Help please with a Trojan

[Alec]

Yesterday I picked up a some sort of spy ware virus...(I think).. I ran
Mcafee and it found several infected files and removed them. I also ran
MsnspywareStopper and it also found some files which were removed. Seemed
all was well but later Mcafee came up and reported finding a Trojan
Reg/Seeker in C:/sys volume Info/Restore and deleted it. Again a couple
hours later Mcafee did the same thing. Nothing today. Am I to believe it
is gone or am I in trouble?
Thank in advance for the advice.
Alec

 

[Michael Solomon \(MS-MVP\)]

It's most likely gone. However, any infection in System Volume Information
also requires you turn off System Restore, reboot and turn it back on.
System Volume Information is the file store for System Restore. Even though
the infected file has been removed, the removal has now corrupted the System
Restore file store rendering it useless. Turning it off, rebooting and
turning it back on will wipe all previous restore points, allowing you to
start over with a fresh SR file store.

Open Control Panel, open System, go to the System Restore tab, place a check
next to "Turn off System Restore on all drives, click apply and ok, reboot,
return to this tab, remove the check, click apply and ok.

--
In memory of our dear friend, MVP Alex Nichol.

Michael Solomon MS-MVP
Windows Shell/User
https://mvp.support.microsoft.com/communities/mvp.aspx
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

 

[Rock]

Yesterday I picked up a some sort of spy ware virus...(I think).. I ran
Mcafee and it found several infected files and removed them. I also ran
MsnspywareStopper and it also found some files which were removed. Seemed
all was well but later Mcafee came up and reported finding a Trojan
Reg/Seeker in C:/sys volume Info/Restore and deleted it. Again a couple
hours later Mcafee did the same thing. Nothing today. Am I to believe it
is gone or am I in trouble?
Thank in advance for the advice.
Alec

Viruses or spyware in system restore are not a problem, unless you
restore to that time. The best thing to do there is to remove all
restore points by turning off system restore, Start | All Programs |
Accessories | System Restore | Turn off System Restore on all Drives.
Then turn it back on.

Run these programs to check for spyware/malware. After installing
update them, then boot into SAFE MODE and run them. You should update
and run them weekly.

Cwshredder
http://www.intermute.com/spysubtract/cwshredder_download.html

Ad-aware SE
http://www.lavasoftusa.com

Spybot Search and Destroy
http://www.safer-networking.org

Bazooka Adware and Spyware Scanner
http://download.com.com/3000-2144-10247783.html

Pest Patrol Free Pest Scanner
http://store.ca.com/dr/v2/ec_main.e...tchingYou&client=ComputerAssociates&sid=35715

If you’re still having problems after running these then run HijackThis
and post the log to one of the specialty forums, _NOT_ this one.

HijackThis
http://www.majorgeeks.com/download.php?det=3155

Forums to Interpret HijackThis Logs:

http://www.spywareinfo.com/forums/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com/

After your system is clean use these programs to help keep it clean:

Spywareblaster
www.javacoolsoftware.com/sbdownload.html

Spywareguard
http://www.javacoolsoftware.com/sgdownload.html

IE-SPYAD
http://www.staff.uiuc.edu/~ehowes/resource.htm

 

[Kelly]

Hi Alec,

Don't rely on McAfee. Use this combo:

Run Ad-Aware SE, Spybot and HijackThis:
http://www.majorgeeks.com/downloads31.html

Note: Update the first two programs, once installed, before running.

Free Online Virus Scan
http://housecall.trendmicro.com/housecall/start_corp.asp

--
In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com