Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I run AVG anti virus and it has found a "Trojan".
Location is on my second hardrive that I JUST had to replace because it froze up and I could get Windows to work. Now I had already scan it for virus and had found none.
I set it up as a "slave".
Here is the location< believe it is in a restore file, could explain why I could get the thing to restore just before it crashed.D:\System Volume Information\_restore{1136EA44-66DE-4969-BAE0-CA5B208F853C}-\RP12\A001497.exe
I can't get to this file to delete it, nor can AVG seem to be able to either.
PLEASE HELP!! I would like to get to reinstall the drive as the main drive again. But I'm afraid to as long as I can't get this "Trojan" gone.
Thanks!!
0 
hello
try rebooting to safe mode. and goto mycomputer right click it and disable system restore (if thats where the trojin is)
and reboot.
you might try on line scan at panda or housecall anti virus.••• Resistance is invigorating! •••
0
The problem is that it is on the HDD that is a slave because of windows crashing.
I'm not even sure if I can get it to come back up with Windows.
I have no way of disabling Restore on it, I can't even find it with search.
Of course it's probably listed with a different name.
I'm trying my best NOT to lose the info on that HDD.
So I want to get rid of the trojan before I reconnect it as Master.Does my problem sound like it comes from a trojan or virus attack? I really would like to solve that little mystery too.
Thanks!
0
Does anyone know how the get to the restore folder on a HDD?
Should I attempt to change over to "kill" this trojan?
Thanks!
Remove under score to email.
0
If the trojan is where you say it is...
D:\System Volume Information\_restore{1136EA44-66DE-4969-BAE0-CA5B208F853C}-\RP12\A001497.exe
If that is the only location of the trojan....you are safe. The only way the trojan would harm you in that folder is if you used that restore point.
To kill it...you need to disable system restore as said above.
To disable system restore:Right click "my computer"
Click properties
Click the system restore tab
Checkmark "turn off system restore on all drives"
Click apply
Click ok
Reboot the machineAll restore points will be deleted along with your trojan on ALL drives.
Just to be sure...rescan and if all clean then turn system restore back on.The reason you or your AVG cannot access or remove the trojan from System restore is because windows locks that file from anything changing it including antivirus.
I never give up!
0
I did the "uncheck" restore.
The Trojan if on the "slave" HDD, which is D:\.That did remove it.
I removed the "restore log" with Norton's wipe info and the thing still shows up with AVG.
I tried to switch the hards drives, Slave back to original and new to slave. The system said it could find the slave but not the master.
Something new..NOW I'm having a box come up saying I need to put n my Win XP disk as some of the files on system are not correct.
IF I turn off computer and back on, It doesn't come back up.
What the heck could cause that?
I'm not giving up, but this is driving me crazy.
Thanks!
Remove under score to email.
0
OK it's been a LONG day.
edit to the above....
The Trojan is ON the D:\ which is the slave HDD.
The unchecking restore did NOT remove the Trojan.
The thing about putting in the XP disk doesn't show up immediately, but after a while, say 30+ minutes.
Hope your having a better day than me, LOL.
Remove under score to email.
0
Hi
I've got almost the identical problem. The AVG Resident shield flags up this system restore folder as harbouring a Trojan Horse, but the full system test doesn't find or remove it.
C:\System Volume Information can be found by:
In a windows explorer window goinging to tools>folder options...
Go to the 'view' tab;
check the 'show hidden files and folders'
uncheck the 'hide protected system operating folders' > say 'ok' to the warning message it flashes up.I got this far, but access is still denied to this folder. Apparently right-click and go to properties, then if you have a 'security' tab, you can put your username in as one of the users who can access that file.
Whether deleting any files in that folder is a good idea though....
0
John
I would not think it is a good idea to delete files in there once you do gain access...you would be left with a partial restore point and if ever had to use it...computer is rooked.
Easiest to disable system restore, reboot, rescan, if all clean then enable restore again.
The reboot after enabling restore would create a brand new restore point you know is complete and clean.You likely didnt see ant results in your avg scan because avg is configured to skip scanning those files because it can't fix them anyway.
Windows locks that folder from any modification including from anti virus.
Windows will sometimes back up viruses/trojans etc.I dont know what operating system you have so I will post for both me and xp.
(winXP)1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405
.............................
Win ME
To disable System Restore:1. Right-click My Computer, and then click Properties.
2. On the Performance tab, click File System, or press ALT+F.
3. On the Troubleshooting tab, click to select the Disable System Restore check box.
4. Click OK twice, and then click Yes when you are prompted to restart the computer.
5. To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.
6. Ok your way out.How to Enable and Disable System Restore
http://support.microsoft.com/default.aspx?...kb;en-us;264887
_____________________________I never give up!
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
