Worm infection

Discussion in 'malware problems & news' started by thebluerabbit, Jul 31, 2004.

Thread Status:
Not open for further replies.
  1. thebluerabbit
    Offline

    thebluerabbit Registered Member

    Hello,

    I have a worm on my computer which is proving elusive. I have AGV6.0 for windows which produces a pop-up stating I have 'worm donk' in C:\system Volume Information\...restore[EODB5469-ECBS-HIOA-9A02'F484A3BEODBA]\RP14/AO27999.exe. It advises me to run AVG for Windows, which I do but it finds nothing. I did a housecall scan but without success. I have also tried to find the file in question, but failed.

    As for its effects - it freezes any pages connected to the internet after between 2 and 20 minutes.

    any sugestions?

    Thanks,
    Benj
  2. ronjor
    Online

    ronjor Global Moderator



    Hello Benj

    Try this.



    Turn off system restore, restart your computer and scan. Turn on system restore and create a restore point after the computer is clean.


    The infected files are still restoring themselves. What to do?

    You are most probably using one of the latter operating system - Windows ME or Windows XP on your machine. These systems are by default using the option for restoring the system files, which system automatically backups to the directory "_restore" on the system disk(normally to the directory "C:\_restore"). This way it is possible that the infected files join the backed-up files and become "undeletable".

    Solution

    The process depends on the operating system:

    Windows ME

    1. Right click on the "My Computer" icon on the Windows desktop and click "Properties"
    2. Click on "Performance">"File system"
    3. Click "Troubleshooting"
    4. Check "Disable system restore"
    5. Click on OK, Close and restart the system



    Windows XP

    1. Right click on the "My Computer" icon on the Windows desktop and click "Properties"
    2. Click on the "System Restore"
    3. Check "Turn off System Restore on all Drives"
    4. Click OK, Close and restart the system
Thread Status:
Not open for further replies.