RE: Possible virus in System Volume Information
- From: omi <omi@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 31 Jan 2006 11:53:03 -0800
thnx for the quick response Panda,
> 1) You connect to internet too early without firewall and a hacher gets into
> your PC and loads a malware
i'll explain how i install...
when NOT connected to the internet:
I change BIOS setup by selecting cd-rom as primary boot device
I reboot my pc with winxp cd inserted
I select "start pc from cd"
Now i can format the drive and install winxp
So i install:
1- winxp home
2- MSI mainboard drivers
3- Norton internet security
At this time i have this 3 programs installed WITHOUT updates
Now i must connect to the internet to update the programs,
but after the 1st or 2nd reboot when installing windows updates i get
a popup from windows messenger which tells me my system is infected with
spyware
"Download Repair Registry Pro" it says
I don't do that because i presume this is spyware or malware or whatever
Like you say i prolly connect to the internet to early,
but i have to update the programs :(
Q: Is there a way to download ALL the updates from Windows & Norton in
advance ?
All security patches, virus definitions, Service Pack 2 etc...
This way i can burn all the updates on a cd so i will be able to install all
programs untill final updates without connecting to the internet, this might
solve the problem.
thnx in advance
omi
"Panda_man" wrote:
> Everything is DELETED when you format - EVERYTHING !!!
>
> The scanner can't check this folder because this is the "System Restore"
> folder in Windows XP .It is the most protected folder in the whole Opearting
> System.
> System Restore is used to restore your system after any kind of system crash
> or if you have done something wrong.
>
> You got infected two ways:
> Either 1 or 2
>
> 1) You connect to internet too early without firewall and a hacher gets into
> your PC and loads a malware
> 2) You install infected drivers.You should install drivers (only genuie
> drivers) that comes from the manufacter. However ,this again doesn't
> guarantees you malware free software so as soon as you have installed the
> drivers ,make sure your firewall is ON and then install antivirus software
> and immediately check.
> You mention trojan - it is likely to install it either from the drivers or
> from a "useful" software that you install.
> Make sure your back -ups are also malware free.
>
> You may perform these malware removal instructions to clean your computer .
> Please ,goto my web-site:
> http://pandaman.hit.bg
> :-)
>
> If you have any other questions ,do not hesitate to contact the community
> again!!!
>
> Panda_man
> --
> Prevention is always better than cure !
> Panda TruPrevent - the most intelligent technology to combat unknown malware
> http://www.pandasoftware.com
> http://pandaman.hit.bg
>
>
> "omi" wrote:
>
> > Hello,
> >
> > About a month ago i got affected with "EXP/HS05-013" <-- ANTIVIR
> > Located in Temporary Internet Files/content.ie5/vklse 64k/search[1].htm
> > Website is "crackspider.net"
> > Now i have formatted and reinstalled windows about 15 times but i'm still
> > leaking mb's, Messenger keeps turning itself on,
> > Norton keeps giving "Automatic Rules" for MS Generetic Host Process for
> > Win32 Server <-- 5-10 popups very rapidly
> > I also got some Norton Warnings for blokking a Trojan Horse called "BLA"
> > IP: 81.164.40.115:1042
> > IP: 84.195.124.142:1042
> > IP: 81.164.40.89:1042
> >
> > In Norton LOGBOOK / Firewall settings i find:
> > Portblokking allows NetBios has changed (15-20 lines in 1 minute)
> >
> > Because i have formatted the drive and still am affected with something i
> > wonder if there's a hidden map on the drive that doesn't get cleaned after
> > formatting ??
> > I've done another AV-CLS scan with Sopos:
> > LOG
> > Could not check c:\System Volume
> > Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP74\snapshot\ComDb.Dat (corrupt)
> > Could not check c:\System Volume
> > Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP75\snapshot\ComDb.Dat (corrupt)
> > Could not check c:\System Volume
> > Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP76\snapshot\ComDb.Dat (corrupt)
> > Could not check c:\System Volume
> > Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP77\snapshot\ComDb.Dat (corrupt)
> > Could not check c:\System Volume
> > Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP78\snapshot\ComDb.Dat (corrupt)
> > Could not check c:\System Volume
> > Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP79\snapshot\ComDb.Dat (corrupt)
> > Could not check c:\System Volume
> > Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP80\snapshot\ComDb.Dat (corrupt)
> > Could not check c:\System Volume
> > Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP81\snapshot\ComDb.Dat (corrupt)
> > Could not check c:\System Volume
> > Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP82\snapshot\ComDb.Dat (corrupt)
> > Could not check c:\System Volume
> > Information\_restore{A1730D64-A90E-42AB-8C97-82C0056C9199}\RP83\snapshot\ComDb.Dat (corrupt)
> >
> > Is there a chanse that this folder containes a virus and if yes how do i
> > clean this folder or make it visible??
> >
> > thnx in advance
> > omi
.
- References:
- Possible virus in System Volume Information
- From: omi
- RE: Possible virus in System Volume Information
- From: Panda_man
- Possible virus in System Volume Information
- Prev by Date: Re: Event ID's 1202/1085 and ESENTUTL
- Next by Date: Re: Event ID's 1202/1085 and ESENTUTL
- Previous by thread: RE: Possible virus in System Volume Information
- Next by thread: RE: Possible virus in System Volume Information
- Index(es):
Relevant Pages
|
|
