Solved

How do i delete the malware infected file in I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

Posted on 2007-11-19
8
1,441 Views
Last Modified: 2013-11-22
My Malware software Bull guard is not able to delete the following files ...even in the command mode..

Malware:      Application.Xolox.B
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016
0
Comment
Question by:joseph301074
8 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 20311833
System Volume Information is for storing system restore points
so just disable your system restore and then re-enable it back, it will delete all the restore points, thus getting rid of the infected files too.

How to Enable/Disable System Restore
http://www.pchell.com/virus/systemrestore.shtml
0
 

Author Comment

by:joseph301074
ID: 20311950
I checked the checkbox on the "system properties"=>"system restore tab" in "my computer"
properties

Individually i selected the i drive which is a USB removable hard drive and turned off the system restore.

after a while a unchecked the box.

Then ran the scanner on the I drive alone .. still i gives me the same log ...

I have given below the scan details

__________________________________________________________

BullGuard Scan Report
Scan Profile: "~10"
___________________________________________________________


----[  System Info  ]------------

OS Version:      Microsoft Windows XP Professional - Service Pack 2 (Build 2600) [1 * x86 CPUs]
Physical memory:      512 MB
System up-time:      0 days, 00 hours, 22 minutes, 41 seconds
BullGuard up-time:      0 days, 00 hours, 21 minutes, 28 seconds
TopLayer Version:      7, 0, 0, 1
FileSpy5 Version:      N/A
BdFileSpy Version:      3.8.0.58 built by: WinDDK
BsFileScan Version:      7, 0, 0, 29
Reconn Version:      1.1.0.5 built by: WinDDK
MailProxy Version:      7, 0, 0, 10
AntiVirus Version:      7, 0, 0, 27

----[  Scan Parameters  ]------------

Folders to scan:
    I:\System Volume Information

Excluded folders:
    None

Files to scan:
    None

Scan type:
    [o] Scan all files
    [ ] Scan program files only
    [ ] Scan custom extensions:

    [ ] Exclude user extensions:

    [X] Scan boot sectors
    [X] Scan packed files
    [X] Scan archives
    [X] Scan emails
    [ ] Scan running processes
    [ ] Scan registry
    [ ] Scan IE cookies
    [X] Enable heuristic detection

    [ ] Scan default action
___________________________________________________________

Scan Statistics
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:13:15
Scan duration:      0 days, 00 hours, 01 minutes, 30 seconds
Completion status:      Successful

Total files scanned:      1948
Total files skipped:      1
Identified viruses:      3
Scan speed:      21.64 files/sec

Files skipped:
    I:\System Volume Information\MountPointManagerRemoteDatabase [Open Failed]

___________________________________________________________

Infected Files
___________________________________________________________

----[  Infected Files  ]------------

Malware:      Application.Xolox.B
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Infected Spyware Files  ]------------

Malware:      Adware.Mywebsearch.BL
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 0
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:11:45
Scan duration:      0 days, 00 hours, 01 minutes, 30 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 1
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:13:25
Scan duration:      0 days, 00 hours, 00 minutes, 30 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Disinfect Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Disinfect Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 2
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:14:01
Scan duration:      0 days, 00 hours, 00 minutes, 15 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Failed moving to quarantine
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Failed moving to quarantine
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

___________________________________________________________

Results after ROUND 3
___________________________________________________________

Scan started:      Monday, November 19, 2007 18:14:20
Scan duration:      0 days, 00 hours, 00 minutes, 15 seconds
Infections solved:      0
Infections left:      3
Viruses left:      3

----[  Files Still Infected  ]------------

Malware:      Application.Xolox.B
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0018

Malware:      Trojan.Spy.Agent.L
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0006

----[  Spyware Files Still Infected  ]------------

Malware:      Adware.Mywebsearch.BL
Status:            Deletion Failed
    I:\System Volume Information\_restore{A8C5D654-0577-408F-A323-5378B34D5460}\RP63\A0048804.exe=>(NSIS o)=>zlib_nsis0016

0
 
LVL 31

Accepted Solution

by:
James Murrell earned 500 total points
ID: 20312047
whoops forgot to add - take a look at http://msmvps.com/spywaresucks/archive/2005/09/17/66724.aspx
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20317339
Are those the only locations of the virus? just in the System volume information?
Have you rebooted after turning off System Restore? all restore points along with the nasties should be gone after reboot, IF that's where all they are.
0
 

Author Comment

by:joseph301074
ID: 20318012
rpggamergirl,

According to Bullguard the infection is only in I: DRIVE.
I have rebooted - done most of the things told to me.

Now i have downloaded Adaware and cross scanning with that..Have also written to Bull guard support and provided with the information.

Let's see..
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20348492
Is it an external drive? a USB drive?

Keep us informed when you hear from Bullguard.
0
 

Author Comment

by:joseph301074
ID: 20362464
rpggamergirl,

It is an External USB Drive(I: drive).
when cross scanned thru Adaware does not report any Malware.

The query is still in progress with Bullguard.




0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Hardening Windows 10 to prevent Cryptolocker incident ? 16 207
dma locker 3 query 7 164
Regedit Register where from, why everyday need to clean them  ? 13 73
ScanGuard 4 80
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now