Solved

How do i delete the malware infected file in I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

Posted on 2007-11-19
8
1,446 Views
Last Modified: 2013-11-22
My Malware software Bull guard is not able to delete the following files ...even in the command mode..

Malware:      Application.Xolox.B
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016
0
Comment
Question by:joseph301074
8 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 20311833
System Volume Information is for storing system restore points
so just disable your system restore and then re-enable it back, it will delete all the restore points, thus getting rid of the infected files too.

How to Enable/Disable System Restore
http://www.pchell.com/virus/systemrestore.shtml
0
 

Author Comment

by:joseph301074
ID: 20311950
I checked the checkbox on the "system properties"=>"system restore tab" in "my computer"
properties

Individually i selected the i drive which is a USB removable hard drive and turned off the system restore.

after a while a unchecked the box.

Then ran the scanner on the I drive alone .. still i gives me the same log ...

I have given below the scan details

__________________________________________________________

BullGuard Scan Report
Scan Profile: "~10"
___________________________________________________________


----[  System Info  ]------------

OS Version:      Microsoft Windows XP Professional - Service Pack 2 (Build 2600) [1 * x86 CPUs]
Physical memory:      512 MB
System up-time:      0 days, 00 hours, 22 minutes, 41 seconds
BullGuard up-time:      0 days, 00 hours, 21 minutes, 28 seconds
TopLayer Version:      7, 0, 0, 1
FileSpy5 Version:      N/A
BdFileSpy Version:      3.8.0.58 built by: WinDDK
BsFileScan Version:      7, 0, 0, 29
Reconn Version:      1.1.0.5 built by: WinDDK
MailProxy Version:      7, 0, 0, 10
AntiVirus Version:      7, 0, 0, 27

----[  Scan Parameters  ]------------

Folders to scan:
    I:\System Volume Information

Excluded folders:
    None

Files to scan:
    None

Scan type:
    [o] Scan all files
    [ ] Scan program files only
    [ ] Scan custom extensions:

    [ ] Exclude user extensions:

    [X] Scan boot sectors
    [X] Scan packed files
    [X] Scan archives
    [X] Scan emails
    [ ] Scan running processes
    [ ] Scan registry
    [ ] Scan IE cookies
    [X] Enable heuristic detection

    [ ] Scan default action
___________________________________________________________

Scan Statistics
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:13:15
Scan duration:      0 days, 00 hours, 01 minutes, 30 seconds
Completion status:      Successful

Total files scanned:      1948
Total files skipped:      1
Identified viruses:      3
Scan speed:      21.64 files/sec

Files skipped:
    I:\System Volume Information\MountPointManagerRemoteDatabase [Open Failed]

___________________________________________________________

Infected Files
___________________________________________________________

----[  Infected Files  ]------------

Malware:      Application.Xolox.B
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Infected Spyware Files  ]------------

Malware:      Adware.Mywebsearch.BL
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 0
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:11:45
Scan duration:      0 days, 00 hours, 01 minutes, 30 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 1
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:13:25
Scan duration:      0 days, 00 hours, 00 minutes, 30 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Disinfect Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Disinfect Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 2
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:14:01
Scan duration:      0 days, 00 hours, 00 minutes, 15 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Failed moving to quarantine
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Failed moving to quarantine
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 3
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:14:20
Scan duration:      0 days, 00 hours, 00 minutes, 15 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

0
 
LVL 31

Accepted Solution

by:
James Murrell earned 500 total points
ID: 20312047
whoops forgot to add - take a look at http://msmvps.com/spywaresucks/archive/2005/09/17/66724.aspx
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20317339
Are those the only locations of the virus? just in the System volume information?
Have you rebooted after turning off System Restore? all restore points along with the nasties should be gone after reboot, IF that's where all they are.
0
 

Author Comment

by:joseph301074
ID: 20318012
rpggamergirl,

According to Bullguard the infection is only in I: DRIVE.
I have rebooted - done most of the things told to me.

Now i have downloaded Adaware and cross scanning with that..Have also written to Bull guard support and provided with the information.

Let's see..
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20348492
Is it an external drive? a USB drive?

Keep us informed when you hear from Bullguard.
0
 

Author Comment

by:joseph301074
ID: 20362464
rpggamergirl,

It is an External USB Drive(I: drive).
when cross scanned thru Adaware does not report any Malware.

The query is still in progress with Bullguard.




0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
GPO deployment of an .MSI package failed to deploy to remote machines 14 94
Web Browsers Start Page Hijacker 14 189
Endpoint security products 4 70
VMware Black Screen 13 119
Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question