Hidden Virus

M

Mark Lewis

Hi all,

Over the past couple of weeks I keep getting a virus detected and
quarantined by PC-Cillin. It's always the same one and checking the virus
log its always from the same folder. However try as I might I cannot find
the folder indicated. I am running XP Pro and include a paste from the most
recent virus log. Any ideas on how to stop this and find the folder would be
much appreciated.

Detected Virus List,,,,,
Time,Infected File Name,Virus Name,Action on Virus,User Name,Scan Type
17:08:10,C:\System Volume
Information\_restore{02937616-2DB6-454F-91AD-295954FE3785}\RP72\A0020897.exe
,TROJ_MSNFAKER.L,Unable to clean. Infected file was quarantined.,SYSTEM,Scan
Task
17:08:06,C:\System Volume
Information\_restore{02937616-2DB6-454F-91AD-295954FE3785}\RP72\A0020721.exe
,TROJ_MSNFAKER.L,Unable to clean. Infected file was quarantined.,SYSTEM,Scan
Task
12:05:27,C:\System Volume
Information\_restore{02937616-2DB6-454F-91AD-295954FE3785}\RP71\A0020689.exe
,TROJ_MSNFAKER.L,Unable to clean. Infected file was
quarantined.,SYSTEM,Real-time Scan

Many thanks

Mark.
 
C

Carey Frisch [MVP]

Please visit the Virus removal experts in this newsgroup:
news://msnews.microsoft.com/microsoft.public.security.virus


--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

-------------------------------------------------------------------------------------------


| Hi all,
|
| Over the past couple of weeks I keep getting a virus detected and
| quarantined by PC-Cillin. It's always the same one and checking the virus
| log its always from the same folder. However try as I might I cannot find
| the folder indicated. I am running XP Pro and include a paste from the most
| recent virus log. Any ideas on how to stop this and find the folder would be
| much appreciated.
|
| Detected Virus List,,,,,
| Time,Infected File Name,Virus Name,Action on Virus,User Name,Scan Type
| 17:08:10,C:\System Volume
| Information\_restore{02937616-2DB6-454F-91AD-295954FE3785}\RP72\A0020897.exe
| ,TROJ_MSNFAKER.L,Unable to clean. Infected file was quarantined.,SYSTEM,Scan
| Task
| 17:08:06,C:\System Volume
| Information\_restore{02937616-2DB6-454F-91AD-295954FE3785}\RP72\A0020721.exe
| ,TROJ_MSNFAKER.L,Unable to clean. Infected file was quarantined.,SYSTEM,Scan
| Task
| 12:05:27,C:\System Volume
| Information\_restore{02937616-2DB6-454F-91AD-295954FE3785}\RP71\A0020689.exe
| ,TROJ_MSNFAKER.L,Unable to clean. Infected file was
| quarantined.,SYSTEM,Real-time Scan
|
| Many thanks
|
| Mark.
|
|
 
J

Jim Macklin

The virus is in your system restore files. The anti-virus
can't remove it because those are protected files.

Right click on the C: drive in MY COMPUTER and select
properties. Then select disk cleanup (the button on the
rightside near the middle of the window). Select the "more"
options and then delete system restore points, which will
remove all but the last system restore point. Click OK and
then when you do a virus scan it should be clean. If the
virus is in the last point, you'll have to turn system
restore off, reboot, and then turn it back on to clear all
the files. See the notes on this at McAfee's website

http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm


message | Hi all,
|
| Over the past couple of weeks I keep getting a virus
detected and
| quarantined by PC-Cillin. It's always the same one and
checking the virus
| log its always from the same folder. However try as I
might I cannot find
| the folder indicated. I am running XP Pro and include a
paste from the most
| recent virus log. Any ideas on how to stop this and find
the folder would be
| much appreciated.
|
| Detected Virus List,,,,,
| Time,Infected File Name,Virus Name,Action on Virus,User
Name,Scan Type
| 17:08:10,C:\System Volume
|
Information\_restore{02937616-2DB6-454F-91AD-295954FE3785}\R
P72\A0020897.exe
| ,TROJ_MSNFAKER.L,Unable to clean. Infected file was
quarantined.,SYSTEM,Scan
| Task
| 17:08:06,C:\System Volume
|
Information\_restore{02937616-2DB6-454F-91AD-295954FE3785}\R
P72\A0020721.exe
| ,TROJ_MSNFAKER.L,Unable to clean. Infected file was
quarantined.,SYSTEM,Scan
| Task
| 12:05:27,C:\System Volume
|
Information\_restore{02937616-2DB6-454F-91AD-295954FE3785}\R
P71\A0020689.exe
| ,TROJ_MSNFAKER.L,Unable to clean. Infected file was
| quarantined.,SYSTEM,Real-time Scan
|
| Many thanks
|
| Mark.
|
|
 
G

Guest

ok, first c:\system volume information is not accessable.
But it can. What file system are you using?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Is anyone experience like this? How did you removed this threat? 3
AOL Active Virus Shield, first time scan? 2
System Volume Information Lost 2
virus troubles 2
Sysweb.exe and virus 1
AVG Resident Shield 7
virus in system volume information folder 4
Virus ...Help! 4

Top