Trojan in system volum information

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I get this message from my F-secure antivirus that

Malicious code found in file c:\system volum
information\_restore{_RESTORE{50E2DE13-ED86-404F-8C83-A1378B7CD1EA}\RP493\A0050784.EXE.
Infection: Trojan-Downloader.Win32.IstBar.is
Action: failed.

I am an administrator but still when I try to open system volum
information catalog it says: access is denied

I could not find any information about this virus on the net. Now I can
probably ask F-secure to delete the virus, but I still don't know what
it is and whay I can not get into system volum information catalogue
4 answers Last reply
More about trojan system volum information
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Right click My Computer, Properties, System Restore. Turn it off, turn it back on. Your system restore point cache will be flushed.

    --
    Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
    Win 95/98/Me/XP Tweaks and Fixes
    http://www.dougknox.com
    --------------------------------
    Per user Group Policy Restrictions for XP Home and XP Pro
    http://www.dougknox.com/xp/utils/xp_securityconsole.htm
    --------------------------------
    Please reply only to the newsgroup so all may benefit.
    Unsolicited e-mail is not answered.

    "khers Field" <field@yahoo.com> wrote in message news:d6heq7$4n$1@readme.uio.no...
    >I get this message from my F-secure antivirus that
    >
    > Malicious code found in file c:\system volum
    > information\_restore{_RESTORE{50E2DE13-ED86-404F-8C83-A1378B7CD1EA}\RP493\A0050784.EXE.
    > Infection: Trojan-Downloader.Win32.IstBar.is
    > Action: failed.
    >
    > I am an administrator but still when I try to open system volum
    > information catalog it says: access is denied
    >
    > I could not find any information about this virus on the net. Now I can
    > probably ask F-secure to delete the virus, but I still don't know what
    > it is and whay I can not get into system volum information catalogue
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "khers Field" <field@yahoo.com>

    | I get this message from my F-secure antivirus that
    |
    | Malicious code found in file c:\system volum
    | information\_restore{_RESTORE{50E2DE13-ED86-404F-8C83-A1378B7CD1EA}\RP493\A0050784.EXE.
    | Infection: Trojan-Downloader.Win32.IstBar.is
    | Action: failed.
    |
    | I am an administrator but still when I try to open system volum
    | information catalog it says: access is denied
    |
    | I could not find any information about this virus on the net. Now I can
    | probably ask F-secure to delete the virus, but I still don't know what
    | it is and whay I can not get into system volum information catalogue

    Follow the advice of Doug Knox then perform the following...


    Dump the contents of the IE Temporary Internet Folder cache (TIF)
    Start --> Settings --> Control Panel --> Internet Options --> Delete Files

    Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
    Tools --> Options --> Privacy --> Cache --> Clear


    Download CLEAN.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/clean.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
    { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
    (.lnk) files and a PDF instruction file.

    GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
    Scanner. If you are using Windows XP, you may have to disable the Windows XP FireWall to
    allow the FTP utility to download the needed files

    CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
    to scan again at a future date, run this batch file. It will automatically check the date
    of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
    signature files and install them before performing the scan.

    DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
    you have booted from an Emergency Boot Disk or DOS disk and have already executed;
    c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
    http://www.bootdisk.com/bootdisk.htm

    I need you to perform the following...

    Execute; CLEAN.EXE
    Choose; Unzip
    Choose; Close

    Execute; c:\mcafee\GetFiles.BAT
    { or Double-click on 'GetFiles Link' in c:\mcafee }

    Reboot the PC into Safe Mode [F8 key during boot]

    Shutdown as many applications as possible !
    It would also help for you to read - "How to perform a clean boot in Windows XP"
    http://support.microsoft.com/kb/310353

    Execute; c:\mcafee\CLEAN.BAT
    { or Double-click on 'Clean Link' in c:\mcafee }

    A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
    end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
    It is suggested that you move the report out of c:\mcafee before performing another scan.
    It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
    report for each session.


    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "khers Field" wrote:
    > I get this message from my F-secure antivirus that
    >
    > Malicious code found in file c:system volum
    > information_restore{_RESTORE{50E2DE13-ED86-404F-8C83-A1378B7C
    > D1EA}RP493A0050784.EXE.
    > Infection: Trojan-Downloader.Win32.IstBar.is
    > Action: failed.
    >
    > I am an administrator but still when I try to open system
    > volum
    > information catalog it says: access is denied
    >
    > I could not find any information about this virus on the net.
    > Now I can
    > probably ask F-secure to delete the virus, but I still don't
    > know what
    > it is and whay I can not get into system volum information
    > catalogue

    System Volume Information is inaccessible as a normal user in
    Explorer.

    Is it only being found in System Volume Information?

    If so, disable System Restore, then reboot. Rescan your system to see
    if it has disappeared. Sometimes anti-virus programs can’t get rid of
    them. Try Spyware Doctor if it hasn’t gone after rebooting.

    When it’s gone, re-enable System Restore.

    --
    Posted using the http://www.windowsforumz.com interface, at author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.windowsforumz.com/Security-Admin-Trojan-system-volum-information-ftopict374708.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1217592
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    'How to gain access to the System Volume Information folder'
    (http://support.microsoft.com/default.aspx?scid=kb;en-us;309531)
    Shhhh, super secret stuff!
    Treeman


    --
    Treeman


    ------------------------------------------------------------------------
    Treeman's Profile: http://www.msusenet.com/member.php?userid=1260
    View this thread: http://www.msusenet.com/t-1870443235
Ask a new question

Read More

Trojan Windows XP