[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

How do i delete the malware infected file in I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

Posted on 2007-11-19
8
Medium Priority
?
1,452 Views
Last Modified: 2013-11-22
My Malware software Bull guard is not able to delete the following files ...even in the command mode..

Malware:      Application.Xolox.B
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016
0
Comment
Question by:joseph301074
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 20311833
System Volume Information is for storing system restore points
so just disable your system restore and then re-enable it back, it will delete all the restore points, thus getting rid of the infected files too.

How to Enable/Disable System Restore
http://www.pchell.com/virus/systemrestore.shtml
0
 

Author Comment

by:joseph301074
ID: 20311950
I checked the checkbox on the "system properties"=>"system restore tab" in "my computer"
properties

Individually i selected the i drive which is a USB removable hard drive and turned off the system restore.

after a while a unchecked the box.

Then ran the scanner on the I drive alone .. still i gives me the same log ...

I have given below the scan details

__________________________________________________________

BullGuard Scan Report
Scan Profile: "~10"
___________________________________________________________


----[  System Info  ]------------

OS Version:      Microsoft Windows XP Professional - Service Pack 2 (Build 2600) [1 * x86 CPUs]
Physical memory:      512 MB
System up-time:      0 days, 00 hours, 22 minutes, 41 seconds
BullGuard up-time:      0 days, 00 hours, 21 minutes, 28 seconds
TopLayer Version:      7, 0, 0, 1
FileSpy5 Version:      N/A
BdFileSpy Version:      3.8.0.58 built by: WinDDK
BsFileScan Version:      7, 0, 0, 29
Reconn Version:      1.1.0.5 built by: WinDDK
MailProxy Version:      7, 0, 0, 10
AntiVirus Version:      7, 0, 0, 27

----[  Scan Parameters  ]------------

Folders to scan:
    I:\System Volume Information

Excluded folders:
    None

Files to scan:
    None

Scan type:
    [o] Scan all files
    [ ] Scan program files only
    [ ] Scan custom extensions:

    [ ] Exclude user extensions:

    [X] Scan boot sectors
    [X] Scan packed files
    [X] Scan archives
    [X] Scan emails
    [ ] Scan running processes
    [ ] Scan registry
    [ ] Scan IE cookies
    [X] Enable heuristic detection

    [ ] Scan default action
___________________________________________________________

Scan Statistics
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:13:15
Scan duration:      0 days, 00 hours, 01 minutes, 30 seconds
Completion status:      Successful

Total files scanned:      1948
Total files skipped:      1
Identified viruses:      3
Scan speed:      21.64 files/sec

Files skipped:
    I:\System Volume Information\MountPointManagerRemoteDatabase [Open Failed]

___________________________________________________________

Infected Files
___________________________________________________________

----[  Infected Files  ]------------

Malware:      Application.Xolox.B
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Infected Spyware Files  ]------------

Malware:      Adware.Mywebsearch.BL
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 0
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:11:45
Scan duration:      0 days, 00 hours, 01 minutes, 30 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 1
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:13:25
Scan duration:      0 days, 00 hours, 00 minutes, 30 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Disinfect Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Disinfect Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 2
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:14:01
Scan duration:      0 days, 00 hours, 00 minutes, 15 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Failed moving to quarantine
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Failed moving to quarantine
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 3
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:14:20
Scan duration:      0 days, 00 hours, 00 minutes, 15 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

0
 
LVL 31

Accepted Solution

by:
James Murrell earned 1500 total points
ID: 20312047
whoops forgot to add - take a look at http://msmvps.com/spywaresucks/archive/2005/09/17/66724.aspx
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20317339
Are those the only locations of the virus? just in the System volume information?
Have you rebooted after turning off System Restore? all restore points along with the nasties should be gone after reboot, IF that's where all they are.
0
 

Author Comment

by:joseph301074
ID: 20318012
rpggamergirl,

According to Bullguard the infection is only in I: DRIVE.
I have rebooted - done most of the things told to me.

Now i have downloaded Adaware and cross scanning with that..Have also written to Bull guard support and provided with the information.

Let's see..
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20348492
Is it an external drive? a USB drive?

Keep us informed when you hear from Bullguard.
0
 

Author Comment

by:joseph301074
ID: 20362464
rpggamergirl,

It is an External USB Drive(I: drive).
when cross scanned thru Adaware does not report any Malware.

The query is still in progress with Bullguard.




0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question