Author Topic: system volume info infected (removal?) (Read 9197 times)

Xander · « **on:** December 05, 2003, 10:21:52 PM »

my system volume information is infected and i cant remove the wrms
when i try to scan this map in windows i get an error
when i scan in with a boot scan avast finds a few worms (see below for report)
but cant repair those files (i dont dare delete them, these files look pretty important to me)
and locks up the computer when trying to scan a certain dll-file in sys vol info

here is the report:

05/12/2003 21:58
Scan of C:\System Volume Information

File C:\System Volume Information\_restore{34D51D68-B8B5-4FB3-A60D-C6DB76E8AB01}\RP264\A0093312.exe is infected by Win32:Blaster-F [Wrm] - Repair: Error 42060, Repair: Error 42060
File C:\System Volume Information\_restore{34D51D68-B8B5-4FB3-A60D-C6DB76E8AB01}\RP264\A0093649.EXE is infected by Win32:Nachi [Wrm] - Repair: Error 42060, Repair: Error 42060
File C:\System Volume Information\_restore{BAB3CFAD-AFDF-422A-B817-C11DC8502958}\RP116\A0038644.scr is infected by Win32:Yaha-K [Wrm] - Repair: Error 42060
File C:\System Volume Information\_restore{BAB3CFAD-AFDF-422A-B817-C11DC8502958}\RP116\A0038669.scr is infected by Win32:Yaha-K [Wrm] - Repair: Error 42060

----------------------------------------

how can i get rid of these viruses??

any help is appreciated

ps does zonealarm 4.5 protect me well enough against internet attacks??

.: Mac :. · « **Reply #1 on:** December 05, 2003, 10:24:19 PM »

do you use XP or ME?

igor · « **Reply #2 on:** December 05, 2003, 11:40:35 PM »

I believe this file are not that important - first they are in the Volume Information folder, second they are worm bodies. I wouldn't be worried about deleting them - just that Windows won't let you untill you disable the system recovery feature (or whatever it's called).

.: Mac :. · « **Reply #3 on:** December 06, 2003, 12:08:39 AM »

igor it is called system restore and am i right that they cant spread in there?

Xander · « **Reply #4 on:** December 06, 2003, 11:08:35 AM »

thanks for the replies!

I am using windows Xp

should i be worried about those worms?

if they cant do any harm i'll just leave them alone

Waldo · « **Reply #5 on:** December 06, 2003, 12:07:16 PM »

Quote from: Xander on December 06, 2003, 11:08:35 AM

should i be worried about those worms?

Yes, and no...the worms can't hurt you anymore (for now), but they could (launch) give detection from your main scanner or some online-scanner over and over again.

It's possibel you get infected again when you NEED to use system restore for something (some reason) like pc don't boot correct, register corrupted etc...

So i would : disable system restore > reboot > enable sytem restore > make new restore point.

It takes 5 minutes to do so.

kind regards

Waldo

Xander · « **Reply #6 on:** December 06, 2003, 01:28:07 PM »

Quote from: Waldo on December 06, 2003, 12:07:16 PM

So i would : disable system restore > reboot > enable sytem restore > make new restore point.

than i'll do that.

thanx for the help everyone

Waldo · « **Reply #7 on:** December 08, 2003, 05:53:09 PM »

Quote from: Xander on December 06, 2003, 01:28:07 PM

Quote from: Waldo on December 06, 2003, 12:07:16 PM

So i would : disable system restore > reboot > enable sytem restore > make new restore point.

than i'll do that.

thanx for the help everyone

Your welcome !

Author Topic: system volume info infected (removal?) (Read 9197 times)

Xander

system volume info infected (removal?)

.: Mac :.

Re:system volume info infected (removal?)

igor

Re:system volume info infected (removal?)

.: Mac :.

Re:system volume info infected (removal?)

Xander

Re:system volume info infected (removal?)

Waldo

Re:system volume info infected (removal?)

Xander

Re:system volume info infected (removal?)

Waldo

Re:system volume info infected (removal?)