RE: Possible virus in System Volume Information

---

• From: Panda_man <Pandaman@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 31 Jan 2006 09:03:30 -0800

---

Everything is DELETED when you format - EVERYTHING !!!

The scanner can't check this folder because this is the "System Restore"
folder in Windows XP .It is the most protected folder in the whole Opearting
System.
System Restore is used to restore your system after any kind of system crash
or if you have done something wrong.

You got infected two ways:
Either 1 or 2

1) You connect to internet too early without firewall and a hacher gets into
your PC and loads a malware
2) You install infected drivers.You should install drivers (only genuie
drivers) that comes from the manufacter. However ,this again doesn't
guarantees you malware free software so as soon as you have installed the
drivers ,make sure your firewall is ON and then install antivirus software
and immediately check.
You mention trojan - it is likely to install it either from the drivers or
from a "useful" software that you install.
Make sure your back -ups are also malware free.

You may perform these malware removal instructions to clean your computer .
Please ,goto my web-site:
http://pandaman.hit.bg
:-)

If you have any other questions ,do not hesitate to contact the community
again!!!

Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://pandaman.hit.bg


"omi" wrote:

> Hello,
>
> About a month ago i got affected with "EXP/HS05-013" <-- ANTIVIR
> Located in Temporary Internet Files/content.ie5/vklse 64k/search[1].htm
> Website is "crackspider.net"
> Now i have formatted and reinstalled windows about 15 times but i'm still
> leaking mb's, Messenger keeps turning itself on,
> Norton keeps giving "Automatic Rules" for MS Generetic Host Process for
> Win32 Server <-- 5-10 popups very rapidly
> I also got some Norton Warnings for blokking a Trojan Horse called "BLA"
> IP: 81.164.40.115:1042
> IP: 84.195.124.142:1042
> IP: 81.164.40.89:1042
>
> In Norton LOGBOOK / Firewall settings i find:
> Portblokking allows NetBios has changed (15-20 lines in 1 minute)
>
> Because i have formatted the drive and still am affected with something i
> wonder if there's a hidden map on the drive that doesn't get cleaned after
> formatting ??
> I've done another AV-CLS scan with Sopos:
> LOG
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP74\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP75\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP76\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP77\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP78\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP79\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP80\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP81\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP82\snapshot\ComDb.Dat (corrupt)
> Could not check c:\System Volume
> Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP83\snapshot\ComDb.Dat (corrupt)
>
> Is there a chanse that this folder containes a virus and if yes how do i
> clean this folder or make it visible??
>
> thnx in advance
> omi
.

---

• Follow-Ups:
  • RE: Possible virus in System Volume Information
    • From: omi

• References:
  • Possible virus in System Volume Information
    • From: omi

• Prev by Date: MAPI Sessions
• Next by Date: RE: Possible virus in System Volume Information
• Previous by thread: Possible virus in System Volume Information
• Next by thread: RE: Possible virus in System Volume Information
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ie,...again ... > there is NO way I can install a program on that pc. ... > tried safe mode, and I'm still getting the same results. ... Switch to AVG Anti-Virus destination folder using these steps (assuming this ... >> The process of removing certain malware may kill your internet ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: Hijacked ... The process of removing certain malware may kill your internet connection. ... Download their uninstaller, uninstall.exe. ... Now delete the AppInit_DLLs key under the Windows2 folder. ... Be sure that you also download and install hotfix Q816093, ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: ie,...again ... > there is NO way I can install a program on that pc. ... Create a folder on the hard drive of the ... >> The process of removing certain malware may kill your internet ... >> to remove the parasite. ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: adding a partition ... SP4 isn't the problem. ... install, recover your data then do the clean install. ... | save/back up files to it, and then format c:\ and reinstall the OS. ... (microsoft.public.win2000.general) Re: Repair IE 6.0 in XP? ... Also, when in SAFE mode, what services are requuired? ... To do this, first select the c:\windows\inf folder, then hit Search. ... > they're running when you do an install, ... There is substantial possibility of malware. ... (microsoft.public.windows.inetexplorer.ie6.browser)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)