Possible virus in System Volume Information


G

Guest

Hello,

About a month ago i got affected with "EXP/HS05-013" <-- ANTIVIR
Located in Temporary Internet Files/content.ie5/vklse 64k/search[1].htm
Website is "crackspider.net"
Now i have formatted and reinstalled windows about 15 times but i'm still
leaking mb's, Messenger keeps turning itself on,
Norton keeps giving "Automatic Rules" for MS Generetic Host Process for
Win32 Server <-- 5-10 popups very rapidly
I also got some Norton Warnings for blokking a Trojan Horse called "BLA"
IP: 81.164.40.115:1042
IP: 84.195.124.142:1042
IP: 81.164.40.89:1042

In Norton LOGBOOK / Firewall settings i find:
Portblokking allows NetBios has changed (15-20 lines in 1 minute)

Because i have formatted the drive and still am affected with something i
wonder if there's a hidden map on the drive that doesn't get cleaned after
formatting ??
I've done another AV-CLS scan with Sopos:
LOG
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP74\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP75\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP76\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP77\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP78\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP79\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP80\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP81\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP82\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP83\snapshot\ComDb.Dat (corrupt)

Is there a chanse that this folder containes a virus and if yes how do i
clean this folder or make it visible??

thnx in advance
omi
 
Ad

Advertisements

G

Guest

Everything is DELETED when you format - EVERYTHING !!!

The scanner can't check this folder because this is the "System Restore"
folder in Windows XP .It is the most protected folder in the whole Opearting
System.
System Restore is used to restore your system after any kind of system crash
or if you have done something wrong.

You got infected two ways:
Either 1 or 2

1) You connect to internet too early without firewall and a hacher gets into
your PC and loads a malware
2) You install infected drivers.You should install drivers (only genuie
drivers) that comes from the manufacter. However ,this again doesn't
guarantees you malware free software so as soon as you have installed the
drivers ,make sure your firewall is ON and then install antivirus software
and immediately check.
You mention trojan - it is likely to install it either from the drivers or
from a "useful" software that you install.
Make sure your back -ups are also malware free.

You may perform these malware removal instructions to clean your computer .
Please ,goto my web-site:
http://pandaman.hit.bg
:)

If you have any other questions ,do not hesitate to contact the community
again!!!

Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://pandaman.hit.bg


omi said:
Hello,

About a month ago i got affected with "EXP/HS05-013" <-- ANTIVIR
Located in Temporary Internet Files/content.ie5/vklse 64k/search[1].htm
Website is "crackspider.net"
Now i have formatted and reinstalled windows about 15 times but i'm still
leaking mb's, Messenger keeps turning itself on,
Norton keeps giving "Automatic Rules" for MS Generetic Host Process for
Win32 Server <-- 5-10 popups very rapidly
I also got some Norton Warnings for blokking a Trojan Horse called "BLA"
IP: 81.164.40.115:1042
IP: 84.195.124.142:1042
IP: 81.164.40.89:1042

In Norton LOGBOOK / Firewall settings i find:
Portblokking allows NetBios has changed (15-20 lines in 1 minute)

Because i have formatted the drive and still am affected with something i
wonder if there's a hidden map on the drive that doesn't get cleaned after
formatting ??
I've done another AV-CLS scan with Sopos:
LOG
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP74\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP75\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP76\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP77\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP78\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP79\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP80\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP81\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP82\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP83\snapshot\ComDb.Dat (corrupt)

Is there a chanse that this folder containes a virus and if yes how do i
clean this folder or make it visible??

thnx in advance
omi
 
G

Guest

And one more thing...

As you use Windows XP ,use XP's firewall .
It is called Internet Connection Firewall (ICF) in Service Pack 1

or

Windows Firewall (WF) in Service Pack 2.

SP 1 (ICF)
Goto Control Panel -> Network connection and right click on the connection
you use -> Advanced -> check that you want a firewall protection -> OK

SP 2 (WF)
Goto Control Panel -> Windows Firewall -> Make sure it is ON.Also make sure
you turn ON : "Don't allow exceptions"

Turn OFF permanently Norton's Worm protection.

Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://pandaman.hit.bg



omi said:
Hello,

About a month ago i got affected with "EXP/HS05-013" <-- ANTIVIR
Located in Temporary Internet Files/content.ie5/vklse 64k/search[1].htm
Website is "crackspider.net"
Now i have formatted and reinstalled windows about 15 times but i'm still
leaking mb's, Messenger keeps turning itself on,
Norton keeps giving "Automatic Rules" for MS Generetic Host Process for
Win32 Server <-- 5-10 popups very rapidly
I also got some Norton Warnings for blokking a Trojan Horse called "BLA"
IP: 81.164.40.115:1042
IP: 84.195.124.142:1042
IP: 81.164.40.89:1042

In Norton LOGBOOK / Firewall settings i find:
Portblokking allows NetBios has changed (15-20 lines in 1 minute)

Because i have formatted the drive and still am affected with something i
wonder if there's a hidden map on the drive that doesn't get cleaned after
formatting ??
I've done another AV-CLS scan with Sopos:
LOG
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP74\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP75\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP76\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP77\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP78\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP79\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP80\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP81\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP82\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP83\snapshot\ComDb.Dat (corrupt)

Is there a chanse that this folder containes a virus and if yes how do i
clean this folder or make it visible??

thnx in advance
omi
 
G

Guest

thnx for the quick response Panda,
1) You connect to internet too early without firewall and a hacher gets into
your PC and loads a malware

i'll explain how i install...
when NOT connected to the internet:
I change BIOS setup by selecting cd-rom as primary boot device
I reboot my pc with winxp cd inserted
I select "start pc from cd"
Now i can format the drive and install winxp
So i install:
1- winxp home
2- MSI mainboard drivers
3- Norton internet security

At this time i have this 3 programs installed WITHOUT updates
Now i must connect to the internet to update the programs,
but after the 1st or 2nd reboot when installing windows updates i get
a popup from windows messenger which tells me my system is infected with
spyware
"Download Repair Registry Pro" it says
I don't do that because i presume this is spyware or malware or whatever

Like you say i prolly connect to the internet to early,
but i have to update the programs :(

Q: Is there a way to download ALL the updates from Windows & Norton in
advance ?
All security patches, virus definitions, Service Pack 2 etc...
This way i can burn all the updates on a cd so i will be able to install all
programs untill final updates without connecting to the internet, this might
solve the problem.

thnx in advance
omi

Panda_man said:
Everything is DELETED when you format - EVERYTHING !!!

The scanner can't check this folder because this is the "System Restore"
folder in Windows XP .It is the most protected folder in the whole Opearting
System.
System Restore is used to restore your system after any kind of system crash
or if you have done something wrong.

You got infected two ways:
Either 1 or 2

1) You connect to internet too early without firewall and a hacher gets into
your PC and loads a malware
2) You install infected drivers.You should install drivers (only genuie
drivers) that comes from the manufacter. However ,this again doesn't
guarantees you malware free software so as soon as you have installed the
drivers ,make sure your firewall is ON and then install antivirus software
and immediately check.
You mention trojan - it is likely to install it either from the drivers or
from a "useful" software that you install.
Make sure your back -ups are also malware free.

You may perform these malware removal instructions to clean your computer .
Please ,goto my web-site:
http://pandaman.hit.bg
:)

If you have any other questions ,do not hesitate to contact the community
again!!!

Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://pandaman.hit.bg


omi said:
Hello,

About a month ago i got affected with "EXP/HS05-013" <-- ANTIVIR
Located in Temporary Internet Files/content.ie5/vklse 64k/search[1].htm
Website is "crackspider.net"
Now i have formatted and reinstalled windows about 15 times but i'm still
leaking mb's, Messenger keeps turning itself on,
Norton keeps giving "Automatic Rules" for MS Generetic Host Process for
Win32 Server <-- 5-10 popups very rapidly
I also got some Norton Warnings for blokking a Trojan Horse called "BLA"
IP: 81.164.40.115:1042
IP: 84.195.124.142:1042
IP: 81.164.40.89:1042

In Norton LOGBOOK / Firewall settings i find:
Portblokking allows NetBios has changed (15-20 lines in 1 minute)

Because i have formatted the drive and still am affected with something i
wonder if there's a hidden map on the drive that doesn't get cleaned after
formatting ??
I've done another AV-CLS scan with Sopos:
LOG
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP74\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP75\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP76\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP77\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP78\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP79\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP80\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP81\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP82\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP83\snapshot\ComDb.Dat (corrupt)

Is there a chanse that this folder containes a virus and if yes how do i
clean this folder or make it visible??

thnx in advance
omi
 
L

Leythos

i'll explain how i install...
when NOT connected to the internet:
I change BIOS setup by selecting cd-rom as primary boot device
I reboot my pc with winxp cd inserted
I select "start pc from cd"
Now i can format the drive and install winxp
So i install:
1- winxp home
2- MSI mainboard drivers
3- Norton internet security
REBOOT.

At this time i have this 3 programs installed WITHOUT updates
Now i must connect to the internet to update the programs,
but after the 1st or 2nd reboot when installing windows updates i get
a popup from windows messenger which tells me my system is infected with
spyware
"Download Repair Registry Pro" it says
I don't do that because i presume this is spyware or malware or whatever

If you had NIS properly configured you would not be getting any Win
Messenger Pop-Ups at all.
Like you say i prolly connect to the internet to early,
but i have to update the programs :(

Q: Is there a way to download ALL the updates from Windows & Norton in
advance ?

Yes, download them and burn them to CD.
All security patches, virus definitions, Service Pack 2 etc...
This way i can burn all the updates on a cd so i will be able to install all
programs untill final updates without connecting to the internet, this might
solve the problem.

If you have a fast connection why are you not using a NAT Router? If you
had been using a NAT appliance you would not need NIS and you would not
have the problems you describe above.
 
G

Guest

thnx for the input Leythos,

I have a few questions, sorry for my noobishness:
Yes, download them and burn them to CD.
Can you give me the URL to download the updates manually ?
If you have a fast connection why are you not using a NAT Router? If you
had been using a NAT appliance you would not need NIS and you would not
have the problems you describe above.
I've never heard of a NAT Router, i'll look into this
I'm on a broadband connection (Telenet Belgium), i don't know if you call it
fast
- Downloads at 5 Mb/s
- Uploads at 192 Kb/s

cheerz
omi
 
Ad

Advertisements

G

Guest

I have SP2 installed
But i need to turn on xp-firewall each time i reboot
Maybe it's the virus or maybe it's NIS i don't know
I've given confirmation to allow both xp-firewall & NIS at the same time
Hopefully this get's solved after reinstalling win-xp updated offline

cheerz

Panda_man said:
And one more thing...

As you use Windows XP ,use XP's firewall .
It is called Internet Connection Firewall (ICF) in Service Pack 1

or

Windows Firewall (WF) in Service Pack 2.

SP 1 (ICF)
Goto Control Panel -> Network connection and right click on the connection
you use -> Advanced -> check that you want a firewall protection -> OK

SP 2 (WF)
Goto Control Panel -> Windows Firewall -> Make sure it is ON.Also make sure
you turn ON : "Don't allow exceptions"

Turn OFF permanently Norton's Worm protection.

Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://pandaman.hit.bg



omi said:
Hello,

About a month ago i got affected with "EXP/HS05-013" <-- ANTIVIR
Located in Temporary Internet Files/content.ie5/vklse 64k/search[1].htm
Website is "crackspider.net"
Now i have formatted and reinstalled windows about 15 times but i'm still
leaking mb's, Messenger keeps turning itself on,
Norton keeps giving "Automatic Rules" for MS Generetic Host Process for
Win32 Server <-- 5-10 popups very rapidly
I also got some Norton Warnings for blokking a Trojan Horse called "BLA"
IP: 81.164.40.115:1042
IP: 84.195.124.142:1042
IP: 81.164.40.89:1042

In Norton LOGBOOK / Firewall settings i find:
Portblokking allows NetBios has changed (15-20 lines in 1 minute)

Because i have formatted the drive and still am affected with something i
wonder if there's a hidden map on the drive that doesn't get cleaned after
formatting ??
I've done another AV-CLS scan with Sopos:
LOG
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP74\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP75\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP76\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP77\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP78\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP79\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP80\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP81\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP82\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP83\snapshot\ComDb.Dat (corrupt)

Is there a chanse that this folder containes a virus and if yes how do i
clean this folder or make it visible??

thnx in advance
omi
 
G

Guest

Hi omi ! See your previous post and answer these questions:

omi wrote in part:
i'll explain how i install...
when NOT connected to the internet:
I change BIOS setup by selecting cd-rom as primary boot device
I reboot my pc with winxp cd inserted
I select "start pc from cd"
Now i can format the drive and install winxp
So i install:
1- winxp home
2- MSI mainboard drivers
3- Norton internet security


Panda_man >>> You say you *can* format the hard drive and it is true.

Do you FORMAT the drive before installing the Operating System.
Is your Windows legal (genue)
Is your drivers legal and malware free
Is your Norton IS legal

I'm asking because:
If you don't format you are doing nothing.
If your drivers are infected => You got infected.
If your Windows is not legal -it can be infected ( I personally have seen a
client who had his Windows installed by a friend .There is no point to say
the OS was illegal and it came with CoolWebSearch and RAS Auto Dialer)
If your Norton IS is illegal it also could come with malware.


Also...I don't know if there is a way to download updates for Windows for
another PC and then to burn them.I use only Windows/Microsoft update for each
PC using internet connection.However you don't need to worry about the
updates now.
If you think you connect too early ,you are wrong.
I mentioned *too early* in my previous post but you don't connect *too early*.

Too early means if you connect without a firewall and without antivirus and
you say you you install the antivirus.So you don't connect too early.
I would also recommend you not to use Norton IS because it isn't very good
product in my opinion.Especially its firewall which is ...hmmm....so
strange..... :)


Think about the things I say and answer.Do not hesitate to contact the
Community again!:)

Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://pandaman.hit.bg




omi said:
I have SP2 installed
But i need to turn on xp-firewall each time i reboot
Maybe it's the virus or maybe it's NIS i don't know
I've given confirmation to allow both xp-firewall & NIS at the same time
Hopefully this get's solved after reinstalling win-xp updated offline

cheerz

Panda_man said:
And one more thing...

As you use Windows XP ,use XP's firewall .
It is called Internet Connection Firewall (ICF) in Service Pack 1

or

Windows Firewall (WF) in Service Pack 2.

SP 1 (ICF)
Goto Control Panel -> Network connection and right click on the connection
you use -> Advanced -> check that you want a firewall protection -> OK

SP 2 (WF)
Goto Control Panel -> Windows Firewall -> Make sure it is ON.Also make sure
you turn ON : "Don't allow exceptions"

Turn OFF permanently Norton's Worm protection.

Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://pandaman.hit.bg



omi said:
Hello,

About a month ago i got affected with "EXP/HS05-013" <-- ANTIVIR
Located in Temporary Internet Files/content.ie5/vklse 64k/search[1].htm
Website is "crackspider.net"
Now i have formatted and reinstalled windows about 15 times but i'm still
leaking mb's, Messenger keeps turning itself on,
Norton keeps giving "Automatic Rules" for MS Generetic Host Process for
Win32 Server <-- 5-10 popups very rapidly
I also got some Norton Warnings for blokking a Trojan Horse called "BLA"
IP: 81.164.40.115:1042
IP: 84.195.124.142:1042
IP: 81.164.40.89:1042

In Norton LOGBOOK / Firewall settings i find:
Portblokking allows NetBios has changed (15-20 lines in 1 minute)

Because i have formatted the drive and still am affected with something i
wonder if there's a hidden map on the drive that doesn't get cleaned after
formatting ??
I've done another AV-CLS scan with Sopos:
LOG
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP74\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP75\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP76\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP77\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP78\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP79\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP80\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP81\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP82\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP83\snapshot\ComDb.Dat (corrupt)

Is there a chanse that this folder containes a virus and if yes how do i
clean this folder or make it visible??

thnx in advance
omi
 
Ad

Advertisements

G

Guest

1st i want to thank you for trying to help me
i will answer your questions
Do you FORMAT the drive before installing the Operating System.
YES, i've tried "format" and "fast format", i even completely delete the 1
and only partition before formatting
Is your Windows legal (genue)
YES i have an original winxp-home cd-rom which came with the computer
Is your drivers legal and malware free
YES it's an original MSI cd-rom which came with the computer (drivers &
utillities)
Is your Norton IS legal
YES it's an original "Norton Internet Security 2005 Dutch"
It's an original 35,3Mb download which i got send after paying the company
(i have tried the windows update with and without NIS installed/updated)
i got it from
http://www.symantec.com/home_homeoffice/products/internet_security/nis2006/index.html
except this link is version 2006

i'm not doing anything illegal

omi

Panda_man said:
Hi omi ! See your previous post and answer these questions:

omi wrote in part:
i'll explain how i install...
when NOT connected to the internet:
I change BIOS setup by selecting cd-rom as primary boot device
I reboot my pc with winxp cd inserted
I select "start pc from cd"
Now i can format the drive and install winxp
So i install:
1- winxp home
2- MSI mainboard drivers
3- Norton internet security


Panda_man >>> You say you *can* format the hard drive and it is true.

Do you FORMAT the drive before installing the Operating System.
Is your Windows legal (genue)
Is your drivers legal and malware free
Is your Norton IS legal

I'm asking because:
If you don't format you are doing nothing.
If your drivers are infected => You got infected.
If your Windows is not legal -it can be infected ( I personally have seen a
client who had his Windows installed by a friend .There is no point to say
the OS was illegal and it came with CoolWebSearch and RAS Auto Dialer)
If your Norton IS is illegal it also could come with malware.


Also...I don't know if there is a way to download updates for Windows for
another PC and then to burn them.I use only Windows/Microsoft update for each
PC using internet connection.However you don't need to worry about the
updates now.
If you think you connect too early ,you are wrong.
I mentioned *too early* in my previous post but you don't connect *too early*.

Too early means if you connect without a firewall and without antivirus and
you say you you install the antivirus.So you don't connect too early.
I would also recommend you not to use Norton IS because it isn't very good
product in my opinion.Especially its firewall which is ...hmmm....so
strange..... :)


Think about the things I say and answer.Do not hesitate to contact the
Community again!:)

Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://pandaman.hit.bg




omi said:
I have SP2 installed
But i need to turn on xp-firewall each time i reboot
Maybe it's the virus or maybe it's NIS i don't know
I've given confirmation to allow both xp-firewall & NIS at the same time
Hopefully this get's solved after reinstalling win-xp updated offline

cheerz

Panda_man said:
And one more thing...

As you use Windows XP ,use XP's firewall .
It is called Internet Connection Firewall (ICF) in Service Pack 1

or

Windows Firewall (WF) in Service Pack 2.

SP 1 (ICF)
Goto Control Panel -> Network connection and right click on the connection
you use -> Advanced -> check that you want a firewall protection -> OK

SP 2 (WF)
Goto Control Panel -> Windows Firewall -> Make sure it is ON.Also make sure
you turn ON : "Don't allow exceptions"

Turn OFF permanently Norton's Worm protection.

Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://pandaman.hit.bg



:

Hello,

About a month ago i got affected with "EXP/HS05-013" <-- ANTIVIR
Located in Temporary Internet Files/content.ie5/vklse 64k/search[1].htm
Website is "crackspider.net"
Now i have formatted and reinstalled windows about 15 times but i'm still
leaking mb's, Messenger keeps turning itself on,
Norton keeps giving "Automatic Rules" for MS Generetic Host Process for
Win32 Server <-- 5-10 popups very rapidly
I also got some Norton Warnings for blokking a Trojan Horse called "BLA"
IP: 81.164.40.115:1042
IP: 84.195.124.142:1042
IP: 81.164.40.89:1042

In Norton LOGBOOK / Firewall settings i find:
Portblokking allows NetBios has changed (15-20 lines in 1 minute)

Because i have formatted the drive and still am affected with something i
wonder if there's a hidden map on the drive that doesn't get cleaned after
formatting ??
I've done another AV-CLS scan with Sopos:
LOG
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP74\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP75\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP76\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP77\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP78\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP79\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP80\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP81\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP82\snapshot\ComDb.Dat (corrupt)
Could not check c:\System Volume
Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP83\snapshot\ComDb.Dat (corrupt)

Is there a chanse that this folder containes a virus and if yes how do i
clean this folder or make it visible??

thnx in advance
omi
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top