Sign in with
Sign up | Sign in
Your question

kapersky av detecting a bunch of viruses, please help

Last response: in Windows XP
Share
December 9, 2006 6:12:30 AM

I recently donloaded the trial version of kapersky av since i heard its the best. It detected a bunch of trojans that AVG and CA antivirus never detected. heres what it found:

deleted: Trojan program Trojan-Downloader.Win32.Agent.bcw File: C:\System Volume Information\_restore{D4271EAE-F5DB-4C47-8751-74F82AE13EA4}\RP2\A0018137.exe//stream//data0009//data0003
deleted: Trojan program Trojan-Downloader.Win32.Agent.bcw File: C:\System Volume Information\_restore{D4271EAE-F5DB-4C47-8751-74F82AE13EA4}\RP2\A0018137.exe//stream//data0056//data0004
deleted: Trojan program Trojan-Downloader.Win32.Agent.bcw File: C:\System Volume Information\_restore{D4271EAE-F5DB-4C47-8751-74F82AE13EA4}\RP36\A0042876.exe//stream//data0006
deleted: Trojan program Trojan-Downloader.Win32.Agent.bcw File: C:\System Volume Information\_restore{D4271EAE-F5DB-4C47-8751-74F82AE13EA4}\RP38\A0044144.exe//stream//data0292
deleted: Trojan program Trojan-Downloader.Win32.Agent.bcw File: C:\System Volume Information\_restore{D4271EAE-F5DB-4C47-8751-74F82AE13EA4}\RP39\A0045338.exe//stream//data0009//data0003
deleted: Trojan program Trojan-Downloader.Win32.Agent.bcw File: C:\System Volume Information\_restore{D4271EAE-F5DB-4C47-8751-74F82AE13EA4}\RP39\A0045338.exe//stream//data0056//data0004
deleted: Trojan program Trojan-Downloader.Win32.Agent.bcw File: C:\System Volume Information\_restore{D4271EAE-F5DB-4C47-8751-74F82AE13EA4}\RP8\A0029001.exe//stream//data0009//data0003
deleted: Trojan program Trojan-Downloader.Win32.Agent.bcw File: C:\System Volume Information\_restore{D4271EAE-F5DB-4C47-8751-74F82AE13EA4}\RP8\A0029001.exe//stream//data0056//data0004

Any ideas wat hese are or where they could have come from?? Is this the system restore directory?? Are these maybe older viruses still stuck in older system restore folders?? Please help, im a pretty careful web surfer and always have AVG active protection running so i dont understand how thse viruese got through??
thanks
December 9, 2006 3:29:57 PM

Go to your System Volume Information folder and delete everything that's in there, then start your computer in save mode and run your antivirus, should, hopefully, be clean after that.
December 9, 2006 3:51:04 PM

When i try to goto that folder is says its not acessable acess denied??
Related resources
December 10, 2006 11:12:43 PM

DO NOT delete anything within the system volume information directory...jesus

it gives access denied for a good reason, only the system account is allowed in there, it's hidden, and it's not meant to be touched

what happens when you try to clean these out? is it successful?
December 11, 2006 12:29:40 PM

:p  it doesn't harm anything to delete them, Windows will replace the ones you need when you reboot. The only thing those files are for is for a System restore. If the files are infected, there's no point in having them anyway.
December 11, 2006 12:57:05 PM

Which reminds me, in order to delete them you must turn off System Restore, again, if those files are infected there's no point in having a infected restore point. When they are gone you can turn system restore again. You won't be able to restore past this day, but again.. no point.
December 14, 2006 10:14:35 PM

First of all:

1. Was your "old" antivirus up to date?
2. These thing it is detecting could be more related to spyware than anything else. Some AV products classify spyware at a virus. (I think it's a great improvement!)

3 Troubleshooting:

3a. Turn off system restore - r click my computer, click restore tab and turn it off.
3b. See if your AV has a "Boot Time" scan option. If it does, make sure it is got current AV defs and then select boot time scan and reboot.
OR
3c. Make sure you don't have any unknown processes OR
Install and update an antispyware program, then re-boot into safe mode.
3d. Run your antispyware program ( I like ad-aware, but you choose your favorite). The antispyware program will scan the computer and what it dosen't catch, the AV program should.


Before anything...make sure your critical data is backed up first.
Then, after you cleaned your computer, check your backup for viruses.
!