Today I installed WinXP Pro in the E:\ drive of my m/c.

There are around 300 files in the directory E:\System Volume
Information\_restore{377478FB-B96E-4FC4-B346-523378858981}\RP1 whose
names are in this form - A000*.* where the first * is any number or
letter (any number of times) & the second * is a letter (3 times which
is the file extension). Some e.g. are A0000088.ocx, A0000090.ocx,
A0000049.exe, A0000153.exe, A0001271.exe, A0001290.exe, A0000016.dll,
A0000103.dll, A0001211.dll, A0001226.dll, A0000191.cfg, A0001261.cfg,
A0000216.cpl, A0001209.pbk, A0001205.nfo, A0000027.PNF, A0000047.PNF,
A0001277.cat, A0001267.inf etc.

After updating my anti-virus AVG7.5, when I scanned my m/c., AVG
listed only 1 one these files as a trojan & didn't say anything about
the rest.

By the name of all these files, it appears that these are some
malicious files. Can someone please tell me whether it will be safe
for me to delete all such files?

AVG Free AV Support Forum
http://forum.grisoft.cz/freeforum/
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin; DTS-L.org

(E-Mail Removed) wrote:
> Today I installed WinXP Pro in the E:\ drive of my m/c.
>
> There are around 300 files in the directory E:\System Volume
> Information\_restore{377478FB-B96E-4FC4-B346-523378858981}\RP1 whose
> names are in this form - A000*.* where the first * is any number or
> letter (any number of times) & the second * is a letter (3 times which
> is the file extension). Some e.g. are A0000088.ocx, A0000090.ocx,
> A0000049.exe, A0000153.exe, A0001271.exe, A0001290.exe, A0000016.dll,
> A0000103.dll, A0001211.dll, A0001226.dll, A0000191.cfg, A0001261.cfg,
> A0000216.cpl, A0001209.pbk, A0001205.nfo, A0000027.PNF, A0000047.PNF,
> A0001277.cat, A0001267.inf etc.
>
> After updating my anti-virus AVG7.5, when I scanned my m/c., AVG
> listed only 1 one these files as a trojan & didn't say anything about
> the rest.
>
> By the name of all these files, it appears that these are some
> malicious files. Can someone please tell me whether it will be safe
> for me to delete all such files?

cpl=control panel pbk=phone book, etc

by those extensions, they may have
been genuine files that were
renamed.

maybe they were corrupted by the trojan
and the anti virus removed those
corrupted system files, but were not
replaced until you reinstall windows

or maybe a program that customizes the
windows themes renamed
the original files in case you
wanted to return to the defaulted
states.

but whose knows what all you done.

if your system is ok, move them to
recycle bin for a few days.

- db

<(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
Today I installed WinXP Pro in the E:\ drive of my m/c.

There are around 300 files in the directory E:\System Volume
Information\_restore{377478FB-B96E-4FC4-B346-523378858981}\RP1 whose
names are in this form - A000*.* where the first * is any number or
letter (any number of times) & the second * is a letter (3 times which
is the file extension). Some e.g. are A0000088.ocx, A0000090.ocx,
A0000049.exe, A0000153.exe, A0001271.exe, A0001290.exe, A0000016.dll,
A0000103.dll, A0001211.dll, A0001226.dll, A0000191.cfg, A0001261.cfg,
A0000216.cpl, A0001209.pbk, A0001205.nfo, A0000027.PNF, A0000047.PNF,
A0001277.cat, A0001267.inf etc.

After updating my anti-virus AVG7.5, when I scanned my m/c., AVG
listed only 1 one these files as a trojan & didn't say anything about
the rest.

By the name of all these files, it appears that these are some
malicious files. Can someone please tell me whether it will be safe
for me to delete all such files?

"(E-Mail Removed)" wrote:

> Today I installed WinXP Pro in the E:\ drive of my m/c.
>
> There are around 300 files in the directory E:\System Volume
> Information\_restore{377478FB-B96E-4FC4-B346-523378858981}\RP1 whose
> names are in this form - A000*.* where the first * is any number or
> letter (any number of times) & the second * is a letter (3 times which
> is the file extension). Some e.g. are A0000088.ocx, A0000090.ocx,
> A0000049.exe, A0000153.exe, A0001271.exe, A0001290.exe, A0000016.dll,
> A0000103.dll, A0001211.dll, A0001226.dll, A0000191.cfg, A0001261.cfg,
> A0000216.cpl, A0001209.pbk, A0001205.nfo, A0000027.PNF, A0000047.PNF,
> A0001277.cat, A0001267.inf etc.
>
> After updating my anti-virus AVG7.5, when I scanned my m/c., AVG
> listed only 1 one these files as a trojan & didn't say anything about
> the rest.
>
> By the name of all these files, it appears that these are some
> malicious files. Can someone please tell me whether it will be safe
> for me to delete all such files?

http://www.spywareremove.com/removeZlobTrojan.html
Here a scenario similar to your:
http://forums.spywareinfo.com/index.php?showtopic=76847
http://forums.spybot.info/showthread.php?p=41631

Run a scan from here on-line:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine:
http://www.bitdefender.co.uk/site/Do...eeRemovalTool/

Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Run disk Clean Up and Defrag in safe mode, then Open run command and type in:
sfc /scannow click [OK]
Note the space between sfc_/
HTH.
Let us know.
Regards,
nass