Possible netsky virus

G

Guest

AVG anti-virus reports a Netsky virus in the following file:
C:System Volume
Information\-restore{469FFB16-41B1-B996-984B86C8FB66}\RP210\A0043978.scr

Manually running AVG fails to find any viruses.

All my efforts at locating this file fail with Windows Explorer saying"
System Volume Information is not accessible
Access is denied.

Does anyone know how to access this file and possibly delete it?
 
D

David H. Lipman

1) Download the following three items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt248.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using both the Trend Sysclean utility and Stinger, perform a Full Scan of your
platform and clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform using both.
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point


* * * Please report back your results * * *

Dave







| AVG anti-virus reports a Netsky virus in the following file:
| C:System Volume
| Information\-restore{469FFB16-41B1-B996-984B86C8FB66}\RP210\A0043978.scr
|
| Manually running AVG fails to find any viruses.
|
| All my efforts at locating this file fail with Windows Explorer saying"
| System Volume Information is not accessible
| Access is denied.
|
| Does anyone know how to access this file and possibly delete it?
|
|
 
D

Doug Knox MS-MVP

Go to Control Panel, System, System Restore. Turn it off, then turn it back on. This will flush all restore points, including the one that contains the infected file.
 
B

Bruce Chambers

The System Volume Information is the hidden, protected operating
system folder in which WinXP's System Restore feature stores
information used to recover from errors. It's really not a good idea
for you, or an antivirus application, to directly access the contents
of that folder, unless you expect to have no future use for the
restore points, in which case it would be simpler just to turn off the
System Restore feature.

To clear viruses or other malware from the "System Volume
Information," simply turn off the System Restore feature (Start > All
Programs > Accessories > System Tools > System Restore, System Restore
Settings), reboot, then re-enable System Restore, and reboot one last
time. This will delete all of your Restore Points, including the
corrupted one(s), and allow you start with a clean slate.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

"TROJAN" in System Volume Information folder 7
persistent virus warning, but no apparent virus 4
I worm netsky 3
virus in system volume information 2
"System Volume Information" folder? 1
how to delete virus in system volume info? 11
Virus detected in System Volume Information 3
Virus 2

Top