can any one assist on how to get this virus out

Discussion in 'NOD32 version 1 Forum' started by xenon1, Aug 29, 2004.

Thread Status:
Not open for further replies.
  1. xenon1

    xenon1 Registered Member

    Joined:
    Aug 29, 2004
    Posts:
    2
    Time Module Object Name Virus Action User Info
    8/30/2004 7:41:48 AM AMON file C:\System Volume Information\_restore{9791F2D4-25F9-4C69-B0E0-1C5B42CB7DEE}\RP130\A0059143.exe Win32/TrojanDownloader.Alchemic.A trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM
    the program cant so it has to be done manualy but i cant find the system volume on the computer xp windows
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    From the NOD help page.

    You are most probably using one of the latter operating system - Windows ME or Windows XP on your machine. These systems are by default using the option for restoring the system files, which system automatically backups to the directory "_restore" on the system disk(normally to the directory "C:\_restore"). This way it is possible that the infected files join the backed-up files and become "undeletable".

    Solution

    The process depends on the operating system:

    Windows ME

    1. Right click on the "My Computer" icon on the Windows desktop and click "Properties"
    2. Click on "Performance">"File system"
    3. Click "Troubleshooting"
    4. Check "Disable system restore"
    5. Click on OK, Close and restart the system

    Note: It is recommended to return to the standard behaviour of the system after the removal of the infected files - by unchecking the "Disable system restore"

    Windows XP

    1. Right click on the "My Computer" icon on the Windows desktop and click "Properties"
    2. Click on the "System Restore"
    3. Check "Turn off System Restore on all Drives"
    4. Click OK, Close and restart the system

    Note: It is recommended to return to the standard behaviour of the system after removal of the infected files - by unchecking the "Disable system restore"
     
  3. xenon1

    xenon1 Registered Member

    Joined:
    Aug 29, 2004
    Posts:
    2
    thank you for that will give it a try

    also why is amon so bloody slow in checking all the files I have xp and it is taking forever to run through them
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    What version of NOD?
     
  5. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia


    Yeah, in times, when I was still using bunch of default services, blah, including System Restore (btw., now I deleted this folder on all partitions, and it looks much better, and minimalistic), it happened to me the same. My AV software alerted me about some file being infected, during "the whole volume" scan, and it was appearantly previously deleted malicious file. Later, I simply unchecked System Resore folders during scans (I now I do not use Restore, and I do not scan with AV often anymore)


    - It is that I collect some of worms/trojans, that come with e-mail attachments, and I store them in an encrypted (licensed) Cryptaner PE's volume, and appearanly once I didn't move them all, nor rewrite them (with sdelete.exe, commandline utility from Sysinternals, I use for advanced file deletetion), so those worms/trojans that was left (and not moved), and were appearanly deleted the common way - through recycle bin, and were stored by Restore Service

    But strange, just as a renamed files, similar to recycled Dd1.tmp, Dd2.tmp, etc. (no advanced protection/encryption, i.e. changing/modifying file content, or whatever), even icons were the same, so I actually recognized few files, I deleted recently.


    Though, I suppose, if you uncheck System Restore, reboot, and boot again, files will be erased anyway, no further cleaning needed (cause next time being enabled, service will need space for new files and data).



    P.S., It is kind of strange, System Restore backup also casual .exe files (ok, I understand it sure needs to backup installers, install-logs, etc., but some common .exe ??

    Why should, cause even if you restore to some point in time back, software that was uninstalled, files deleted, registry keys/entries deleted, etc. will not suddenly by installed again, and ready to go/execute after restore (exept maybe for patches, DirectX, etc.). At least it wasn't in my case. Yeah, and how much space would that take. For each little software, system-modification.


    And yeah, as I remeber you have option to limit space, but which files are stored and which not then, who/what decides about that. And maybe some installation could be destroyed, if stored "partially"




    Cheers
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Xenon1

    See the following thread for more information:

    https://www.wilderssecurity.com/showthread.php?t=46701

    Post number 15 onwards...

    Are you aware that Nod32 has a new version available for FREE to current license holders? The above link will point you in the right direction...

    Hope this helps...

    Let us know how you go...

    Cheers :D
     
Thread Status:
Not open for further replies.