Trojan Attack

Hi
Im currently using AVG and TDS on an administrator account when the trojan virus was detected.
however according to the alert the trojan is located at
C:\System Volume Information
which i cant access nor AVG and TDS.
when i scan the folder with TDS it was writen there as 0 files scaned. i guess the anti virus and TDS do not have access to that folder.
So how do i go about removing the trojan from my com?
Here is an image of report window of the trojan.
Thanks in advance, any advise and help are truly appreciated.

 

Looks like the problem is with your system restore. I believe if you disable system restore it will get rid of all of the archived data, including this file. I would then rescan your PC with a good AV and TDS, and then if you want, turn system restore back on.

 

Ted123: Here is instructions on how to disable System Restore.

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

 

Yeah thanks for the help, i guess that would solve the prob.
However im thinking that eventhough i disabled my system restore, the trojan will still exist in my System Volume Information issint it?
because i didnt take any action to remove it from.
or will the trojan be removed when i disabled my system restore?
Thank You very much for the help.

 

Hi ted123

If u follow the instructions D&C gave u, that should take care of the infection.

After disabling and rebooting just do another scan to be sure it is gone.

Oh, and don't forget to create a new restore point once u reanable it.



snowbound

 

Hi there,
If a trojan is in the restore point, it must have been somewhere else on your system too. Is it not detected in other places (anymore) on your system?
If you try to scan with TDS, first open that AVG of yours and uncheck all option there so it is really closed completely and TDS has access to all files on your system. Is with TDS the individual file alarmed on like _a123456.exe of a few KB or only the whole restore point? In case of the small thing from the console with a rightclick you can send it away to the TDS lab.
With the system restore disable - reboot - enable and new restore point it should be gone from that part.

 

Yeah i guess the problem is solved, thanks to you guys.
hmm another think, just out of curiousity, is the folder System Volume Information really inaccessible or is there any way we can access the folder?
to Jooske: i scanned through my hard drives and couldnt find any sign of that paticular trojan. sori..

 

If all the other scanners were closed could TDS detect the infection in the system restore files? If so, it must have accessed it. So must have done the other scanners.

 

Hi, ted123

Correct it is inaccessible under normal condition's, you would if you knew which sectors it was using with a disk editing tool.

If you would like to see the folder uncheck all three Hide hidden folders. [but it will alway's appear empty] [if you do look do not forget to set back to default]

It stores Information about your file system.

System Volume Information is only uesd on NTFS file system.

If your system was Fat16 or Fat32 you would not have it.

Hope this helps
TheQuest

 

Thank you Quest for the explaination, very much appreciated
To Jooske : Yes it was only TDS which was on my system, and it did not find the trojan, i guess the trojan was already removed few days back, however the trojan was in my system when i create a system restore check point that is why trojan was detected in my restore file.

 

Exactly, now only the question remains where was it on your system and how did you get rid of it if TDS didn't alarm on it before when it was still free on your system, unless it was in an email or some other file which you deleted and somehow the restore kept that info. Could be, and then you never got infected with a live trojan at all.