Trojan found after waking up from sleep mode.

I’ve been getting a Trojan alert message everytime my computer wakes up from the sleep mode.

I get this message →
11/30/2005 3-05-44 PM SYSTEM 144 Sign of “Win32:Trojano-2933 [Trj]” has been found in “C:\System Volume Information_restore{17FB39C1-6992-407E-B1D9-3E02544CC951}\RP156\A0045541.exe” file.

I’ve been moving the file to the virus chest everytime this occurs. I don’t know whether this is a false positive. The last time I deleted a trojan by this name I ended up ruining my iTunes and Quicktime installation. ???

Any suggestions would be appreciated. :slight_smile:

internetstatic
XPhome, Avast .691

You can delete your system restore points by turning off system restore &reboot.Avast cannot delete virus from system restore.Do a scan to be sure computer is clean.Be sure to turn system restore back on and create a restore point. Hope this helps.

The Trojan in iTunes was a false positive. If you have it in the chest, restore it to restore function to iTunes.

http://forum.avast.com/index.php?topic=17615.0;topicseen

The updated definitions of avast! should not be detecting this. Have you got the latest definitions?

Files in system restore are not active, but you will need to disable system restore and reboot in order to delete the files:

http://forum.avast.com/index.php?topic=17499.0

More on this procedure can be found by using the search function of the forum.

Ok. Disabled sys restore and did a thorough scan, nothing detected. :slight_smile:

Let’s see whether the critter shows up again.

Btw… Isn’t AVG able to scan files in system restore and able to delete viruses from there?

Thank you all. ;D

I don’t doubt that it can scan system restore points, just like avast. However, the whole idea of windows protected storage is that outside of system restore and when windows is running you can’t delete entries, that is or should be the same for all programs. It would be theoretically possible to delete and entry prior to windows starting but that may well cause other issues.

The safest option by far is to disable system restor, reboot and let windows remove the restore points. Not to mention even if AVG could do this you would have to have it installed and we all know two resident scanners is a bad idea.

System Restore runs under System account (not even the Administrator or Admin rights one). I think AVG can’t manage (delete) files from there…