Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91911 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

malware in C:\System Volume Information\_restore


  • This topic is locked This topic is locked
2 replies to this topic

#1 Keni254

Keni254

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 06 November 2005 - 03:11 PM

I ran Kapersky virus scan, just to double check my NAV, and among the items in the report were the following: C:\System Volume Information\_restore{FC410490-7AE3-4CCB-9F1C-204F35B7DF3D}\RP186\A0094740.exe/WISE0021.BIN Infected: Backdoor.Win32.Ruledor.c C:\System Volume Information\_restore{FC410490-7AE3-4CCB-9F1C-204F35B7DF3D}\RP186\A0094740.exe/WISE0022.BIN Infected: Trojan-Dropper.Win32.Mudrop.o C:\System Volume Information\_restore{FC410490-7AE3-4CCB-9F1C-204F35B7DF3D}\RP186\A0094740.exe Infected: Trojan-Dropper.Win32.Mudrop.o What have I got here? Seems to say that a restore point may have been created with active malware. Am I OK as long as I don't restore, and how can I delete this restore point just to be sure? Also in the report: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip/msexreg.exe Suspicious: Password-protected-EXE C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip Suspicious: Password-protected-EXE C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy18.zip/msexreg.exe Suspicious: Password-protected-EXE C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy18.zip Suspicious: Password-protected-EXE I read this as Spybot has already identified and quarantined the BarginsBuddy threat, but it also appears to be in the Spybot recovery file. Same question as above, how can I delete this?

    Advertisements

Register to Remove


#2 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 02 December 2005 - 08:22 PM

Please don't start multiple threads. Piatan is helping you here:

http://forums.tomcoy...showtopic=50497

I am closing this thread.

#3 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 02 December 2005 - 08:23 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users