?
Solved

How do i delete the malware infected file in I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

Posted on 2007-11-19
8
Medium Priority
?
1,450 Views
Last Modified: 2013-11-22
My Malware software Bull guard is not able to delete the following files ...even in the command mode..

Malware:      Application.Xolox.B
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016
0
Comment
Question by:joseph301074
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 20311833
System Volume Information is for storing system restore points
so just disable your system restore and then re-enable it back, it will delete all the restore points, thus getting rid of the infected files too.

How to Enable/Disable System Restore
http://www.pchell.com/virus/systemrestore.shtml
0
 

Author Comment

by:joseph301074
ID: 20311950
I checked the checkbox on the "system properties"=>"system restore tab" in "my computer"
properties

Individually i selected the i drive which is a USB removable hard drive and turned off the system restore.

after a while a unchecked the box.

Then ran the scanner on the I drive alone .. still i gives me the same log ...

I have given below the scan details

__________________________________________________________

BullGuard Scan Report
Scan Profile: "~10"
___________________________________________________________


----[  System Info  ]------------

OS Version:      Microsoft Windows XP Professional - Service Pack 2 (Build 2600) [1 * x86 CPUs]
Physical memory:      512 MB
System up-time:      0 days, 00 hours, 22 minutes, 41 seconds
BullGuard up-time:      0 days, 00 hours, 21 minutes, 28 seconds
TopLayer Version:      7, 0, 0, 1
FileSpy5 Version:      N/A
BdFileSpy Version:      3.8.0.58 built by: WinDDK
BsFileScan Version:      7, 0, 0, 29
Reconn Version:      1.1.0.5 built by: WinDDK
MailProxy Version:      7, 0, 0, 10
AntiVirus Version:      7, 0, 0, 27

----[  Scan Parameters  ]------------

Folders to scan:
    I:\System Volume Information

Excluded folders:
    None

Files to scan:
    None

Scan type:
    [o] Scan all files
    [ ] Scan program files only
    [ ] Scan custom extensions:

    [ ] Exclude user extensions:

    [X] Scan boot sectors
    [X] Scan packed files
    [X] Scan archives
    [X] Scan emails
    [ ] Scan running processes
    [ ] Scan registry
    [ ] Scan IE cookies
    [X] Enable heuristic detection

    [ ] Scan default action
___________________________________________________________

Scan Statistics
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:13:15
Scan duration:      0 days, 00 hours, 01 minutes, 30 seconds
Completion status:      Successful

Total files scanned:      1948
Total files skipped:      1
Identified viruses:      3
Scan speed:      21.64 files/sec

Files skipped:
    I:\System Volume Information\MountPointManagerRemoteDatabase [Open Failed]

___________________________________________________________

Infected Files
___________________________________________________________

----[  Infected Files  ]------------

Malware:      Application.Xolox.B
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Infected Spyware Files  ]------------

Malware:      Adware.Mywebsearch.BL
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 0
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:11:45
Scan duration:      0 days, 00 hours, 01 minutes, 30 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 1
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:13:25
Scan duration:      0 days, 00 hours, 00 minutes, 30 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Disinfect Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Disinfect Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 2
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:14:01
Scan duration:      0 days, 00 hours, 00 minutes, 15 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Failed moving to quarantine
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Failed moving to quarantine
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 3
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:14:20
Scan duration:      0 days, 00 hours, 00 minutes, 15 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

0
 
LVL 31

Accepted Solution

by:
James Murrell earned 1500 total points
ID: 20312047
whoops forgot to add - take a look at http://msmvps.com/spywaresucks/archive/2005/09/17/66724.aspx
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20317339
Are those the only locations of the virus? just in the System volume information?
Have you rebooted after turning off System Restore? all restore points along with the nasties should be gone after reboot, IF that's where all they are.
0
 

Author Comment

by:joseph301074
ID: 20318012
rpggamergirl,

According to Bullguard the infection is only in I: DRIVE.
I have rebooted - done most of the things told to me.

Now i have downloaded Adaware and cross scanning with that..Have also written to Bull guard support and provided with the information.

Let's see..
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20348492
Is it an external drive? a USB drive?

Keep us informed when you hear from Bullguard.
0
 

Author Comment

by:joseph301074
ID: 20362464
rpggamergirl,

It is an External USB Drive(I: drive).
when cross scanned thru Adaware does not report any Malware.

The query is still in progress with Bullguard.




0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question