Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected?And a question about System Volume Information folder


  • Please log in to reply
3 replies to this topic

#1 tariintod

tariintod

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 26 April 2011 - 09:02 AM

I was browsing a web page and suddenly firefox gave me an security alert that my computer might be in danger therefore all my harddrives should be scanned.Unfortunately , I clicked OK.After that a fake online-scanner webpage came out , according to that web-page it was scanning my harddrives in order to find the viruses.So I immediately closed that fake web-page within 5 or 6 seconds and turned off Adsl modem and disconnected from internet.

Although I do not have problems with my computer at this moment ; no slowdowns , ram and cpu usage is normal , I am still not sure whether my computer is infected by any kind of viruses or not.

I made a full scan with malwarebytes and kaspersky internet security 2010 (trial version) in safe mode.No viruses found.
But I would like to indicate that during scanning with kaspersky ,the scanning process stucked at 91% ,and I was able to complete the scanning process by stopping and then resuming the scan.
So should I generate a HijackThis log now or what prodecure should I follow?

I also have another question to ask: I have windows 7 installed as OS.I checked the System Volume Information folders for all the partitions for a possible virus infection.I have C: D: (my first harddisk)and G: (my second harddisk) partitions.
I've seen that regarding the D: and G: partitions ,for System Volume Information subfolders (SPP etc..), only SYSTEM has the permission (full control) .
On the other hand , regarding the C: ,for the subfolders(SPP ,System Restore,Windows Backup etc..)Both SYSTEM and administrators have the permissions (full control) and for the subfolders of SPP ,such as SppGroupCache and SppCBSHiveStore ; USERS (limited control),SYSTEM (full control)and administrators(full control) have permissions.

Is this normal?If it is not , can a virus cause this?
Should I remove the permissions of USERS and administrators and leave only the permission of SYSTEM.

Thanks in advance,

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:09 PM

Posted 29 April 2011 - 04:20 PM

Hello.

Are you experiencing any symptoms that lead you to believe that you may be infected?

As for the SVI folders, you should not alter those permissions.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 tariintod

tariintod
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 30 April 2011 - 04:51 AM

No , I do not have any problems so far.My computer is working fine :thumbup2:
But I just wanted to be sure that I am not infected.

For the SVI folders , I am not sure that the current permissions are the same with the default permissions.
I might have added those permissions (admins and users)besides SYSTEM in order to access those sub-folders ,unfortunately I cannot remember.
Therefore , I would be grateful if you tell me name of the groups or group(in this case ,only the SYSTEM must have the permissions) that have permissions on SVI as default in windows 7.

Edited by tariintod, 30 April 2011 - 04:53 AM.


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:09 PM

Posted 01 May 2011 - 01:24 AM

From the scans that you've run combined with the lack of symptoms, I'd say you're probably not infected.

By default, the SVI folders in Windows 7 have only System permissions.

Hope that helps.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users