system volume trojan

[Don]

Bitdefender has informed me that I have trojan.agent.acl and
trojan.downloader in my system volume information folder. I have tried going
into safe mode with my system restore turned off, but have so far been
unable to get the trojans removed. The files have already been removed from
the rest of my system but I still see the advisory that the sys volume is
still infected. Any suggestions?
Don

 

[GateKeeper]

Supposedly, if you turn off system restore on all drives, then restart
the computer and turn System Restore back on, Windows will overwrite the
old system restore information (System Volume Information). Then you
should be able to do a complete scan and get rid of the trojan.

 

[Don]

Thank for the reply. I am now in the process of doing the complete scan
after turning off the sys restore. Once completed, I'll hopefully have the
beast back under control. I did do some other searches and found the same
recommendation as you posted. Thanks again ... and thank heaven for backup
computers to be able to use for reference\research.
ô¿ô

 

[Ken Blake, MVP]

Bitdefender has informed me that I have trojan.agent.acl and
trojan.downloader in my system volume information folder. I have
tried going into safe mode with my system restore turned off, but
have so far been unable to get the trojans removed. The files have
already been removed from the rest of my system but I still see the
advisory that the sys volume is still infected. Any suggestions?

System Volume Information is the place where System Restore Points are
stored. A virus, trojan, or any other kind of malware in a Restore Point is
completely innocuous and can not hurt you in any way, unless you restore
from that restore point.

Once you've removed the virus or trojan that was *outside* of the Restore
Points, you can get rid of the ones in the Restore Points by turning off
System Restore and turning it back on (that will get rid off *all* restore
points), or you can just ignore it, and wait until the infected restore
point goes away by itself as it gets older (being very sure that you never
restore from a Restore Point older than the date when the virus was
removed).

It's usually safest to remove the virus in the Restore Points so as not to
have to worry about it, but I wanted to be sure you understood the
situation.

 

[Bruce Chambers]

Bitdefender has informed me that I have trojan.agent.acl and
trojan.downloader in my system volume information folder. I have tried going
into safe mode with my system restore turned off, but have so far been
unable to get the trojans removed. The files have already been removed from
the rest of my system but I still see the advisory that the sys volume is
still infected. Any suggestions?
Don

The System Volume Information is the hidden, protected operating
system folder in which WinXP's System Restore feature stores
information used to recover from errors. It's really not a good idea
for you, or an anti-virus application, to directly access the contents
of that folder, unless you expect to have no future use for the
restore points, in which case it would be simpler just to turn off the
System Restore feature.

To clear viruses or other malware from the "System Volume
Information," simply turn off the System Restore feature (Start > All
Programs > Accessories > System Tools > System Restore, System Restore
Settings), reboot, then re-enable System Restore, and reboot one last
time. This will delete all of your Restore Points, including the
corrupted one(s), and allow you start with a clean slate.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

 

[Don]

The scans come back clean and the world turns on. I have turned on the sys
restore again and good for another battle.
Thanks for the info/advice.
Don