virus report

[gram]

How do I find and clean this file?
C:\RECYCLER\S-1-5-21-3412959601-2626017346-3428119236-1005
Dc40.cab
ArchiveType: CAB (Microsoft)
--> Belt.exe
The Trojan horse TR/Stubby
Error! Could not change directory: System Volume
Information
My last Virus scan did not clean or delete it

 

[CWatters]

See
http://www.derkeiler.com/Newsgroups/microsoft.public.security.virus/2004-02/0037.html

Quote:

From: Mike Burgess (winhelp2002_at_spamthis.com)
Date: 01/31/04
Next message: Dirk: "Re: Dialer.OneOnOne"
Previous message: taff: "Re: Dialer.OneOnOne"
In reply to: Lamia: "TR/Stubby"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [
attachment ]

Date: Sat, 31 Jan 2004 16:23:48 -0500

Lamia,
"belt.exe" = abetterinternet.com = Downloader.Stubby.A

Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm
[more info]
http://sarc.com/avcenter/venc/data/adware.binet.html
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 01-25-04]
Please post replies to this Newsgroup, email address is invalid

 

[MAP]

-----Original Message-----
How do I find and clean this file?
C:\RECYCLER\S-1-5-21-3412959601-2626017346-3428119236- 1005
Dc40.cab
ArchiveType: CAB (Microsoft)
--> Belt.exe
The Trojan horse TR/Stubby
Error! Could not change directory: System Volume
Information
My last Virus scan did not clean or delete it
.
System Volume is your system restore check point files,

Shut off system restore and turn it back on this will
delete the Trojan along with all check points.

 

[Rick \Nutcase\ Rogers]

Hi,

It's in a restore point, and is quite harmless there. To remove it, you can
purge the restore points, but it is not essential to do this.

There are three ways to easily remove restore points (you should not do this
selectively).

1) Start/run cleanmgr.exe (disk cleanup), there is a "clean up" button on
the "more options" tab to remove all but the newest restore point.

2) Control Panel/System/System Restore tab, go to settings and reduce the
amount of space allotted to System Restore. This will remove older restore
points, how many depends on how much space you require for a point, and how
much space you leave.

3) Control Panel/System/System Restore tab, click the "turn off system
restore on all drives" box. This will eliminate all restore points. Once
reenabled, the system will begin creating new ones. You should reboot in
between doing this.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone

 

[Alex Nichol]

How do I find and clean this file?
C:\RECYCLER\S-1-5-21-3412959601-2626017346-3428119236-1005
Dc40.cab
ArchiveType: CAB (Microsoft)
--> Belt.exe
The Trojan horse TR/Stubby
Error! Could not change directory: System Volume
Information

That is in the recycle bin: The S-1-5-21 bit identifies the user under
whose logon it was deleted. You will need to logon with that user
account (try each one that there is in turn) and empty the bin: when you
get the right one, the affected file should go.