AMON Splash Screen not functional

I have just taken a look at my virus log it shows the following has been going on for DAYS!!!! and not a single peep from AMON, what has happened to the glearing red splash screen that normally pops up


Time Module Object Name Virus Action User Info
27/05/2004 19:45:20 PM AMON file C:\System Volume Information\_restore{7EA69FAF-9D49-4735-B141-CB813AEFE73A}\RP26\A0003170.scr Win32/Sober.G worm error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM
27/05/2004 17:11:05 PM AMON file C:\System Volume Information\_restore{7EA69FAF-9D49-4735-B141-CB813AEFE73A}\RP26\A0003170.scr Win32/Sober.G worm error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM
27/05/2004 16:59:05 PM AMON file C:\System Volume Information\_restore{7EA69FAF-9D49-4735-B141-CB813AEFE73A}\RP26\A0003170.scr Win32/Sober.G worm error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM
27/05/2004 15:11:05 PM AMON file C:\System Volume Information\_restore{7EA69FAF-9D49-4735-B141-CB813AEFE73A}\RP26\A0003170.scr Win32/Sober.G worm error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM
27/05/2004 13:26:34 PM AMON file C:\System Volume Information\_restore{7EA69FAF-9D49-4735-B141-CB813AEFE73A}\RP26\A0003170.scr Win32/Sober.G worm error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM
27/05/2004 12:11:05 PM AMON file C:\System Volume Information\_restore{7EA69FAF-9D49-4735-B141-CB813AEFE73A}\RP26\A0003170.scr Win32/Sober.G worm error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM


and it continues...

11/05/2004 21:51:54 PM AMON file C:\Documents and Settings\PC User\Local Settings\Temporary Internet Files\Content.IE5\3A47VHG5\all_launch_reg[1].htm probably modified trojan JS/NoClose.L error while cleaning - operation unavailable for this type of object

 

No I don't, I trialed TDS but had problems of freezing with my XP machine, and being that I have a VERY stable system, I was NOT at all impressed. I'll give it another go later on.

I'm just really concerned that AMON has been trying to deal with a problem for days on end and I have NOT been made aware of the situation...

Cheers

 

Do you have it set to automatically try to clean infected files?

I think that the problem might also be that the files are accessed when no one is logged in (during booting for example), or that the files are accessed by the system account. If there is no user logged in, there is no desktop to display the errors on.. but.. then you shouldn't see the "error while cleaning" message.

 

Since the virus was detected in the System volume information folder, it's necessary to turn off the System restore function.

 

Hi Ronjor, Anders and Marcos, thanks for your replies, I do have AMON set to "Clean Automatically", I just expected AMON still to pop up and advise me there was an action being taken, even though I had set it to "Clean Automatically"...

Surely there is a way of having the AMON Splash Screen pop up and stay there when using "Clean Automatically", I want to know that there is something happening in the backgound, that a virus has been detected and what AMON has or has NOT been able to do with the infiltration.

I have system restore permanently turned off.

Administrator is the ONLY account on my system.

I was/am just VERY surprised to see that AMON had been having a struggle for days on end without success and I had NOT HAD A SINGLE warning that this was going on... and this is NOT a good thing...

Cheers

 

Scan log of 3 days ago 24th of May - ALL Clean APPARANTLY (I know about the zipped file, it was one that was NOT detected by Nod until virus patterns were updated 2 days later) and my settings are set to maximum, scan all files, runtime packers, archives etc etc...

Cheers

 

Scan log from last night using the Command Line scanner and AH, this is where Sober.G was detected and cleaned from System restore, even though I have it permanantly turned off

Cheers

 

You can have yesterday, I like today, it's much better

 

I wonder if the Sober.G infection that was found has something to do with the following thread

https://www.wilderssecurity.com/showthread.php?t=32317

This was when Sober.G first arrived on the market and Nod did not detect it. Still though having updated detection patterns 2 days later, I would have expected AMON and full scans by Nod to have detected infiltrations in the restore files, and being that I do NOT have system restore activated I wonder as to why these files were infected, does Sober.G target system restore?

Cheers

 

I'm confused about System Restore and cleaning/deleting viruses in it. Marcos says System Restore must be turned off in order to clean viruses in it. I don't understand.

I ran NOD32 last night using this new ah command and NOD32 found 4 viruses that the regular NOD32 scan and adv. heuristics right click scan and AMON had all missed. NOD32 proceeded to delete 2 viruses from System Restore. Unlike Blackspear, I have System Restore up and running.

So, how did NOD32 manage to delete 2 viruses from the protected active System Restore

Does this deletion mean that all System Restore points up to, and including the last one before NOD 32's action, are now crippled and cannot be used to restore to?! If that is true then I sure I wish I hadn't left the "delete if not cleanable" command in that string! Ugh.