Detected trojan in my System Volume [Archive]

View Full Version : Detected trojan in my System Volume

Cscampxp

October 25th, 2005, 08:25 PM

Hello guys! i've been so intrigued with NOD32 so installed the 30 day trial of Nod 32.

As it was scanning it found a Win32Trojan and Win32 Adware in 2 files in my C:System Volume Information folder (a hidden folder in Windows)....

the two files are in
C:\System Volume Information\_restore\{84.......}\RP524\A00698835.exe
-this contains the Win32/TrojanDownloader
and
C:\System Volume Information\_restore\{84.......}\RP524\A00698836.cfg
-this has the Win32/Adware.Broadcap

Is it safe to delete these files? or should i try and just clean it? i just wanted to make sure coz its in one of the hidden folders. Thanks guys!

snowbound

October 25th, 2005, 08:31 PM

The infections are in your System Restore.

Just disable SR, reboot, reenable it, then set a new restore point(scan again to be sure).

Detailed instructions here,

http://www.pchell.com/virus/systemrestore.shtml

snowbound

Cscampxp

October 27th, 2005, 02:00 PM

thanks snowbound,

I actually deleted it before disabling system restore...i then disabled system restore and then scanned my system again. It seem to have deleted the Trojan and Adware even though i didnt disable System restore. I'll scan my system again in a few days to see if those were really deleted.