I need help removing this trojan it’s infected 3 Files, and one i’ve deleted since it’s a software but the other two files that got infected:
c:\System Volume Information_restore{D53IF9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP227\A006727.EXE
and one file, in one of the folder, when running boot-scan, showed the zip archive has been corrupted, and said error 43something…the trojan got into the system via, a zip, file that contained an mp3 file…so, i think the corrupted file has got something to do with the virus, but when i try to locate it, in windows and delete, the file doesnt seem to be in the specified location, is the trojan still running free?
can i delete these two files without having in affect the entire system? since avast cant repair them, and if i delete this, what can i do to replace these two files, since it’s a sysem voluem, i figure, it has to be important…i’ve moved these files to the chest and when i run the boot-scan, it doesnt detect it…so, what does that mean?
i’m running win xp sp2…help!!!
The c:\System Volume Information folder is a part of the system restore function and as such is protected by windows, the only way to clean infected _restore points is do disable system restore and reboot. This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.
i tried this, and i ran boot scan, it didnt detect any viruses, but when i logged in and checked the virus chest the files are still there and very much infected, do i restore the infected files to its original location(out of the virus chest) and then only disable system restore, and run boot scan again?
but when i logged in and checked the virus chest the files are still there and very much infected,
Sorry I don't understand what it is you are trying to do, infected files in the avast chest will stay there until they are deleted from it manually. avast! doesn't check the chest, why would it, that is where infected files (excluding the back-up System Files section) are quarantined, so yes they will still be there.
There is no rush to delete anything from the chest, they can’t do any harm there. Anything that you send to the chest you should leave there for a week or two. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
However, infected files in the c:\System Volume Information folder can if you use the system restore function be reactivated if you chose a system restore date/time that included these infections. That is why disabling system restore is required to clear these, after a reboot they should be gone and your scan confirms that. Now you can enable system restore again.
I deleted the file in the virus chest, u said to wait at least a week plus rite? and yes, the files have been there for awhile, and so far my system hasnt suffered from an adverse affect, but after i deleted the files, i cant seem to run chkdsk, during start up, it says it cannot open volume for direct access…so now what do i do?? :-[ ???
i’m with XP sp2…i nvr missed the critical download update ???..but the deletion of the system volum has affected my chkdsk, i cant run it!! tried doing it from cmnd form…the chkdsk C: \x…and the f …but nothing seemed to happen…
That shouldn’t have any effect on chkdsk system files aren’t stored or run from the System Volume Information folder. You just appear to be having problems with syntax.
Try Windows Start, Run, type ‘chkdsk /f’ without the quotes, there should be no need to indicate a path.