The majority of the files detected and removed were infected RP***\A00*****.exe file(s) in the System Volume Information Folder
(SVI) which is a part of System Restore
. This is the feature that allows you to set points in time to roll back your computer to a clean working state. The SVI folder is protected by permissions that only allow the system to have access and is hidden by default
unless you have reconfigured Windows to show it.
System Restore will back up the good as well as the bad files
so when malware is present on the system it gets included in any restore points as an A00***** file. When you scan your system with anti-virus or anti-malware tools, they may detect and place these files in quarantine. When a security program quarantines a file, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat
until you take action to delete it.
Download FileASSASSIN FA_Portable.zip
and save to your desktop (this tool is compatible with Win 2000/NT/XP/Vista only)
Note: If you cannot find the file(s), you may have to Reconfigure Windows XP to show hidden files, folders. (We are doing this so we can look for and delete hidden files if necessary but don't delete anything other than what I ask you to delete. After your system is clean, follow the same procedure to hide these files and folders again to protect them from accidental deletion)
- Create a new folder on your C:\ drive called FileASSASSIN and extract (unzip) the file to that folder. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.)
- Open the folder and double-click on FileASSASSIN.exe.
Note: If you downloaded the installable version instead, just double-click on fa-setup.exe to install and then launch FileASSASSIN from the program folder.
- Select the following file(s) to delete by dragging it onto the text area or select it using the (...) browse button.
- DD9E6ADA.DLL <-- C:\Windows\system32\ folder
- Select a removal method. Start with "Attempt FileASSASSIN's method of file removal."
- Click delete and the removal process will begin.
- If that did not work, start the program again, select the file(s) the same way as before and this time check "Use delete on reboot function from windows."
Rescan again with Avira AntiVir when done.