TROJ_BRIDGE.A "help can't remove it at all"

[Chief-ADFP]

\C9\F3\B1Virus Scanner

\B1    Run from scheduler 4/1/2004 6:01:15 PM
\B1    Drives scanned:

\B1    Results:
\B1    Virus Alert.  \B0Virus TROJ_BRIDGE.A detected on drive C:\\System Volume Information\\_restore{7074792E-5905-4A49-A851-A3251030D25D}\\RP6\\A0001791.exe
Reboot with rescue disk and run Virus Scanner.

i need to remove this Trojan horse from my system the folder its in is totally lockup can't get into it so I can delete the fool thing at all. Its inside this folder "System Volume Information" and some how it close it off to all. I need a fix or a boot disk to remove it totally from my system.


Emergency Rescue Disks has a tool to remove this fool thing but it’s for Windows 95/98

* Chief-ADFP and not for Windows Xp Family at all. my is Windows Xp Pro (OEM) NTFS/FAT32 SP1

If you have a asker please e-mail it to me thanks: chiefadf@softhome.net

P.s did a search found no listing for TROJ_BRIDGE.A in the forum so started up a new thread on it. i can't even move it to the chest at all. folder its in is lockout to all.

[whocares]

TROJ_BRIDGE.A detected on drive C:\\System Volume Information\\_restore

This is a TrendMicro (HouseCall) detection, right ?
Why don't you look there first ?

there you'll also find info on how to disable Restore, thus removing the trojan from the _RESTORE-folder:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BRIDGE.A

Also secure IE (disable scripting and ActiveX except for secure sites) and
run Spybot and Ad-Aware

More Details: Board-search
 

[techie101]

Chief,

Whocares is right on the money here.  You are being locked out by the System Restore Utility of Windows.
In order for you to "get at" the virus, the System Restore feature must be disabled.  You can then navigate directly to the folder where the virus is located and delete it.

Spybot is an excellent tool but there updates have been wanning a bit recently, however Adaware updates often.  It is quite stable and is very reliable.

Haven't been able to find much on the Troj_Bridge.A virus.  Trend Micro makes some reference to it in their Pattern files, but nothing much else.  Sometimes TM does not identify it by the common nomenclature.

good luck,
techie

[Lisandro]

Spybot is an excellent tool but there updates have been wanning a bit recently, however Adaware updates often.  It is quite stable and is very reliable.

Yes, Spybot updates were not so good. But there is a version 3.0 that I did not try yet. There is a forum in the Off-topic board about it (uninstalling of the previous version and other questions are discussed).

Ad-aware is very stable but, there is a 'but': if you have another windows installation at another partition, it will freeze while scanning system files of the 'second' boot installation... Spybot never freezed for me. Ad-aware I cannot configurate to not freeze at that partition.

[Chief-ADFP]

TROJ_BRIDGE.A detected on drive C:\\System Volume Information\\_restore

This is a TrendMicro (HouseCall) detection, right ?
Why don't you look there first ?

there you'll also find info on how to disable Restore, thus removing the trojan from the _RESTORE-folder:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BRIDGE.A

Also secure IE (disable scripting and ActiveX except for secure sites) and
run Spybot and Ad-Aware

More Details: Board-search
 

i disable the system restore still can not get into the folder at all ref;System Volume Information? and no it was not the online housecall scan at all fix-it 5 found it, you see i have both of them working together Fix-it 5 (comes with the antivirus program TM) and all so using avast! Antivirus 4 home virsion so thats why i came here to ask for help. i know in the pass if one don't catch it the other will. but i disable the system restore and did a scan with TM nothen found at all no more virsion, only some reason Exployer (IE6) like to connect to the internet don't know why it doing it.

[techie101]

Chief,

You say that you have 2 AVs running together.

I hate to tell you this, but Avast will not run with another AV resident.

Shut down Fixit5, rerun the Avast scan and then use the Delete/Repair/Move function.

If you disabled System Restore, there should not be any reason why you cannot delete the file UNLESS the file properties are set to READ ONLY.  This sometimes prevents tampering and yes....deletion by AVs.

Let me know.

Techie

[Chief-ADFP]

  TM is making a boot disk for me to work in Windows Xp to remove this Virus,

all the option in avast! Antivirus has always work in the pass and still does to this day i even found 2 other virus with avast! Antivirus and it did move them to the chest later last nite i deleted them both. only i am stuck with that trojan horse in my system.

A bet of update:
I Disable TM inside Fix-it 5 and try it your way, Nope no good avast! Antivirus did not see it at all, and that folder is still lock read only (try to reset it no good).

Good note after try that, re-enable it use TM/AVS to do a deep scan and as it did so avast! Antivirus kick-in and found a new Trojan horse in my system, it did this as each item was being check by TM/Avs (TM/Avs did not see it) but your's did (you all Rock) avast! Antivirus look it over and seen it New Virus "Win32:Briss [Trj] File name: C:\windows\system32\A.EXE its been move to the chest its seem they do work hand in hand, i do beleave if TM did not do a Deepscan? avast! Antivirus would not have catch it. anyway thanks for a great AVS program guy's (TM/AVS do a deepscan it look into everything in files and take it out to look it over).
Avs programs i am using:

Sorry it dose work with other AVS Programs heck i really happy when it dose it really good job at it. i feel i am really 2x bliss haviong something that works so good.

1.) Nero 6 Ultra Edition www.nero.com/us/index.html
it scan for Virus before it burns Cd's all files going to the Cd only.

2.) Spy sweeper By www.webroot.com (Handles Trojan horse not super good mostly spyware as in Ads).

3.) Fix-it 5 with TM/AVS www.v-com.com (build into it).

so avast! Antivirus may not work with Norton or any AVS programs that use Scrip blocking option this can make errors. thats mainly reason i don't use norton it to can make error's when closing programs down got tire of that.

On a good note that TROJ_BRIDGE.A was not found on the 2x around, maybe disable the system restore it got remove? i really feel better if i really know it 100% will TM/Avs Tech said they have a Bootdisk For windows Xp for me satday to remove it. i'll run it and then maybe if i don't see it i'll go out and get a pizza and beer and be happy.

[whocares]

i disable the system restore still can not get into the folder at all ref;System Volume Information?

Of course you can't, but the files inside RESTORE should be gone then!! Did you reboot after disabling RESTORE ?

Less beer and a bit more punctuation/spelling would be helpful for us to be helpful to you

I don't really understand your Problem/setup, but you mustn't run 2 On-Access-Scanners = AV-Shields/Guards/Monitors simultaneously.
You can have as many On-Demand = Normal scanners installed as you like, but for performance reasons it's advisable to disable the shiled when you scan with another AV

Also do all windowsupdates and secure your IE (disable activeX & scripting except for known secure sites)

 

[Chief-ADFP]

  thanks for that info and yes i like to be cover more ways then one.

[techie101]

Chief,

I know that you feel running Fixit and Avast together works, but it is a very bad practice to have more than one AV running resident in memory.
The results can be deceptive and erroneous.
Avast does a great job.

techie

[Bagmaster50]

Ther is a way to get into the system volume information folder and delete singly restore points.
1st, open folder options, view, hidden files and folders, check show all files and folders.
2nd, turn off simple file sharing, click apply and then close the folder options.
3rd, browse to the C:/system volume information folder, right click on it, select properties. You'll now see a Security tab, click on it.
4th, On the security page under Group or users names click on "add", on the Select Users or Groups page that opens type in your user name in the enter window then click on check Names button to verify the name with. Now click on the ok button.
5th, now you can give yourself full control in the Permissions window, click apply and you're done.
Now you can turn back on simple file sharing and still be able to open the system volume information folder.

[Chief-ADFP]

Ther is a way to get into the system volume information folder and delete singly restore points.
1st, open folder options, view, hidden files and folders, check show all files and folders.
2nd, turn off simple file sharing, click apply and then close the folder options.
3rd, browse to the C:/system volume information folder, right click on it, select properties. You'll now see a Security tab, click on it.
4th, On the security page under Group or users names click on "add", on the Select Users or Groups page that opens type in your user name in the enter window then click on check Names button to verify the name with. Now click on the ok button.
5th, now you can give yourself full control in the Permissions window, click apply and you're done.
Now you can turn back on simple file sharing and still be able to open the system volume information folder.

thanks really a big help.

[Bagmaster50]

You're welcome Chief. I like to find little goodies like that for XP Pro. I've had XP Pro for over 2 years now and still find all kinds of tips and tricks. This was 1 of the best I found as it allows the system admin to take ownership of any file on the system. don't tell Billy Boy Gates I showed you this 1, hehe.

[Chief-ADFP]

i found some time all go Avast will not Cd disk as in CDRW in the Cd tray i copy all the files and move them to a folder then scan them every fri-day come by.

virus can get onto Cds in the Cd writer. so if one found in that folder i made up and the Cd-files move to it. will i reformat the CDRW blank and whats in that folder that is clean go back to it.

to bad Avast can't scan Cd-writers it would be nice maybe they get there one day. CDRW act like a HHD only when they get full i made it into a Data Cd then.