How to get rid of Trojan Horse

[jw]

AVG has detected a Trojan Horse in my C;\System Volume
Information\_restore....... but seemingly cannot get rid of it.
In fact, XP will not let me manually delete the restore file either.
What to do - what to do.........

Duke

 

[Thomas Wendell]

Disable system restore, boot, then re- enable it (on C only, as IIRC it
doesn't need to monitor other than system drive)
ControlPanel->System-> SysRestore tab .....

 

[Ken Blake, MVP]

AVG has detected a Trojan Horse in my C;\System Volume
Information\_restore....... but seemingly cannot get rid of it.
In fact, XP will not let me manually delete the restore file either.
What to do - what to do.........

Any form of malware--whether spyware, virus, trojan, or anything
else--in a restore point is completely innocuous and can do nothing at
all *unless* you restore from that restore point.

The only way to remove the virus is to turn off System Restore, then
turn it back on, but that will delete *all* your restore points, not
just the infected one(s). Alternatively you can just wait for the
infected point(s) to fall of the end of the chain--a maximum of 90
days. Note that that alternative may keep some non-infected restore
points, but also requires care and good record-keeping to make sure
you don't accidentally restore the infected restore point.

On the other hand, you need to consider the question of how the virus
got there. It got there because your computer was infected elsewhere,
and went into the restore point while it was infected. So unless
you've already removed the virus or trojan from outside of the restore
point, you can't have a virus or trojan that's *only* in a restore
point.

 

[jw]

Any form of malware--whether spyware, virus, trojan, or anything
else--in a restore point is completely innocuous and can do nothing at
all *unless* you restore from that restore point.

The only way to remove the virus is to turn off System Restore, then
turn it back on, but that will delete *all* your restore points, not
just the infected one(s). Alternatively you can just wait for the
infected point(s) to fall of the end of the chain--a maximum of 90
days. Note that that alternative may keep some non-infected restore
points, but also requires care and good record-keeping to make sure
you don't accidentally restore the infected restore point.

On the other hand, you need to consider the question of how the virus
got there. It got there because your computer was infected elsewhere,
and went into the restore point while it was infected. So unless
you've already removed the virus or trojan from outside of the restore
point, you can't have a virus or trojan that's *only* in a restore
point.

Well it must have been removed because the only remainder is in the
restore point, worse luck. I'll try to wait things out and hope to
not have to do a restore any time soon.

Thanks

Duke

 

[peter]

You weren't listening..
IF you are sure that the Trojan is gone..
turn off System restore.
..this will delete all restore points when you reboot.
Now Let AVG rescan and see if it finds any trojans
If not and you're Clean
Turn on System Restore and create a restore point.

If it finds another Trojan..hopefully it can clean it out...and then rescan
again until you are clean.
When you are definitely clean turn on System Restore and create a Restore
Point.
peter

 

[enf1988]

run Malwarebyte anti malware program on it .
it also does cleanup.