Please help, I have acquired a trojan virus which isn't disappearing. It is called Downloader-YN and Downloader-YK. I have mcafee which finds them and then cleans the files. Then if I run it again it still finds them. It says they are situated in:- C:\SYSTEM VOLUME INFORMATION\_RESTORE. Is this system restore? If I disable this, run Mcafee again reboot etc, do you think it will be cleared. Thanks

Yes, those are the restoration files for System Restore. The files cannot be cleaned while SR is enabled (XP's operating system makes them inaccessible; they're locked). SR is a favorite hiding place for malware. Disabling System Restore will delete the files and any malware they contain. After disabling SR, scan your system again with McAfee. If you come up clean, re-enable SR.

And, yes, reboot.

Thanks for confirming my thoughts. I have done so and seems to be ok.

I have the same virus and McAfee cleans it but it comes back. I have windows 98 and I am not sure how to turn off the system restore. I have scanned, cleaned, & rebooted, but the virus always comes back. Does this virus hijack your homepage and install unwanted favorites? Or do I have another problem? I have run spyware/adaware scans and removed what is found, but I still have the problems with the about:blank homepage and unwanted favorites. I need some help bad.

I have the same problem as rjkeimjr with one addition. When I go to Start>Settings>Control Panel>Display - The Appearance and Web tabs have disappeared. How do I get those tabs back? Running SFC.exe does not find any errors. Oh, I was able to solve rjkeimjr's problem by running HiJackThis (http://zdnet.com.com/3120-20-0.html?qt=hijackthis&tg=dl-2001) As I recall you need to remove about 4 registry entries. Unfortunately, by the time I got around to using HiJackThis I was really tired and a little drunk. I didn't take any notes.

I am told you can get an automatic HiJackThis analysis from http://hijackthis.de/index.php?langselect=english