am i infected ?

[Guest]

[gandalicious]

hi

just downloaded drwebcureit,
i attached the result. all the infections are on C\system volume information.
what should i do about the infected items? may i just remove/delete them since i can't cure them.
been using Avira (CAVS before), Spyware Terminator, spyware blaster, CFP,CMG,CBO, and these nasties still managed to enter?
man! i'm scared!

p.s. i don't notice anything weird happens to my computer. 


ganda

[~cat~]

Looks like it's picking up on old copies in your system restore.
You can clear them out by turning it off, then back on.

[gandalicious]

thx for the reply Cat,
forgive my ignorance,
do you mean i should turn off system restore (let the restore point to be removed) & turn it on right away? or should i do something between those turn off/on? i've RENAMED the infected file, is this the right step?

i can't believe my antimalwares can't detect them. i update all my antimalwares daily & set the heuristic to the highest level, and i just scanned my comp with PrevXFree scanner yesterday.no single nasty found, and now i found them.

and what is this "system volume information" thing? should i be worry? i don't see anything strange on my comp.


Ganda

[Ragwing]

do you mean i should turn off system restore (let the restore point to be removed) & turn it on right away? or should i do something between those turn off/on? i've RENAMED the infected file, is this the right step?

It's Windows, so you'll need to reboot after you've disabled it
Then after reboot you need to enable it, and guess what? Reboot!
If you don't reboot, the files for System Restore won't be deleted.

and what is this "system volume information" thing? should i be worry? i don't see anything strange on my comp.

System Volume Information is where all files for System Restore is stored, it's usually hidden, and you can't access it, tho there's an easy way to do it if you're interested

Cheers,
Ragwing

[gandalicious]

i get it now. now i'm clean like a baby 

System Volume Information is where all files for System Restore is stored, it's usually hidden, and you can't access it, tho there's an easy way to do it if you're interested

oh yeah, i forgot to ask about this. tried to open C/system volume information and i got
"access denied".
but i think i've managed to open it once a long time ago on my other computer (the one infected by rontokbro), Norman Virus control detected the virus on this system volume info.and i simply open it
well, teach me to do it pls .

and thx for the quick reply to you both.  <=== milk.

ganda

[Ragwing]

well, teach me to do it pls

NOTE: I use Swedish version of XP Pro, so my English translation might not be correct.

1. Open the Control panel.

2. Click 'Folder options'.

3. Click the 'View'-tab.

4. Uncheck 'Use simplified file sharing(recommend)'.

5. Under 'Hidden files and folders' choose' Show hidden files and folders'.

6. Uncheck 'Hide protected operating files(recommend)'.

7. Open up my computer, and click your HDD(usually Local Disk (C:) ).

8. Right-click 'System Volume Information' and choose 'Properties'.

9. Click the 'Security'-tab.

10. Click your account and allow it full access.

11. Click 'OK'.

12. Now you're able to go into the mysterious 'System Volume Information'-folder!

Cheers,
Ragwing

[gandalicious]

  saved the page

[Soyabeaner]

So those were FP's?  The only file in my System Volume Information directory is one file that has nothing in it (i've edited it a long time ago): MountPointManagerRemoteDatabase

[gandalicious]

So those were FP's?

are you asking me?
i don't know. after turning off system restore & rebooting, i lost all of my restore points. or maybe you don't use system restore at all?
i create restore points a lot & set the "disk space to use" bar to maximum.

[Soyabeaner]

Apparently no. , but based on cat's first response they appear to be infected restore points.  If so then Dr. Web is better than others you've used

[andyman35]

are you asking me?
i don't know. after turning off system restore & rebooting, i lost all of my restore points. or maybe you don't use system restore at all?
i create restore points a lot & set the "disk space to use" bar to maximum.

That's a question I get asked a lot,whether system restore is more harm than good.My answer is that on the whole it's better than nothing,but there are free alternatives available.Personally I use Drive ImageXML which creates a complete copy of your system drive,of course make sure it's clean of any malware first.This image can be saved to another drive or partition or can be burned to Dvd or CDR.

The advantage over system restore is that it copies everything rather than a limited number of settings,so a restored image will be exactly as it was when the image was created.

[Japo]

To delete your system restore points, I think it's enough to get at the hard drive's properties, click on "free disc space" (or something like that), select restore points and then OK.

[gandalicious]

funny, i click Show new replies to your posts. , but this topic's not listed.

Apparently no. , but based on cat's first response they appear to be infected restore points.  If so then Dr. Web is better than others you've used

that's a big problem 
about the "probably batch.script virus", i remember that i have 1 suspicious .exe file (it's a corrupted local virus, i guess).
Program.AVTest, (i think it's trojan simulator)
Adware.Gdown;;
Modification of BackDoor.Generic.1219
Adware.Msearch.origin;;

but these three is fishy.
i think system restore is just "restoring system", and do nothing to the files, am i right? then why system volume information can have these trojan simulator & my suspicious .exe file? i blocked trojan simulator when i was trying it (CBO,ST's Clam AV warned me) & i'm too paranoid to test a suspicious .exe ( i tried it on another comp, and it did nothing).

[Soyabeaner]

So far no one in this thread has answered directly whether these SR points are viruses or not...

If you still have them, why not upload to Comodo or whatever vendor for confirmation?

[gandalicious]

So far no one in this thread has answered directly whether these SR points are viruses or not...

If you still have them, why not upload to Comodo or whatever vendor for confirmation?

i was too panic to do that and now i have erase them. about the suspicious file, i attached it in this forum. the guy who's infected by this virus said that the virus came from flash disk and there are 2 .exe. but he only send me 1 of it.
http://forums.comodo.com/help_for_comodo_antivirus/how_long_the_submitted_file_can_be_added_into_virus_database-t13501.0.html

[Tags:]