Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\system Volume Information\...\a0025371.exe Detection


  • Please log in to reply
12 replies to this topic

#1 Confused Angel

Confused Angel

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 18 January 2008 - 09:14 PM

Hello everyone! I am hoping someone might be able to help me with a problem I've been having lately, without me having to completely wipe my computer.

C:\System Volume Information\...\A0025371.exe

This detection has been popping up on my Avira Antivir software for a few days. I am running Windows XP. I'm also not great at computers, but I am really good at following directions, so if you need more information... please let me know :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 Tomo2

Tomo2

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wanganui, Aotearoa NZ
  • Local time:12:42 AM

Posted 18 January 2008 - 10:51 PM

Hi there Confused Angel, :thumbsup: to BC!

You need to clear your system restore files as they have been infected. To do this right click on my computer and select properties. Go to the system restore tab and select "turn off system restore on all drives". Then reboot and turn it back on again.

Hope this helps! :flowers:

L&P, World Famous in New Zealand since ages ago!
Posted Image
Avast! Antivirus : Spybot S&D : Trend Micro Housecall : Hosts file : HiJack This
Don't be too open minded - your brains will fall out


#3 Confused Angel

Confused Angel
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 18 January 2008 - 11:18 PM

Thank you so much Tomo! You rock my world! :thumbsup:

#4 Teenage.Zombiee

Teenage.Zombiee

  • Members
  • 831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Sydney, Australia.
  • Local time:11:42 PM

Posted 18 January 2008 - 11:20 PM

I have a question for you Confused Angel
Has a0025317.exe or something alike been found anywhere other than restore?

(Im not going anywhere with this yet, but Im just personally curios)

Teenage.Zombiee is back ! :halloween:


#5 Confused Angel

Confused Angel
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 18 January 2008 - 11:22 PM

Nope. Everytime it is found, it is always in that folder. I kept telling it to quarantine, but it keeps popping back up.

#6 Teenage.Zombiee

Teenage.Zombiee

  • Members
  • 831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Sydney, Australia.
  • Local time:11:42 PM

Posted 18 January 2008 - 11:23 PM

Have you tried deleting it?

Teenage.Zombiee is back ! :halloween:


#7 Confused Angel

Confused Angel
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 18 January 2008 - 11:26 PM

I couldn't ever see it when I tried to go to the folder.

#8 Teenage.Zombiee

Teenage.Zombiee

  • Members
  • 831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Sydney, Australia.
  • Local time:11:42 PM

Posted 18 January 2008 - 11:28 PM

I mean when Avira detects it.
Do you get an option to delete or quartintene or anything similar?

Also, have you tried any online scans or spyware scans? Because this could be something a little deeper than an infection in restore

Teenage.Zombiee is back ! :halloween:


#9 Confused Angel

Confused Angel
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 18 January 2008 - 11:31 PM

When Avira detects, I always hit quarantine. It didn't give me a delete option. I don't know about online scans? But I'm willing to try anything.

#10 Teenage.Zombiee

Teenage.Zombiee

  • Members
  • 831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Sydney, Australia.
  • Local time:11:42 PM

Posted 18 January 2008 - 11:40 PM

Ill get one thing straight before I continue
I am not a malware expert but I do know a fair bit about malware

Try an online scan and see what it finds
Trend Micro Housecall
Trend Micro Housecall without Active X This one I reccomend if you would like to scan using firefox
Kaspersky

These are resonably good scanners.
See what they find.
Word from the wise: If you're running a dial up connection, getting these scans done is very time consuming

Also, try an anti spyware program or two
Spybot- Search & Destroy
Super Anti Spyware Free

If these find some things I reccomend you post here Hijack This logs & malware removal

Teenage.Zombiee is back ! :halloween:


#11 Teenage.Zombiee

Teenage.Zombiee

  • Members
  • 831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Sydney, Australia.
  • Local time:11:42 PM

Posted 18 January 2008 - 11:51 PM

Also, Confused Angel

It would be nice if you posted the results from your scans :thumbsup:

Teenage.Zombiee is back ! :halloween:


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:42 AM

Posted 19 January 2008 - 12:25 AM

The infected RP***\A00*****.exe file(s) identified by your scan is in the System Volume Information Folder (SVI) which is a part of System Restore. This is the feature that allows you to set points in time to roll back your computer to a clean working state. The SIV folder is protected by permissions that only allow the system to have access and is hidden by default unless you have reconfigured Windows to show it.

System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points as an A00***** file. The original file name would have been different.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:42 AM

Posted 19 January 2008 - 12:39 AM

Forgot to mention that an infected A00***** file in system restore will not re-infect your system unless you accidentially used an old restore point containing malware. If your anti-virus cannot remove this type of file, then you can Create a New Restore Point, and use Disk Cleanup to remove all but the most recently created Restore Point.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users