Trojan in System Volume Information

G

Guest

My AVG antivirus program found "Trojan horse Downloader. Tooncom.T" in C:\System Volume Information\_restore{6A0189FD-82AF-408D-AC78-1136DBEDC634}\RP132\A0016208.EXE" AVG cannot remove it. I went into the registry manually and wasn't able to find this particular extension. However, I did find similar ones. How do I get in there to remove it? Other anti-spyware and antivirus programs don't seem to be able to access anything in System Restore. thanks.
 
J

Jupiter Jones [MVP]

System Volume Information is the System Restore data.
Turn off/on System Restore to delete corrupted files:
Start/All Programs/Accessories/System Tools/System Restore.
Click System Restore Settings on left side.
Check "Turn off System Restore", click OK, follow prompts and reboot.
This deletes ALL Restore Points including corruption.
Then go back and turn on system Restore and create a Restore Point.

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://www3.telus.net/dandemar/


joegum said:
My AVG antivirus program found "Trojan horse Downloader. Tooncom.T"
in C:\System Volume
Information\_restore{6A0189FD-82AF-408D-AC78-1136DBEDC634}\RP132\A0016
208.EXE" AVG cannot remove it. I went into the registry manually
and wasn't able to find this particular extension. However, I did
find similar ones. How do I get in there to remove it? Other
anti-spyware and antivirus programs don't seem to be able to access
anything in System Restore. thanks.
 
B

Bruce Chambers

Greetings --

To clear viruses from the "System Volume Information," simply turn
off the System Restore feature (Start > All Programs > Accessories >
System Tools > System Restore, System Restore Settings), reboot, then
re-enable System Restore, and reboot one last time. This will delete
all of your Restore Points, including the corrupted one(s), and allow
you start with a clean slate.

However, if you have Restore Points that you'd really rather not
lose, and know which one is corrupted, very carefully try this:

How to Gain Access to the System Volume Information Folder
http://support.microsoft.com/default.aspx?scid=kb;EN-US;309531


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


joegum said:
My AVG antivirus program found "Trojan horse Downloader. Tooncom.T"
in C:\System Volume
Information\_restore{6A0189FD-82AF-408D-AC78-1136DBEDC634}\RP132\A0016
208.EXE" AVG cannot remove it. I went into the registry manually
and wasn't able to find this particular extension. However, I did
find similar ones. How do I get in there to remove it? Other
anti-spyware and antivirus programs don't seem to be able to access
anything in System Restore. thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top