Spyware retained in restore points?

Double checking my NAV, I ran Kapersky and BitDefender online scans. Both showed various Trojans and other known spyware such as BarginsBuddy, but in all cases, the path pointed to either ...Spybot\Recovery... or C:\System Volume Information\_restore.

This would seem to imply that the spyware and virus scanners were working, but when they created the restore point, it inlcuded stuff that maybe they hadn't identified, or even stuff they had? I cannot follow the path indicated and cannot find the file to delete. Typical examples follows:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip/msexreg.exe Suspicious: Password-protected-EXE

or

C:\System Volume Information\_restore{FC410490-7AE3-4CCB-9F1C-204F35B7DF3D}\RP186\A0094740.exe/WISE0021.BIN Infected: Backdoor.Win32.Ruledor.c

Any ideas?

 

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

Thanks very much, I am clean now. Ran all 5 recommended virus acanners plus McAfee online, which found dcombob.exe that all others missed. Four found different trojans in all. All but four were alreay in quarantine folders, just didn't know that was an additional task to manually purge identifed files. Ran all malware scanners plus asquared and found nothing.

Am concerned that Norton AV is not very good with trojans, this is the 2nd time this year I've had them and some are identified as being identified several years ago. Thinking of switching to PC_Cillin. Also thinking of buying copy of SpySweeper, trial version is impressive. Your thoughts?

Also found out that unhiding files and folders is critical. While searching manually for trojans, found thousands of files in temp folders and caches that did not show up whle still hidden, and were not apparantly deleted by cleaner programs while hidden. Manual housekeeping in safe mode I think is now a monthly task.

Thanks again for your help.

 

Norton misses all sorts of stuff, so does McAfee. SpySweeper is a very good program and worth the investment.

This thread may be worth your time to read How to Protect yourself from malware!.

Personally I use AVAST! Home Edition Free for my AV program and Sygate Personal Firewall Free for my Firewall.

Post a HijackThis log, so that I can take a look and make sure there isn't something else that we need to deal with.