Nod32 Warned About A Virus In System Restore svchost.exe

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by highbids, Feb 28, 2010.

  1. highbids

    highbids Private E-2

    I got a virus warning from nod32 today about a virus in my system restore.
    the waring mentioned something about the svchost.exe & also something
    in my system restore.

    Here's where it said it was at on my pc.

    c:\system volume information\_restore{DCA1B863-112...\A0000268.rbf

    c:\windows\system32\svchost.exe

    Then it mentioned that it could be this win32/statik

    I've sense removed my restore points & cleaned up the old ones.

    I have recently installed a fresh copy of windows xp pro with sp 3
    on it.

    I've gotten this warning numerious times about this type of file in
    system restore \A0000268.rbf with the ext .rbf

    Is this a false positive with nod32, here's my hijackthis log.


    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
     
    Last edited by a moderator: Feb 28, 2010
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You have reinstalled your OS and are still getting a report of a system restore point infected? Did you do a complete wipe and format before re-installing windows or did you do a repair install? You can only remove restore points by toggling system restore ( uncheck the box, reboot and recheck the box).

    If you wish us to look at your system, you need to follow these instructions:
    READ & RUN ME FIRST. Malware Removal Guide
     
  3. highbids

    highbids Private E-2

    I did a complete wipe of the HD, it's a new virus that got into my system restore.

    They keep getting into it & I then turn off system restore & delete the old
    system restore's & do cleaning run a virus scan & turn it back on.

    I believe it's gone now I did a scan with malwarebytes & nod32 & nothing showed
    up but it did mention this file win32/statik
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Then I again suggest that you follow the instructions in the Read and Run First link and attach the requested logs when you are done.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds