Kolotoc virus

Having read some of the posts, I can see a pattern emerge...
My AVG free edition keeps warning me via the resident shield of a virus:

Joke program Kolotoc (modified) is found in file C:\System Volume
Information\_restore{64C6DA1B-8B16-4BE4-905A-D91CE7193AB8}\RP122\A0006558.ex
e

and tells me to run AVG (which does not find it). The Grisoft virus database
does not recognise the virus. Grisoft replied to my email by saying I had to
buy AVG7.0 (Why would I buy from a company like this?)

I cannot access the .exe because "Access is Denied" (although I have
administrator access). I am not sure if I should delete the .exe anyway?

I have 6 svchost.exe processes; is this normal?

The only weird (very annoying) thing I am getting is multiple prints when I
only want one.

I have found a couple of references to Kolotoc (modified) on Google, but
they are not much help in removing it. The online mcaffe scan found nothing,
and their database had not heard of Kolotoc (same with Sophos).

I can search & find a similar {###} hex number in regedit - should I delete
this?

to coin a phrase, HELP!

"Neil Kernot" <neilkernot@tesco.net> wrote in message news:XFI5c.22$ZI5.11@newsfe1-win...
> Having read some of the posts, I can see a pattern emerge...
> My AVG free edition keeps warning me via the resident shield of a virus:
>
> Joke program Kolotoc (modified) is found in file C:\System Volume
> Information\_restore{64C6DA1B-8B16-4BE4-905A-D91CE7193AB8}\RP122\A0006558.ex
> e

If it is only in your "_restore" folder, then you need only to
purge the restore points to flush it. Disable "restore", reboot,
re-enable "restore", and reboot again. The next scan shouldn't
find it.

Neil Kernot wrote:

> Having read some of the posts, I can see a pattern emerge...
> My AVG free edition keeps warning me via the resident shield of a virus:
>
> Joke program Kolotoc (modified) is found in file C:\System Volume
> Information\_restore{64C6DA1B-8B16-4BE4-905A-D91CE7193AB8}\RP122\A0006558.ex
> e

a joke program is trapped in your system restore folders...

> and tells me to run AVG (which does not find it).

by default no interactive user has access to the system restore folders...

> The Grisoft virus database
> does not recognise the virus.

it's not a virus, it's a joke program... also, nobody has a complete
online database - that's just too much work for too little money in
return...

> Grisoft replied to my email by saying I had to
> buy AVG7.0 (Why would I buy from a company like this?)

why should they provide support for free?

> I cannot access the .exe because "Access is Denied" (although I have
> administrator access). I am not sure if I should delete the .exe anyway?

purge your restore points and it will be gone...

> I have 6 svchost.exe processes; is this normal?

sure... it may not be ideal, but there's nothing particularly out of
the ordinary about that...

> The only weird (very annoying) thing I am getting is multiple prints when I
> only want one.

purely coincidental...

> I have found a couple of references to Kolotoc (modified) on Google, but
> they are not much help in removing it. The online mcaffe scan found nothing,
> and their database had not heard of Kolotoc (same with Sophos).

no program you run is going to be able to locate it on the disk when
they're trapped in a folder you don't have access to...

> I can search & find a similar {###} hex number in regedit - should I delete
> this?

that 'hex number' is a guid and really doesn't have anything to do with
the malware in question, rather it has to do with how windows keeps
track of things in the system restore...

> to coin a phrase, HELP!

turn system restore off, reboot... turn it back on if you wish and
reboot again...

--
"we're the first ones to starve, we're the first ones to die
the first ones in line for that pie in the sky
and we're always the last when the cream is shared out
for the worker is working when the fat cat's about"

Thanks for the tip - That did the trick! (easy when you know how...)
I also fixed the printer problem. My default printer was defaulting to 600
pages each time I sent one print. After deleting and restoring the printer
driver this is OK now.
Cheers,
Neil

"FromTheRafters" <!0000@nomad.fake> wrote in message
news:105esoalmh44290@corp.supernews.com...
>
> "Neil Kernot" <neilkernot@tesco.net> wrote in message
news:XFI5c.22$ZI5.11@newsfe1-win...
> > Having read some of the posts, I can see a pattern emerge...
> > My AVG free edition keeps warning me via the resident shield of a virus:
> >
> > Joke program Kolotoc (modified) is found in file C:\System Volume
> >
Information\_restore{64C6DA1B-8B16-4BE4-905A-D91CE7193AB8}\RP122\A0006558.ex
> > e
>
> If it is only in your "_restore" folder, then you need only to
> purge the restore points to flush it. Disable "restore", reboot,
> re-enable "restore", and reboot again. The next scan shouldn't
> find it.
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.624 / Virus Database: 401 - Release Date: 15/03/2004

Just to say thanks to the group for your help & advice.

I am not sure what I expect support wise from Grisoft when the software is
free (and works quite well to be honest). I think maybe they should put a
bit more effort into online documentation and point users at the right bits
of that. After all, they are trying to convince us that they make good AV
software with a view to making money out of us at some future time! If the
users have no trust in their solution then the whole idea falls down, from a
marketing standpoint.

Neil


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.624 / Virus Database: 401 - Release Date: 15/03/2004