Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Get Rid Of The Them


  • This topic is locked This topic is locked
5 replies to this topic

#1 siren1234

siren1234

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 01 October 2007 - 02:18 PM

First had Virtumonde, got rid of it with Virtumondebegone. Every scan with Ad-Aware, Spybot, Ad-Ware, AVG, Avast, still comes up with problems. The last scan for AVG had 288 in the results. They were from System Volume Information\Restore in my C,F,G. What should I do now?? I don't have the computer hooked up to the internet right now and I am afraid to re-boot. It did it by itself and I had to repair windows with the XP CD. Oh almost forgot my buddy was over and downloaded a cracked version of some program I think it was videoredo, this is where and when the problems started. Don't worry he isn't using the computer anymore. PLEASE HELP.

Forgot to mention that alot of my programs are missing there .exe file and I have had to re-install only the ones that I need right now.

Siren

Edited by siren1234, 01 October 2007 - 02:23 PM.


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:44 AM

Posted 01 October 2007 - 02:54 PM

They were from System Volume Information\Restore in my C,F,G. What should I do now??

The System Volume Information Folder (SVI) is a part of System Restore - the feature that allows you to set points in time to roll back your computer to a clean working state. Keep in mind that System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points. When you scan your system with anti-virus or anti-malware tools, you may receive a message that a virus was found in the System Volume Information folder (System Restore points) but the anti-virus software was unable to remove it.

To resolve this, Set a New Restore Point and purge the old ones.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recent Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 siren1234

siren1234
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 03 October 2007 - 09:05 AM

What would be the cause of this?? I am still having problems with Win32.trojan and a few others (I am at work right now and don't have the list)

Thanks.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:44 AM

Posted 03 October 2007 - 09:44 AM

What would be the cause of this??

Since it all started when your buddy downloaded a cracked version of some program, I suspect doing that also resulted in downloading malware to your system.

We take this activity seriously enough to include it in our BC Discussion/Message Boards Rules.

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user.


I realize your not asking about ways to use such programs but I wanted to point that section of our rules out to you and anyone else reading this thread.

Some nasty malware is contracted and spread by visiting crack and keygen sites. Those who attempt to get software for free end up with a computer system so badly damaged that it cannot be repaired. In such cases there is nothing you can do besides reformatting and reinstalling Windows. Hard to say if thats the problem in your case without knowing exactly what your dealing with. You can disregard my previous instructions as I understood your only problem was malware found in System Restore.

You say you had a vundo infection and now Win32.trojan in additional to others. Backdoor/IRCBot Trojans are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.

Although the Trojan may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the OS - "When should I re-format?".

While we are always willing to assist with removal there is no guarantee of success. However, should you decide not to follow that advice, we will do our best to help clean your computer of any infections but we cannot guarantee it to be trustworthy. Let me know how you wish to proceed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 siren1234

siren1234
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 03 October 2007 - 10:27 AM

Thanks for the fast reply. I have posted a log from Hijack This and I am waiting for a reply. Will I have to re-format only the C or all the drives?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:44 AM

Posted 03 October 2007 - 10:32 AM

Your log is posted here.

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusing, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Thanks for your cooperation and good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users