C:\System Volume Information\

[Guest]

hi,
my AV software keeps telling me that a TROJAN HORSE DOWNLOADER.COMET.B
is on my computer at:

C:\System Volume Information\_restore{CDFBCF02-855-48F5-9258-446E69233023}\RP261\A0105052.dll

i did a system search but the DIR is not on my drive C:\

is there anyone who can get me on the road....

ys

Ron Varo - Belgium

 

[Carey Frisch [MVP]]

The nasty little virus could be hiding in System Restore.
Turn off System Restore, reboot, and run a virus scan again.
System Restore Files are in the System Volume Information,
a hidden folder. One cannot selectively delete files within
that folder.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405&Product=winxp

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

---------------------------------------------------------------------------------------


| hi,
| my AV software keeps telling me that a TROJAN HORSE DOWNLOADER.COMET.B
| is on my computer at:
|
| C:\System Volume Information\_restore{CDFBCF02-855-48F5-9258-446E69233023}\RP261\A0105052.dll
|
| i did a system search but the DIR is not on my drive C:\
|
| is there anyone who can get me on the road....
|
| ys
|
| Ron Varo - Belgium

 

[Phil]

That is the best advice, but however, you can selectivly delete items in the
system restore files. You just need to add yourself as a user (in the folder
security tab) and allow access to the folder. Of course, simple file sharing
must be turned off/disabled to do this.

 

[Bruce Chambers]

Greetings --

The System Volume Information is the hidden, protected operating
system folder in which WinXP's System Restore feature stores
information used to recover from errors. It's really not a good idea
for you, or an antivirus application, to directly access the contents
of that folder, unless you expect to have no future use for the
restore points, in which case it would be simpler just to turn off the
System Restore feature.

To clear viruses from the "System Volume Information," simply turn
off the System Restore feature (Start > All Programs > Accessories >
System Tools > System Restore, System Restore Settings), reboot, then
re-enable System Restore, and reboot one last time. This will delete
all of your Restore Points, including the corrupted one(s), and allow
you start with a clean slate.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH

 

[Alex Nichol]

That is the best advice, but however, you can selectivly delete items in the
system restore files. You just need to add yourself as a user (in the folder
security tab) and allow access to the folder. Of course, simple file sharing
must be turned off/disabled to do this.

Do not try to delete old individual points fro the restore chain. Even
if it appears to work, it is storing up trouble. Once such a nasty has
been cleared from elsewhere, wait for a new clean restore point (or make
one) and then go to
Start - All Programs - Accessories - System Tools - Disk Cleanup
and in the More Options page 'Delete all but most recent restore point'.
The nasty will go along with the point it is in

 

[Phil]

Do not try to delete old individual points fro the restore chain.
Even if it appears to work, it is storing up trouble. Once such a
nasty has been cleared from elsewhere, wait for a new clean restore
point (or make one) and then go to
Start - All Programs - Accessories - System Tools - Disk Cleanup
and in the More Options page 'Delete all but most recent restore
point'. The nasty will go along with the point it is in

I didn't say to delete files from it, I simply said it could be done. In
fact I said Carey's advice was the best way. Most likely any poking around
in there will just mess the restore point up, so I wouldn't do it. Just was
pointing out that you could delete files from a restore point if you wanted.

 

[Plato]

my AV software keeps telling me that a TROJAN HORSE DOWNLOADER.COMET.B
is on my computer at:

To remove nasty ware the first step is to disable system restore and
make sure the restore points are deleted.