hi i just downloaded the trial version and it found 3 trojans:

DM 1.0 (variant)
Hir 2.0 (variant)
pos id (embedded in file) Remote.Admin.RA 4.9.29

i tried deleting them right click delete, but every time i reboot and rescan it finds one or more of them

in c:\system volume information\_restore{..........}

That file location is the System Restore area. Windows copies various files from your active system to that area in order to allow you to "roll your computer back" to a previous configuration if you need to. But, it doesn't know good files from bad files and very often it will copy a Trojan exe file into one of its restore points, too.

Now the good news is that a Trojan can't run from the System Restore area. The bad news is you can't delete it (at least not safely) from there... Both Microsoft and the major anti-virus people all recommend that you wipe all files in all restore points in order to remove any malware that might have got caught in there by System Restore.

What Microsoft says about malware in System Restore (link):

http://support.microsoft.com/support/kb/articles/Q263/4/55.ASP

What a couple AV site's say:

http://www.norman.com/virus_info/me_restore.shtml

http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

I recommend clearing the System Restore area as described in these articles as this should get rid of the malware in there so TDS won't detect it anymore.

When you've done this, the next question is: Are there any more occurrences of these findings that are NOT in :\system volume information\_restore ?

no the rest is clean.....but i thought i had turned off system restore (or at least an IT friend who installed everything) could one of these trojans heve turned on system restore?

anyway thanks for the info

If you still have a copy of the file please send it to submit@diamondcs.com.au - zip it please and retain a copy for now

This is a trojan dropper, Hir and DM are BINDERS and its dropping a Remote Anywhere variant.. so interested to see it ! might drop more things ;)