We discovered that we had some problems when we found our Internet pages being redirected. I updated and ran Avast, Malwarebytes, Spybot - Search & Destroy, and Spyware Doctor. Each of these programs found various Trojans and a rootkit. I either “fixed” or moved to a chest (depending on the program) all malware; I did not delete anything. My computer seems to be running fine now - no redirecting of my Internet pages. I have rerun all of the above programs and all come up clean, except Avast.
During each Avast scan I keep moving Win32:Jifas-DD [Trj] in
C:\System Volume Information_restore{B37680B2-. . .} to the Virus Chest but it keeps coming back on the next scan.
Then Win32:DNSChanger-VJ [Trj] in C:\WINDOWS\MEMORY.DMP can’t be moved to the chest because there is not enough disk space, so I hit the continue button so the Avast scan will continue.
I want to get rid of these last two items but don’t know what to do next.
My computer uses Microsoft Windows XP - Home Edition Service Pack 3. This is my first post in any forum so I hope I have given enough information. I appreciate any help you can give.
Under window control panel go to system, properties advanced, under performance turn on DEP for all programs (normally set for only windows programs. This will help control the replication. Now move the file to the chest.
also with avast, you probably need to do a boot scan to make sure it is not a trojan. Under 4.8 it is in the pull down menu to schedule a boot scan.
Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
Worst case scenario it isn’t infected and you delete it, you can’t use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.
Memory Dump File - The memory.dmp file is created when your system crashes it contains what is in memory at the time of the crash, which could have contained malware. It could be as large as your memory so may not be allowed to send to the chest without changing the settings.
If you have the tools and experience you can examine this file to help discover why the crash happened, if you don’t have this experience and tools, it is worthless to you. The older the file is the less worth it is also.
If windows were to crash again then it would create a new memory.dmp file if one wasn’t present or replace any existing one. So there really is no downside to deleting this memory.dmp file.
DavidR, you are correct. My computer did crash when we went to shut down after figuring out that we had some kind of virus. The computer somehow fixed itself when we restarted it. I don’t have the tools or experience to examine this crash. I am just someone who, over the years, has become the designated person in my household that gets to deal with the computer problems.
From your post, I take it that I should delete both of these files and that it will be safe for my computer to do so. So, when I delete that memory file I’m not getting rid of everything in my computer?!
To show how little I know - how do I do this? Do I run the Avast scan again, and when the scan stops at these files, push the delete button?
Yes you can delete them, there is no real downside if you delete both of these files, though it isn’t something to do without investigation (see below) which you have.
The general rule is - Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.
You could manually delete the memory.dmp file by using Explorer navigate the path to it and delete it and empty the recycle bin afterwards. The infected restore point is different in that it is a windows protected area and most likely hidden, so it would be best to run the scan again and have avast delete it upon detection.
You said “You could manually delete the memory.dmp file by using Explorer…”. I will take that as, I could if I knew what I was doing. But, I think I will just run the scan and delete the memory file when the scan stops on that file. I will also delete the system restore file during the scan, also.
Thank you very much for your clear explanation of my problems and easy to understand solutions. I can’t wait for the day when computers are so advanced that we look back and laugh at the crazy things we did to keep them running.
I will have to do the scan/delete files tomorrow after work. I will let you know how it goes.