System Volume Infection?

[The Crow]

Hi.
Two questions. First, I've recently had the following virus reported to me
by my antivirus software, which cannot shift the infection. It says a worm,
WORMAPSIV.A, has been found in the System Volume information folder. I run
XP and wondered how to deal with this? Is it, as with similar ones I've
had, a case of disabling the system restore and then restarting? Second,
last week I had a Trojan in this folder, which is when I was told about
disabling system restore, and so this is the second virus in a week in this
folder. I run up to date AVG, Adaware and Spybot, but still seem to be
getting these infections. Could this be a sympton of a larger problem, or
is this common enough? Thanks.

 

[GSV Three Minds in a Can]

Hi.
Two questions. First, I've recently had the following virus reported to me
by my antivirus software, which cannot shift the infection. It says a worm,
WORMAPSIV.A, has been found in the System Volume information folder. I run
XP and wondered how to deal with this? Is it, as with similar ones I've
had, a case of disabling the system restore and then restarting?

Almost certainly yes.

Second,
last week I had a Trojan in this folder, which is when I was told about
disabling system restore, and so this is the second virus in a week in this
folder. I run up to date AVG, Adaware and Spybot, but still seem to be
getting these infections. Could this be a sympton of a larger problem, or
is this common enough? Thanks.

I would worry about how it got there, yes. Do you have open shares or
ports exposed to the www? Do you run some cr&p like Kazaa??

 

[The Crow]

Almost certainly yes.


I would worry about how it got there, yes. Do you have open shares or
ports exposed to the www? Do you run some cr&p like Kazaa??

I run Kazaar Lite, and have just got a adsl router, which may be the cause
of any vulnerability. It has a firewall, but it is conceivable that I have
not configured it propperly.

Actually, this may be an opportune moment to bring up this question. I was,
when on dialup, running Sygate Personal Firewall. My router has a hardware
firewall, so should I still run SPF too, or should that go? Thanks again.

 

[optikl]

I run Kazaar Lite, and have just got a adsl router, which may be the cause
of any vulnerability. It has a firewall, but it is conceivable that I have
not configured it propperly.

Actually, this may be an opportune moment to bring up this question. I was,
when on dialup, running Sygate Personal Firewall. My router has a hardware
firewall, so should I still run SPF too, or should that go? Thanks again.

If your sharing files then obviously you have an open port. I'd suspect
your router has NAT and maybe SPI. It likely only blocks inbound,
uninitiated connections. Even a firewall like Sygate isn't going to stop
malware from getting on your system. Only you can do that. When you
share files over the internet, your sharing the risk, as well.

 

[optikl]

If your sharing files then obviously you have an open port. I'd suspect
your router has NAT and maybe SPI. It likely only blocks inbound,
uninitiated connections. Even a firewall like Sygate isn't going to stop
malware from getting on your system. Only you can do that. When you
share files over the internet, your sharing the risk, as well.

Excuse the sloppy grammar. I meant "you're" not "your" in the 1st and
last sentences. It's these damn decongestants.

 

[FromTheRafters]

Hi.
Two questions. First, I've recently had the following virus reported to me
by my antivirus software, which cannot shift the infection. It says a worm,
WORMAPSIV.A, has been found in the System Volume information folder. I run
XP and wondered how to deal with this? Is it, as with similar ones I've
had, a case of disabling the system restore and then restarting?
Probably.

Second,
last week I had a Trojan in this folder, which is when I was told about
disabling system restore, and so this is the second virus in a week in this
folder. I run up to date AVG, Adaware and Spybot, but still seem to be
getting these infections. Could this be a sympton of a larger problem, or
is this common enough?

It is common enough methinks.

Your AV may have caught it out on its first appearance and
attempted (successfully) to delete it. The problem is that XP
(and ME) have a kernel mode monitor that intercepts that
action and makes a backup copy of the malware in the system
restore before allowing the delete action to continue. Your AV
may have logged the original detection and also the action taken.
Check your log file to see if it offers any insight into the vector
the malware used to get on the system in the first instance.