Trojan Attack

Discussion in 'Trojan Defence Suite' started by ted123, May 25, 2004.

Thread Status:
Not open for further replies.
  1. ted123

    ted123 Registered Member

    Joined:
    May 25, 2004
    Posts:
    4
    Hi
    Im currently using AVG and TDS on an administrator account when the trojan virus was detected.
    however according to the alert the trojan is located at
    C:\System Volume Information
    which i cant access nor AVG and TDS.
    when i scan the folder with TDS it was writen there as 0 files scaned. i guess the anti virus and TDS do not have access to that folder.
    So how do i go about removing the trojan from my com? o_O
    Here is an image of report window of the trojan.
    Thanks in advance, any advise and help are truly appreciated.
     

    Attached Files:

  2. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Looks like the problem is with your system restore. I believe if you disable system restore it will get rid of all of the archived data, including this file. I would then rescan your PC with a good AV and TDS, and then if you want, turn system restore back on.
     
  3. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
  4. ted123

    ted123 Registered Member

    Joined:
    May 25, 2004
    Posts:
    4
    Yeah thanks for the help, i guess that would solve the prob.
    However im thinking that eventhough i disabled my system restore, the trojan will still exist in my System Volume Information issint it?
    because i didnt take any action to remove it from.
    or will the trojan be removed when i disabled my system restore?
    Thank You very much for the help.
     
  5. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi ted123 :)

    If u follow the instructions D&C gave u, that should take care of the infection.

    After disabling and rebooting just do another scan to be sure it is gone.

    Oh, and don't forget to create a new restore point once u reanable it.



    snowbound
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there,
    If a trojan is in the restore point, it must have been somewhere else on your system too. Is it not detected in other places (anymore) on your system?
    If you try to scan with TDS, first open that AVG of yours and uncheck all option there so it is really closed completely and TDS has access to all files on your system. Is with TDS the individual file alarmed on like _a123456.exe of a few KB or only the whole restore point? In case of the small thing from the console with a rightclick you can send it away to the TDS lab.
    With the system restore disable - reboot - enable and new restore point it should be gone from that part.
     
  7. ted123

    ted123 Registered Member

    Joined:
    May 25, 2004
    Posts:
    4
    Yeah i guess the problem is solved, thanks to you guys. :D
    hmm another think, just out of curiousity, is the folder System Volume Information really inaccessible or is there any way we can access the folder?
    to Jooske: i scanned through my hard drives and couldnt find any sign of that paticular trojan. sori..
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    If all the other scanners were closed could TDS detect the infection in the system restore files? If so, it must have accessed it. So must have done the other scanners.
     
  9. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, ted123

    Correct it is inaccessible under normal condition's, you would if you knew which sectors it was using with a disk editing tool.

    If you would like to see the folder uncheck all three Hide hidden folders. [but it will alway's appear empty] [if you do look do not forget to set back to default]

    It stores Information about your file system.

    System Volume Information is only uesd on NTFS file system.

    If your system was Fat16 or Fat32 you would not have it.

    Hope this helps
    TheQuest :cool:
     
    Last edited: May 26, 2004
  10. ted123

    ted123 Registered Member

    Joined:
    May 25, 2004
    Posts:
    4
    Thank you Quest for the explaination, very much appreciated :)
    To Jooske : Yes it was only TDS which was on my system, and it did not find the trojan, i guess the trojan was already removed few days back, however the trojan was in my system when i create a system restore check point that is why trojan was detected in my restore file.
     
  11. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Exactly, now only the question remains where was it on your system and how did you get rid of it if TDS didn't alarm on it before when it was still free on your system, unless it was in an email or some other file which you deleted and somehow the restore kept that info. Could be, and then you never got infected with a live trojan at all.
     
Thread Status:
Not open for further replies.