am i infected ?

hi (:WAV)

just downloaded drwebcureit,
i attached the result. all the infections are on C\system volume information.
what should i do about the infected items? may i just remove/delete them since i can’t cure them.
been using Avira (CAVS before), Spyware Terminator, spyware blaster, CFP,CMG,CBO, and these nasties still managed to enter?
man! i’m scared!

p.s. i don’t notice anything weird happens to my computer.

ganda

[attachment deleted by admin]

Looks like it’s picking up on old copies in your system restore.
You can clear them out by turning it off, then back on.

thx for the reply Cat,
forgive my ignorance,
do you mean i should turn off system restore (let the restore point to be removed) & turn it on right away? or should i do something between those turn off/on? i’ve RENAMED the infected file, is this the right step?

i can’t believe my antimalwares can’t detect them. i update all my antimalwares daily & set the heuristic to the highest level, and i just scanned my comp with PrevXFree scanner yesterday.no single nasty found, and now i found them. >:(

and what is this “system volume information” thing? should i be worry? i don’t see anything strange on my comp.

Ganda

It’s Windows, so you’ll need to reboot after you’ve disabled it :smiley:
Then after reboot you need to enable it, and guess what? Reboot! :stuck_out_tongue:
If you don’t reboot, the files for System Restore won’t be deleted.

System Volume Information is where all files for System Restore is stored, it’s usually hidden, and you can’t access it, tho there’s an easy way to do it if you’re interested :wink:

Cheers,
Ragwing

i get it now. now i’m clean like a baby ;D

oh yeah, i forgot to ask about this. tried to open C/system volume information and i got
“access denied”.
but i think i’ve managed to open it once a long time ago on my other computer (the one infected by rontokbro), Norman Virus control detected the virus on this system volume info.and i simply open it ???
well, teach me to do it pls :stuck_out_tongue: .

and thx for the quick reply to you both. :■■■■ :■■■■ <=== milk.

ganda

NOTE: I use Swedish version of XP Pro, so my English translation might not be correct.

  1. Open the Control panel.

  2. Click ‘Folder options’.

  3. Click the ‘View’-tab.

  4. Uncheck ‘Use simplified file sharing(recommend)’.

  5. Under ‘Hidden files and folders’ choose’ Show hidden files and folders’.

  6. Uncheck ‘Hide protected operating files(recommend)’.

  7. Open up my computer, and click your HDD(usually Local Disk (C:) ).

  8. Right-click ‘System Volume Information’ and choose ‘Properties’.

  9. Click the ‘Security’-tab.

  10. Click your account and allow it full access.

  11. Click ‘OK’.

  12. Now you’re able to go into the mysterious ‘System Volume Information’-folder!

Cheers,
Ragwing

(:CLP) saved the page

So those were FP’s? The only file in my System Volume Information directory is one file that has nothing in it (i’ve edited it a long time ago): MountPointManagerRemoteDatabase

are you asking me?
i don’t know. after turning off system restore & rebooting, i lost all of my restore points. or maybe you don’t use system restore at all?
i create restore points a lot & set the “disk space to use” bar to maximum.

Apparently no. :D, but based on cat’s first response they appear to be infected restore points. If so then Dr. Web is better than others you’ve used ???

That’s a question I get asked a lot,whether system restore is more harm than good.My answer is that on the whole it’s better than nothing,but there are free alternatives available.Personally I use Drive ImageXML which creates a complete copy of your system drive,of course make sure it’s clean of any malware first.This image can be saved to another drive or partition or can be burned to Dvd or CDR.

The advantage over system restore is that it copies everything rather than a limited number of settings,so a restored image will be exactly as it was when the image was created.

To delete your system restore points, I think it’s enough to get at the hard drive’s properties, click on “free disc space” (or something like that), select restore points and then OK.

??? funny, i click Show new replies to your posts. , but this topic’s not listed.

that’s a big problem :o
about the “probably batch.script virus”, i remember that i have 1 suspicious .exe file (it’s a corrupted local virus, i guess).
Program.AVTest, (i think it’s trojan simulator)
Adware.Gdown;;
Modification of BackDoor.Generic.1219
Adware.Msearch.origin;;

but these three is fishy.
i think system restore is just “restoring system”, and do nothing to the files, am i right? then why system volume information can have these trojan simulator & my suspicious .exe file? i blocked trojan simulator when i was trying it (CBO,ST’s Clam AV warned me) & i’m too paranoid to test a suspicious .exe ( i tried it on another comp, and it did nothing).

So far no one in this thread has answered directly whether these SR points are viruses or not… :THNK

If you still have them, why not upload to Comodo or whatever vendor for confirmation?

i was too panic to do that ;D and now i have erase them. about the suspicious file, i attached it in this forum. the guy who’s infected by this virus said that the virus came from flash disk and there are 2 .exe. but he only send me 1 of it.
https://forums.comodo.com/help_for_comodo_antivirus/how_long_the_submitted_file_can_be_added_into_virus_database-t13501.0.html

I would say yes, you seem to be infected with the “Comodo Forum Posting” virus (:TNG)

Greetz, Red.

;D CFP virus

Your attachment is still there today because Comodo replied that it wasn’t malware, otherwise we would’ve removed it.

ok, but virustotal recognized it as a virus. maybe it’s the “probably script.batch virus” source?

now this is one of reasons why i should be scared all the time (attached).
earlier today, a business partner gave me a flashdisk and told me to take some of the files there. usually the files given to me are mostly MS excell, MSword, pdf, or powerpoint (like performance reports, brochures,invoices,etc).
but the cursed flashdisk contained many .exe file (i only attached one of them). judging by the file title, they should be .xls or powerpoint files.
i’ve scanned the files with high heuristic avira, ST (clam AV integrated), drwebcureit & PrevXfree scanner, uploaded the file to virustotal.com, virusscanjotti.org. found nothing.
maybe these files wasn’t malwares, but even the guy who gave me the flashdisk didn’t know where the .exe files came from. so this is a little bit suspicious.
oh! and for additional info,he doesn’t even know what a FIREWALL is!? it’s so (:AGY)
so much for security huh? i’m trying to keep my system clean while other ppl recklessly spreading the malwares.

now, i haven’t noticed anything strange on my comp. so could somebody tell me, is this file a malware? tried to send it via avira quarantine tab, still got problem with it, and anybody know how to send the sample to comodo? i forgot the email address ;D & should i zip it? or just send it?

edit : i’ve sent the file to avira lab, and it’s clean ??? but i’m still curious, .exe from nowhere?

[attachment deleted by admin]