eTrust and the Win32.Slinbot.MW worm

[Autumn]

Running eTrust AV on a WinXP machine. Everyday I get (several times) the
following in a window that pops up -

"eTrust Antivirus Real-time Protection



eTrust EZ Antivirus real-time protection has found that C:\System Volume
Information\_restore{0801C307-1A39-46FA-B02D-95C86E53ADB7}\RP65\a0037685.exe
is Win32.Slinbot.MW worm."



I have ran the AV software, ran several of the free ones available online,
looked for info on that particular worm and have found nothing. I find a lot
on Slinbot worms, but none with that specific name. My system is running
slow, I have less than 1/4 of my hard drive full (3/4 free as it is new and
was only replaced a few months ago). I keep it cleaned up as far as internet
files, trash and defrag. I keep the AV software running in the background
continuously. This message is driving me crazy!



Any ideas would be appreciated.

 

[Spin Dryer]

On Wed, 29 Dec 2004 13:25:27 GMT, [Autumn] said :-

Running eTrust AV on a WinXP machine. Everyday I get (several times) the
following in a window that pops up -

"eTrust Antivirus Real-time Protection



eTrust EZ Antivirus real-time protection has found that C:\System Volume
Information\_restore{0801C307-1A39-46FA-B02D-95C86E53ADB7}\RP65\a0037685.exe
is Win32.Slinbot.MW worm."



I have ran the AV software, ran several of the free ones available online,
looked for info on that particular worm and have found nothing. I find a lot
on Slinbot worms, but none with that specific name. My system is running
slow, I have less than 1/4 of my hard drive full (3/4 free as it is new and
was only replaced a few months ago). I keep it cleaned up as far as internet
files, trash and defrag. I keep the AV software running in the background
continuously. This message is driving me crazy!



Any ideas would be appreciated.

Turn off system restore (it looks like the duff file is held in that
protected area), reboot, rescan, then re-apply the system restore
option.

 

[Joe]

Running eTrust AV on a WinXP machine. Everyday I get (several times) the

following in a window that pops up -

"eTrust Antivirus Real-time Protection

eTrust EZ Antivirus real-time protection has found that C:\System Volume
Information\_restore{0801C307-1A39-46FA-B02D-95C86E53ADB7}\RP65\a0037685.
exe is Win32.Slinbot.MW worm."

I have ran the AV software, ran several of the free ones available online,
looked for info on that particular worm and have found nothing. I find a
lot on Slinbot worms, but none with that specific name. My system is
running slow, I have less than 1/4 of my hard drive full (3/4 free as it
is new
and was only replaced a few months ago). I keep it cleaned up as far as
internet files, trash and defrag. I keep the AV software running in the
background continuously. This message is driving me crazy!

Any ideas would be appreciated.

You could turn off system restore but that will delete all your system
restore points, which is overkill as you may need them later. I get this
kind of thing, on computers at work, quite frequently and I just delete
the infected file.

You will need to have administrator rights and give yourself security
permisions in order to get into that folder. I don't know if you are
using XP Home or XP Pro or if your hard drive is formatted using
NTFS. If you are XP Pro and the hard drive is NTFS, first go to
My Computer, Tools, Folder Options, View, and make sure the
the box for "use simple file sharing" is not checked.

The system restore folder is a hidden folder in the root of the C
drive, so you will have to unhide it. Go to My Computer, Tools,
Folder Options, View, and uncheck the box for "Hide protected
operating system files".

Once you can see the C:\System Volume Information folder, right
click on it, click Properties, click Security, click Add, and enter
your username. Then click Full Control, apply and okay. After
that you should be able to open the folder and every folder in
it.

Then go into the RP65 folder inside the system restore folder and
delete the a0037685.exe file and then delete it from the Recycle
Bin.

I am not familiar with XP Home so these instructions may not
work if you are using that. However, there should be a similiar
way to get into that folder on the Home edition.

Joe