RE: Possible virus in System Volume Information
- From: Panda_man <Pandaman@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 31 Jan 2006 09:12:26 -0800
And one more thing...
As you use Windows XP ,use XP's firewall .
It is called Internet Connection Firewall (ICF) in Service Pack 1
or
Windows Firewall (WF) in Service Pack 2.
SP 1 (ICF)
Goto Control Panel -> Network connection and right click on the connection
you use -> Advanced -> check that you want a firewall protection -> OK
SP 2 (WF)
Goto Control Panel -> Windows Firewall -> Make sure it is ON.Also make sure
you turn ON : "Don't allow exceptions"
Turn OFF permanently Norton's Worm protection.
Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://pandaman.hit.bg
"omi" wrote:
> Hello,
>
> About a month ago i got affected with "EXP/HS05-013" <-- ANTIVIR
> Located in Temporary Internet Files/content.ie5/vklse 64k/search[1].htm
> Website is "crackspider.net"
> Now i have formatted and reinstalled windows about 15 times but i'm still
> leaking mb's, Messenger keeps turning itself on,
> Norton keeps giving "Automatic Rules" for MS Generetic Host Process for
> Win32 Server <-- 5-10 popups very rapidly
> I also got some Norton Warnings for blokking a Trojan Horse called "BLA"
> IP: 81.164.40.115:1042
> IP: 84.195.124.142:1042
> IP: 81.164.40.89:1042
>
> In Norton LOGBOOK / Firewall settings i find:
> Portblokking allows NetBios has changed (15-20 lines in 1 minute)
>
> Because i have formatted the drive and still am affected with something i
> wonder if there's a hidden map on the drive that doesn't get cleaned after
> formatting ??
> I've done another AV-CLS scan with Sopos:
> LOG
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP74\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP75\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP76\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP77\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP78\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP79\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP80\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP81\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP82\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP83\snapshot\ComDb.Dat (corrupt)
>
> Is there a chanse that this folder containes a virus and if yes how do i
> clean this folder or make it visible??
>
> thnx in advance
> omi
.
- Follow-Ups:
- References:
- Prev by Date: RE: Possible virus in System Volume Information
- Next by Date: Event ID's 1202/1085 and ESENTUTL
- Previous by thread: RE: Possible virus in System Volume Information
- Next by thread: RE: Possible virus in System Volume Information
- Index(es):
Relevant Pages
|
|
