Confirmed Files

Discussion in 'Trojan Defence Suite' started by bgoodz, Aug 23, 2004.

Thread Status:
Not open for further replies.
  1. bgoodz

    bgoodz Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    3
    Location:
    Watsonville, CA
    Hello...1st time posting.
    I am a registered user of TDS3, Worm Guard & Port Explorer. TDS3 is great but a bit too powerful for my knowledge. I recently downloaded a trial version for my Sister-In-Law who will register later on. I'm helping her correct a infected system her boys left her with now they are off to college. After running the first full sys scan TDS found numerous Trojans and Adwares which I deleted. I updated the Def Files today and ran another scan, deleted found confirmed files and then ran a second scan and the same exact files came up again. Here is what TDS found twice at the same locations. How do I deleted them for good?

    Thank you so much for any info you may provide.
    Bill
    PS: After getting the system pretty much cleaned up, reloaded and running fairly well we have the PC pass word protected and she says the boys are not touching it when they come back home on visits.

    Scan Control Dumped @ 16:41:14 23-08-04

    Positive identification (DLL): Adware.SmartPops (dll)
    File: c:\system volume information\_restore{38fcdb49-c8a4-4b24-9afa-7c8201bf86b5}\rp7\a0001868.dll

    Positive identification: Adware.WinFetcher.c
    File: c:\system volume information\_restore{38fcdb49-c8a4-4b24-9afa-7c8201bf86b5}\rp7\a0001869.exe

    Positive identification: Adware.WinFetcher.c
    File: c:\system volume information\_restore{38fcdb49-c8a4-4b24-9afa-7c8201bf86b5}\rp7\a0001870.exe

    Positive identification: Trojan.Win32.Septic.a Dropper
    File: c:\system volume information\_restore{38fcdb49-c8a4-4b24-9afa-7c8201bf86b5}\rp7\a0001871.exe

    Positive identification: Adware.DelfinMediaViewer.a Dropper
    File: c:\system volume information\_restore{38fcdb49-c8a4-4b24-9afa-7c8201bf86b5}\rp7\a0001872.exe
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi bgoodz & welcome, These files appear to be in the System Restore folder.
    Please do the following.
    Open Start - Control panel - System and select the System restore Tab. Tick the "Turn off system restore on all drives" then close all tabs and reboot. This will clear all of the restore points.
    Switch system restore back on and create a new restore point using Start - Help & control cenre - "Undo changes made to your computer using system restore" - Select create a new restore point.

    Enable all options in TDS3's Scan control then rescan with TDS3.

    HTH Pilli.
     
  3. bgoodz

    bgoodz Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    3
    Location:
    Watsonville, CA
    Thank you Pilli,
    "create a new restore point using Start - Help & control cenre - "Undo changes made to your computer using system restore" - Select create a new restore point."

    I take it that this part is in the "System Restore section also"?

    And I'm more concerned about the reported Trojan than the Adware Files

    Bill
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    All are adware related. I have emailed you details and a link with extended information on disabling System Restore. Once rebooted and you re-enable System Restore, all will be well :)
     
  5. bgoodz

    bgoodz Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    3
    Location:
    Watsonville, CA
    Thanks Gavin, your guys are great. I received the email with instructions, I will use tomorrow on her machine. I will also see that she at some point prior to 30 days registers the product.

    ps: I have recently acquired some nice Gem Chrysoprase rough and Opilite from Austraila.

    Gday Mate
     
Thread Status:
Not open for further replies.