trojans

ManoMano
edited June 2004 in Spyware & Virus Removal
i have trojans in c:\system volume information\_restore they have really long names and i cant find the folder to delete manually. they didnt show up on most scans just a control thing i had. How do i delete them??

Comments

  • shwaipshwaip bluffin' with my muffin Icrontian
    edited June 2004
    the folder c:\system volume information\ is a hidden folder. To view it, open my computer, click "tools" -> "folder options" -> "view" -> "view hidden files or folders"

    However, you will most likely not have access to this folder. How do you know that the trojans are located there?
  • ManoMano
    edited June 2004
    avg resident sheild found them but the scans didnt and other anti virus, trogan cleaners etc didnt pick them up either.
  • DexterDexter Vancouver, BC Canada
    edited June 2004
    "c:\system volume information\_restore " is a special folder where Windows ME or XP saves the System Restore data. For that reason, it is not easily accessible at the user level.

    However, the good news is that it is not an "active" part of your OS.

    The bad news is that if you ever have to do a restore from your saved data, such as a "last known good" reboot, then this trojan can once again become an active part of your OS.

    The good news to that bad news is that it is very easy to flush everything out of your restore directory, by deleting the restore points. Simply go to your My Computer icon, right click, and select Properties (or go to the control panels and select System.) Then click on the System Restore Tab. Find the check box that says "Turn off system restore on all drives." Put a check mark in there, then click Apply. Your hard drive should grind away for a few moments, as it clears the saved restore points. When that is done, hit OK and close the control panel. Reboot your computer.

    When it starts back up, immediately go back into that control panel, and remove that checkmark, and hit apply, to turn system restore back on. Then click OK to exit that control panel again.

    Finally, go to your Start Menu -> All Programs -> Accessories -> System Tools -> System Restore. From this program, you should now Create a Restore Point, so that you have a fresh clean restore point to fall back on. The reason you need to do this is that the last step above does not create a new restore point, it simply turns the restore function back on, but without a restore point to work from, it would wait until the next time you install something that makes changes to your Windows directories.) So create a new restore point, and name it with todays date, and you will have a good restore point to fall back on if you need to, and the trojan should be flushed from your restore directory. Run a new AVG scan to find out.

    Let us know how that works for you.

    Dexter...
  • ManoMano
    edited June 2004
    Thanks i knew it might be to do with restore, the thing is only avg shield picked them up and them up and the main scans didnt and even the shield didnt find them for ages so i dont know if they will be gone? is there any other way to check?
  • DexterDexter Vancouver, BC Canada
    edited June 2004
    Not really any other way to do it. That is the only way to clear out the system restore data. Give it a try, it won't hurt anything and only takes a few minutes depending on the speed of your computer. I did it on my system just the other day, took about 5 mins total, including the restart.

    Dexter...
Sign In or Register to comment.