Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj_dloader.rky


  • Please log in to reply
6 replies to this topic

#1 justjeena

justjeena

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Miami
  • Local time:01:07 AM

Posted 20 October 2007 - 01:46 PM

OK....Unfortunately I'm back again.....with another problem...... Trend micro found and quarantined this and 8 others, same thing but different in different files.....Now what do I have to do to fix it?

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:07 AM

Posted 20 October 2007 - 01:51 PM

Install Super Antispyware free. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:07 AM

Posted 20 October 2007 - 02:00 PM

When a program quarantines a file or moves it into a virus vault (chest), that file is safely held there (and no longer a threat) until you take action to delete it. One reason for doing this is to prevent deletion of an essential file that may have been flagged as a "False Positive". If that is the case, then you can restore the file. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure.

When the file in the vault is known to be bad, you can delete it at any time.

If that's all you have, then you don't have a problem. Trend Micro did its job.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 justjeena

justjeena
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Miami
  • Local time:01:07 AM

Posted 20 October 2007 - 02:30 PM

OK, Quiet Man......but I'm still confused, are you saying that I shoud just leave it there? If not, then how do I know if it isn't an essential file?

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:07 AM

Posted 20 October 2007 - 03:33 PM

Any files moved to quarantine are no longer a threat. Troj_dloader.rky is the infection name given by Trend Micro but it should be associated with a specific file and location it was found. You can search that file name using Google, BC's File Database, File Research Center or the Process ID Database.

If you don't find any information on the file, then its more than likely bad. I did not mean for you to worry that this is a false positive in your case. I was just advising that the possibility of a FP is one reason why a file is moved to quarantine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 justjeena

justjeena
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Miami
  • Local time:01:07 AM

Posted 27 October 2007 - 01:37 AM

Just an update...I didn't find info on the files that were quarantined...and I haven't deleted them, because I'm not sure how........ so if u can help me with that, I'd greatly appreciate it..... Also, less than 5 min. ago Trend micro detected and quarantined another one...C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP14\A0003871.dll
Virus name: TROJ_DLOADER.RKY :thumbsup:
Why am I getting these? and how can I stop it?
thanks,
Jeena

#7 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:07 AM

Posted 27 October 2007 - 05:50 AM

The file Trend Micro found is in the system restore. The way you get rid of it is by removing ALL system restore points.
If you have not used the programs I recommended in my first post, you should do that BEFORE removing the system restore points.

QUOTE:Trend Micro products can be configured by a user or set by a network administrator to "quarantine" a file for possible later inspection. Files tagged for quarantine are encrypted and moved to a protected folder, preventing them from further executing and causing any more harm to the user's system. Each product has a Quarantine Manager where users can then permanently delete or restore files from quarantine. Upon inspection of the stored files, an exception list (whitelist) option is also provided to avoid possible false positive detection.

It shouldn't be that difficult to find the quarantine manager after opening the Trend Micro. Look for a button that says "permanently Delete" or something like that. DO NOT use a button that says "restore" or similar that would put the files back on your system.


Info on how to remove system restore points is in the link below.
http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

Edited by buddy215, 27 October 2007 - 06:15 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users