Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Virus removal question

  • This topic is locked This topic is locked
1 reply to this topic

#1 Homer80


  • Members
  • 1 posts
  • Local time:10:53 PM

Posted 10 June 2004 - 02:53 PM

I'm new to this site, but with what I've seen it is the best troubleshooting site out there. Thanks in advance for the help.

I have/had a virus that is shutting down my comp. Seems to be Dumarin backdoor virus. I have SVOHOST and SWCHOST. I have followed steps to remove it, but it keeps coming back.

I'm using Spybot and it only finds DSO exploits now. Used Panda AV and it only found and removed one bad file. However I ran Trend Micro Cleaner and it is showing numerous Troj Dumarin G and H results.

This is where they are showing up on Trend Micro:
C:System Volume Info\_restore{20DC76B0-EB86-499C-A2F5-4909...\RP1\A0000001

Then all additional are the same through The last string but are A0000008, A01000009, A0000011, etc

I just wanted to verify these are actually trojans and not something else. Can I safely remove all these?? I was unaware of these before and am pretty sure I can handle the removal if that will resolve my problem. If not, I will download Hijack this and post.


BC AdBot (Login to Remove)


#2 Grinler


    Lawrence Abrams

  • Admin
  • 43,718 posts
  • Gender:Male
  • Location:USA
  • Local time:10:53 PM

Posted 10 June 2004 - 03:04 PM

These files are most likely stored in a restore point that antivirus software does not have access to. Please follow these directions to first disable and then reenable your system restore.

Disable System Restore. You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above

I would still like you to give us a hijackthis log to make sure nothing else is lurking around.

Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.

Download HijackThis from:


Save this file into the directory you made previously and then run the program. Click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.

Create a reply to this post here and right click in message area and select paste to paste the log into the post.

Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.

To see a tutorial on using HijackThis you can click on the link below:

HijackThis - Using HijackThis to Remove Spyware, Browser Hijackers, and Dialers

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users