Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan embedded in restore point [Moved]


  • Please log in to reply
4 replies to this topic

#1 autlaw

autlaw

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 18 June 2009 - 02:52 PM

Hello, I have a trojan embedded in my restore point. Symantec SEP11 finds it and says that it cleans it with a restart, however, I keep running symc after the restart and the same trojan continues to appear. I've done this about 6 times no, result is always the same. has anyone seen this before?

Symantec says the file name is A0039003.sys. It is found in this directory:

c:\System Volume Information\_restore{"bunch of hexidecimals here"}\RP207\

Anyone know how to get this bugger deleted and cleaned up?

thanks,
Alan

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:47 PM

Posted 18 June 2009 - 02:55 PM

Turn off System Restore...then scan for malware...then turn SR back on right after a successful malware scan.

Louis

#3 Alex_Computer

Alex_Computer

  • Banned
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 PM

Posted 18 June 2009 - 03:42 PM

And whilest your scanning for Malware, use Malwarebytes Anti-Malware from here: http://www.malwarebytes.org. Please run a quick scan and post back the log. The reason that I say to run this on-top of Norton is Norton is known to not have th best detection ratings.


Alex

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:47 PM

Posted 18 June 2009 - 10:44 PM

I am moving this from the XP forum to the AII forum.

Also, there is a much safer way to flush your restore points.

The easiest and safest way to flush your restore points::
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Please note that in Home Edition, Disk Cleaner will run automatically. You will have to wait for it, then click on More Options tab.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 autlaw

autlaw
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 19 June 2009 - 10:36 AM

thanks everyone, I turned off system restore, ran symantec sep 11 which cleaned the trojan, then I turned back on system restore, rebooted and then ran symantec again several times and the trojan is not showing up anymore. I think it's fixed.

thanks,
Alan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users