|
|
#1
February 9th, 2009, 02:55 AM
|
||||
|
||||
Infection
Hello,
I have: Windows XP Home Edition SP3, 32-bit computer will all the latest Windows Updates on a Dell Dimension 8400 with ESS v3. Yesterday, during a scan, it picked up the following: Object Name: C:\I386\GTDownDE_87.ocx Reason: Probably a variant of Win32/Adware.Agent application Today, when I left the computer idle for an hour or two and came back NOD32 found the following: Object Name: C:\System Volume Information\_restore{random letters and numbers here going on for a while}\RP927\A0106100.ocx Reason: Probably a variant of Win32/Adware.Agent application Other Information: • Real-time file system protection • C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP927\A0106100.ocx • Probably a variant of Win32/Adware.Agent application • Cleaned by deleting - quarantined • NT AUTHORITY\SYSTEM • Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe. <--- What does this mean? I haven't a single virus in over a year! I have never had a virus 2 days in a row before... what's going on? I haven't visited any bad websites or downloaded anything bad. What are these things and how am I getting them? Help! Thanks.
__________________
ESET NOD32 Antivirus v6 Last edited by xMarkx : February 9th, 2009 at 03:37 AM. |
|
#2
February 9th, 2009, 04:57 AM
|
|||
|
|||
|
Re: Infection
The first one is the virus which ESS removed.
The second is the copy of it Windows made in System Restore when ESS removed it. You are NOT infected by the second one. It's just lying dormant inthe System Restore folders. As long as you don't restore your PC back to a time when you had th virus you are still clean.
__________________
ESET NOD32 Anti Virus 4.2.64.12 AMD 64 X2 4400+ Asus A8N-SLi Deluxe (Bios 1016) 3 Gb RAM Sony DVD-RAM AW-G170A Seagate ST3200820AS (200 Gb Main Drive) |
|
#3
February 9th, 2009, 05:50 AM
|
||||
|
||||
|
Re: Infection
If I remember right they are both something to do with Dell support programs. I would follow the usual steps for getting a False Positive fixed.
__________________
OpenDNS with DNSCrypt SSD: Windows 8 Pro x64 | IE10 (Enhanced Protected Mode) & Fanboy's TPLs HDD: Xubuntu 12.04 LTS (x64) | Firefox: ABP(Fanboy's list) & HTTPS Everywhere |
|
#4
February 9th, 2009, 09:39 PM
|
||||
|
||||
|
Re: Infection
Quote:
Thank you Paul and Funky for your replies. What does this mean though: Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe. (This was for the C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP927\A0106100.ocx one) Regards, Mark.
__________________
ESET NOD32 Antivirus v6 |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
