trojan downloader help removing please

Discussion in 'Malware Help (A Specialist Will Reply)' started by lynette00, May 12, 2007.

  1. lynette00

    lynette00 Private E-2

    Hi, well i have spent a few days cleaning up my friends pc, i have one trojan left its in the E:\system vol information\restore and says is infected with trojan downloader agent RS. I have run bitdefender, DR WEB, spybot, adware, ccleaner, superantispyware, she has had this on here for awhile,
    i am abit confused as she did a fresh install of windows, wondering if it only reformatted the C:\ drive an not the other 2 drives she has recently had installed E:\ and D:\ ??? after running bitdefender i thougt it may have been deleted, i set a new restore point and deleted all old restore points and run diskcleanup. not sure what to do now, If i need to post a highjackthis log form, do i start a complete new thread or can i post it under my txt??

    Nod32 is picking the trojan up.

    thanks
     
    lynette00, May 12, 2007
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    HI

    Seems this malware is stuck in the E drive System Restore point and not on C, which the re-install of the OS will have cleared, when you delete all restore points is E drive not listed?

    The malware stuck is system restore is dormant and not a threat unless you restore that restore point, especially if the rest of the system is OK.

    What she may need to do is to Unhide all files:

    then goto the E drive and locate the System Vol Info folder, but she will likely have no acess to it as its a system locked file, so you will have to take ownership of it by follwing the below:

    http://support.microsoft.com/kb/308421

    once you have ownership of the folder it will open and then just delete its contents.

    Reboot and rescan.


    If all ok then set the files and folders back to hidden ( just a tidy thing ) to do this repeat the unhide but reverse the instructions.
     
    DavidGP, May 12, 2007
    #2
  3. lynette00

    lynette00 Private E-2

    Hi,
    Yes the E:\ drive is listed and i cleared the restore points, I followed your instructions, but the system vol folder was empty on the E:\ drive, hopefully i have done it correctly, its still coming up on nod32, You said its not to much to worry about, so it take it thats its not to serious, Can i just leave it there??

    thanks for your help also, much apperciated:)
     
    lynette00, May 12, 2007
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds