Avast WEBforum
Other => Viruses and worms => Topic started by: msneedles on November 06, 2006, 03:29:02 AM
-
I keep getting this same message even though I tell it to fix it. Than it leaves and next \scan it is back again. Is this a positive? What to do as it is a system file.
Here is where it says it is at.
C:\System Volume Information\_restore{CF5175E0-BDE8-4B71-9B14-BA21E6145FDF}\RP12\A0005089.exe
Also last week it said I had a virus/or worm/ or Trojan in C:windows/system files. something .dll than after I moved them to the chest. XP popped up and said I needed to them so I just moved them back from the chest using Avast to restore them.
I also had a program for years and suddenly it was infected. I haven't used it in a while so I just let it delete it anyway. I don't know whats up but it keeps telling me I have a virus even though I keep deleting it, it than is located else where.
-
While I can't tell you what it is, I can tell you where it is. It's in the system restore.
What is the exact message you recieve?
-
ummmmmm virus/worm ....something like that.
-
Not much to go on.
Okay, if you are using xp, run a boot time scan.
Disable system restore first.
To schedule a boot time scan
right click the "a" ball, click start avast antivirus
click menu, select schedule boot time scan
select the path ie the drive you want to scan.
Make sure system restore is off. Restart your computor.
edited to add
move anything found to the chest, rather than delete!
-
System restore is disabled.
Here is the log I copied.
10/31/2006 4:20:27 PM SYSTEM 1516 Sign of "Win32:Warezov-MF [Wrm]" has been found in "C:\WINDOWS\system32\dllcache\dgsetup.dll" file.
11/5/2006 7:26:00 AM Judy 1524 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\Documents and Settings\Judy\Desktop\PC - STUFF\Address Stuff\Stuff\pspv.exe" file.
It did not log where it tried to fix the last warning....so I guess it did nothing. I think I will scan again move to chest this time and post it later.
-
A0005089.exe
C:\System Volume Information\_restore{CF5175E0-BDE8-4B71-9B14-BA21E6145FDF}\RP12\A0005089.exe
Virus/Worm
0645-4, 11/03/2006
file size - 52736
last modification time - 11/6/1:11:26 am
moved to chest - 11/5/2006 9:12:30 pm
category - Infected files
Virus description - Win32:Trojan-gen. {VC}
file ID - 9
I don't know what else you all want or where to find them but if you can point me in the right direction...I'll get it.
Thanks oldman!!!
I will do that tomorrow...it's time for bed.
Chow~
-
:) Hi :
Your "Reports" indicate a "trojan" and/or a "worm" ; these are BEST handled by an
antiSPYWARE/antiTROJAN program . Do you have any such program(s) on your
computer ? If yes, try using them . More than likely you should try using the "FREE"
version of "SUPERantispyware" from www.superantispyware.com .
There are several threads in the Avast Forums about "Warezov"; more than likely
it would be a good idea if you read through them .
-
I use Ad-Aware SE Personal and it found nothing. well except MRL and it is up to-date. I also use CCleaner. And all are up to date. I don't know but something makes me feel it is a false positive. Anyway I sent it to avast by email.
-
:) Hi :
Ad-Aware is NOT geared to handling this "trojan/worm" ; since all Ad-aware finds on
your computer is the no-threat "MRU"s, then you have NOT properly configured it by
UNchecking the "Search for negligible risk entries" setting AND "checking" the
"Search for low-risk threats" Setting; they are seen just after clicking the "Start" tab .
Do yourself a favor and try SUPERantispyware.
-
Your reference to the dgsetup.dll file rang a bell as it has previously been discussed http://forum.avast.com/index.php?topic=24612.0 in the forums, so it may be worth a visit to that link. The result of that link was it was likely to be a falsoe positive detection and the latest VPS update no longer detected it as infected.
What version of the VPS do you have ?
Do a manual Update that will also confirm what version you have and update if required.
Or see about avast, the current one is 0645-4 but there is likely to be another one soon.
-
I set the setting in Ad-Aware and it still found nothing. Also I used Cureit by DrWeb and it found nothing.
Just this morning it now says...Virus has been detected! The name this time is A0010248.exe
C:\System Volume Information\_restore{CF5175E0-BDE8-4B71-9B14-BA21E6145FDF}\RP23\A0010248.exe
Virus has been detected!
File Name: A0010248.exe
FileID: 10
Virus Description: Win32:Adware-gen. [Adw]
I am using Avast 4.7 Home version 0645-4 and I already did a manual Update.
I don't mind doing a boot scan I just don't want it to remove something that my system may need.
-
The c:\System Volume Information folder is a part of the system restore function and as such is protected by windows, the only way to clean infected _restore points is to disable system restore and reboot (as has been previously mentioned). This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.
I assume that now you have the latest VPS file you aren't detecting the C:\WINDOWS\system32\dllcache\dgsetup.dll file as infected now ?
-
Thanks but.......system restore is and has long been disabled.
And....I already had the latest VPS file .
-
I don't disbelieve you but if system restore is disabled then there should be no _restore points in the c:\System Volume Information folder, fact.
If you have multiple partitions, you need to disable system restore in all of them to completely disable it This will clear ALL _restore points, if not you have a problem with system restore. The boot-time scan may be able to deal with the _restore point and you have nothing to worry about you still have control over what avast does in the boot-time scan, you can send any detected files to the chest. This allows for them to restored if required.
My only mention of the VPS is you are no longer reporting avast detecting one of the original files you gave, dgsetup.dll.
-
Oh my God you are sooooo right. I had not checked it the last time I reformat about 2 months ago....that is usually one of the first things I do. I am so sorry.....going to fix that in just a few minutes. Then that will take care of that.
and
RE: VPS Yes it is not detecting it. So that too is good...thanks!
RE:system restore, Maybe that will explain why I have used so much space this time.
-
Glad it helped.
That is the problem with re-installs after a format all your customisations go west also and it is easy to forget what you previously did. Yes, unrestrained system restore and also the pagefile.sys (check that) can eat up large chunks out of your HDD.
-
Yea!!! all is gone!!!!
Thanks everyone!