to quarantine
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 3
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:14:20
Scan duration:      0 days, 00 hours, 00 minutes, 15 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

0
 
LVL 31

Accepted Solution

by:
James Murrell earned 500 total points
ID: 20312047
whoops forgot to add - take a look at http://msmvps.com/spywaresucks/archive/2005/09/17/66724.aspx
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20317339
Are those the only locations of the virus? just in the System volume information?
Have you rebooted after turning off System Restore? all restore points along with the nasties should be gone after reboot, IF that's where all they are.
0
 

Author Comment

by:joseph301074
ID: 20318012
rpggamergirl,

According to Bullguard the infection is only in I: DRIVE.
I have rebooted - done most of the things told to me.

Now i have downloaded Adaware and cross scanning with that..Have also written to Bull guard support and provided with the information.

Let's see..
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20348492
Is it an external drive? a USB drive?

Keep us informed when you hear from Bullguard.
0
 

Author Comment

by:joseph301074
ID: 20362464
rpggamergirl,

It is an External USB Drive(I: drive).
when cross scanned thru Adaware does not report any Malware.

The query is still in progress with Bullguard.




0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now