Infection

Discussion in 'ESET Smart Security' started by xMarkx, Feb 9, 2009.

Thread Status:
Not open for further replies.
  1. xMarkx

    xMarkx Registered Member

    Joined:
    Dec 1, 2008
    Posts:
    447
    Hello,

    I have: Windows XP Home Edition SP3, 32-bit computer will all the latest Windows Updates on a Dell Dimension 8400 with ESS v3.

    Yesterday, during a scan, it picked up the following:

    Object Name: C:\I386\GTDownDE_87.ocx
    Reason: Probably a variant of Win32/Adware.Agent application

    Today, when I left the computer idle for an hour or two and came back NOD32 found the following:

    Object Name: C:\System Volume Information\_restore{random letters and numbers here going on for a while}\RP927\A0106100.ocx

    Reason: Probably a variant of Win32/Adware.Agent application

    Other Information:

    • Real-time file system protection
    • C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP927\A0106100.ocx
    • Probably a variant of Win32/Adware.Agent application
    • Cleaned by deleting - quarantined
    • NT AUTHORITY\SYSTEM
    Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe. <--- What does this mean?

    I haven't a single virus in over a year! I have never had a virus 2 days in a row before... what's going on? I haven't visited any bad websites or downloaded anything bad.

    What are these things and how am I getting them? Help! Thanks.
     
    Last edited: Feb 9, 2009
  2. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    The first one is the virus which ESS removed.

    The second is the copy of it Windows made in System Restore when ESS removed it. You are NOT infected by the second one. It's just lying dormant inthe System Restore folders. As long as you don't restore your PC back to a time when you had th virus you are still clean.
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,854
    If I remember right they are both something to do with Dell support programs. I would follow the usual steps for getting a False Positive fixed.
     
  4. xMarkx

    xMarkx Registered Member

    Joined:
    Dec 1, 2008
    Posts:
    447
    Hello,

    Thank you Paul and Funky for your replies.

    What does this mean though:
    Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.

    (This was for the C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP927\A0106100.ocx one)

    Regards,
    Mark.
     
Thread Status:
Not open for further replies.