Hi,
I was running TDS-3 when it came up with about 10 similar results, there were in the sytem restore directory, so unsure i left them. About 2 weeks later i run a new scan, it came back with the same results but about 50 of them instead, does anyone know what this is and should i just delete them or what?

Heres a few of many reaults:

Positive identification <Adv>: Possible WebDownloader
File: c:\system volume information\_restore{8238bfe6-44bd-4b25-b0f7-ce65b3815cc9}\rp141\a0026540.exe

Positive identification <Adv>: Possible WebDownloader
File: c:\system volume information\_restore{8238bfe6-44bd-4b25-b0f7-ce65b3815cc9}\rp149\a0026736.exe

Positive identification: TrojanSpy.Win32.Briss.h
File: c:\system volume information\_restore{8238bfe6-44bd-4b25-b0f7-ce65b3815cc9}\rp150\a0026740.exe

P.S, I am running WIN XP HOME,

Many Thanks,
Matt

Hi Matty, Have you dowloaded the latest radius database from here: http://tds.diamondcs.com.au/index.php?page=update
Then run a complete scan with all the scan options enabled.

If all the items are in system restore you can get rid of them by doing the following: Start - Control panel - System - System restore and turning off system restore. Reboot your computer (BTW this will clear all your previous restore points) Run a TDS full system scan to ensure they have gone.

Re-enable system restore and creat a new restore point.

As this may be spyware and if the problem still persists Please go here: http://www.wilderssecurity.com/showthread.php?t=15913 and follow the instructions.

HTH Pilli

What i always wonder: if you have something in the restore, it must have been on the system as well, did you never see any alerts on other files or remove alerts?
Maybe you're able to somehow submit or search for the "suspicious possible webdownloader" file, zip and submit it to the submit@diamondcs.com.au lab or maybe in the alerts screen a rightclick to more info on the file could give more clues about the origins.

Further i would follow both Pilli's advices now.

Thanks guys, but i was thinking sytem restor deletes all the old ones and keeps the newest one when you delete all the points, if it is still there in the most recent point it wont be gone, but ill give it as try,

Thanks

Matt, That is why I wrote to disable system restore and reboot, this will kill ALL the restore points ;)

Hi,
I disabled and rebooted, i ran a scn and it came up with 48 results

Matt, Are they shown as in the restore file path or are you talking about local paths?

Are you running as an Administrator or ordinary user?
If you are running as an ordinary user you must run TDS3 as an administrator using the windows ran as utility.

I only have 1 user account on my PC, the path is c:\system volume information\_restore

Hi,

Only to be sure: here is the link from Gavin with guideline for running TDS-3 as admin:
http://www.wilderssecurity.com/showthread.php?t=29034

Thanks Fanj 8)