W32 trojan-gen

Hi, I need help
Avast found this worm
W32 trojan-gen
located at
C:\System Volume Information_restore{F155A8FB-3B1D-461A-886F-37D6C29CEC5F}\RP89\A0016483.sys
I try to repair it but Avast couldn’t
So I cancel the file but Avast refind it the day after.
I HijackThis my PC and below the report file… Sorry but the message exceeds the maximum allowed length so i couldn’t post it
My OS is WXP Home Edition

Thanks for the help you can do

Antonio

It will keep finding it because it is in windows protected restore folder. Easy solution disable and then re-enable system restore and that should clear it… Ooops welcome to the forum

Thanks for your suggestion
I try it
Antonio

You need to reboot after disabling system restore for it to take effect, then scan and confirm your system is clear, enable system restore and reboot again.

Welcome to the forums.

Thanks for your suggenstions
I feel myself surer: -)
Antonio

Well,
I disable system restore, reboot the system, scan all the files and avast didn’t find anything, re-enable system restore and reboot again.
All seems ok for one or two day. Today avast show again the message: “C:\System Volume Information_restore{F155A8FB-3B1D-461A-886F-37D6C29CEC5F}\RP2\A0000101.sys
Win32:Trojan-gen. {Other}
0606-4, 10/02/2006”

I have to do something else?
Thanks
Antonio

Quite possibly you do have something else, but you have to understand how things get into the system volume restore folder, windows system restore saves copies of files deleted from the system folders.

So a virus can’t just jump in there, if you have any other security software or program that has deleted a file in the system folder then on the next scan avast has found it. What were you doing when it was detected or shortly before it was detected ?

Another tool that specialises in trojan detection may help Ewido Security Suite.

Reading other post I find Ewido
I just download this software, scan my PC and the tool found 159 object.

What was I doing when it was detected or shortly before it was detected?
Usually I use several application (Firefox, Thunderbird, E-mule, Skype, Openoffice) so It’s hard to investigate.

Antonio

Hopefully now you are starting to use multi level protection with specialised tools for specialised tasks you will be better protected.

By asking what were you doing I was hoping the your answer would include running a security program that might have deleted a file from a system folder, initiating system restore to save it to system volume information _restore folder. None of the above are likely to have done that.

If you haven’t already got this software (freeware), download, install, update and run it.

  1. Ad-Aware
  2. Spybot Search and Destroy
  3. Spywareblaster Don’t install this until you are clean.

I fotgot to mention:

  • Avast
  • Ad-Aware
  • Spybot Search and Destroy
    I have always used
    and yestarday Ewido

Antonio

Hi ariberti,

You have a rootkit on your system. This tool should detect and remove it:

http://www.f-secure.com/v-descs/fu.shtml

Hi ariberti,

Fu rootkit can also be cured with Aimfix, download here:
http://www.jayloden.com/AIMFix.exe

greets,

polonus

Thanks for help me!
I downloaded Aimfix and F-secure Blacklight, but both programs didn’t find anything.
Now, with Ewido guard active on my PC Avast doesn’t find viruses.
Ewido find every day something bad to cancel and send to quarantine.

Antonio

i have the win32:trojan-gen virus. avast suggests that i move it to a chest but when i try that action it says the system cannot find the file specified. i’m not sure what to do with it. it pops right back up no matter what i do.


Welcome to the forums, ashrz23. :slight_smile:

Please read and follow the advice in the 3 or 4 posts above. Hopefully, this will solve your problem. If not, please post again.