Another Win32 Trojan-gen help needed

Viruses and worms
1

This seems to be located in c:\systemvolumeinformation Binary.toolbarinstaller.exe
I’ve tried to move to chest but an “error occured moving file to chest” and I cannot delete for the same reason. I know this isn’t enough information but if someone could direct me to read the entire line I would appreciate it & then can post more info. Why can I not move these two files to chest? Thanks for any assistance!

2

Turn off your system restore,reboot,turn it back on again,set a fresh restore point

http://support.microsoft.com/kb/310405

http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

3

Hi micky77,

You have beaten me to it, I would like to give the same advice.
System Volume Information is your system restore points folder.
To get rid of it, Flush your system restore points:
To do this, you have to disable system restore and enable it afterwards again.
(note: this will delete all your system restore points and malware (adware in this case) that were present in it).

How to disable system restore see previous posting=====
After you disabled System Restore… Reboot… and after rebooting, enable it again, so a new system restore point will be made. A clean one now!

polonus

4

Personally I wouldn’t disable system restore to resolve a detection in one restore point as that removes ALL restore points infected or otherwise.

If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.

You say two files I only see one ?

5

THANK YOU!!!

DavidR, I had already been working on the solution that micky77 and polonus had suggested and didn’t see your reply till now. Both files, yes I had two were located in the same section. I just completed what micky77 and polonus had posted and I’m clean!!! More wonderful, helpful information to record in my computer notes, I thank you all for your help!!!

6

No problem, glad I could help.

Welcome to the forums.

7

I have just found exactly the same two trojan.gen(other) viruses seemingly in the same restore file c:\system volumeinformation_restore{then the numbers}\RP78A0010689.msi\Binary.Toolbarinstaller.exeand as above these could not be moved to the virus chest with the Avast error "Error occurred during moving fule to chest. What is the reason that Avast cannot move a file to the virus chest? The only “toolbar” I have downloaded in the last two days is McAfee Siteadvisor - I wonder if Jaykers has downloaded the same? Not sure where else this could have come from?

8

I don’t quite understand how, by doing a boot-time scan, it would clear the two viruses from the system? If Avast could not put the viruses into its virus chest during the first scan when the viruses were found. How would it help by doing this with a boot-scan?

9

Because of your comment:

I've tried to move to chest but an "error occured moving file to chest" and I cannot delete for the same reason.

This is commonly protection by system restore or the OS, this protection won’t be present if windows isn’t running, e.g. when the boot-time scan runs before windows us fully up and running.

10

Gentleman Help!

After running a scan. Avast! detected the following files with an “Infection win32: Trojan-gen (other)” Result.
C:\system volume information.…\binary toolbarinstaller.exe
C:\program files\google.…binary\toolbar installerinstaller.exe
C:\Windows\installer.…\binary.toolbarinstaller.exe

I could not delete, move or repair them. I got the following error msg:
“error occurred during deleting/move/renaming: this operation not supported for this type of archive”.

I’m running XP. Should I follow the same suggestion given by micky7 and DavidR? I’m a novice at this so your help would really be appreciated.

Thank you

11

I would suggest you start with the lessor of the two, e.g. a boot-time scan so that good restore points aren’t lost. The other option is a fall-back if the boot-time scan can’t take care of it.

The ones outside the system volume information folder may still experience the same problem as what your path doesn’t show is the .…\ bit which is likely to show it is in an archive that avast can’t extract from. I believe I have seen this in another topic and you may have to manually remove then.

12

DavidR,

Option one worked great. Thank you so much for your expert help. I really really appreciated it.
Happy to be part of the forum.

13

No problem, glad I could help.

Welcome to the forums.