Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

funbangladesh

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby ommi » December 28th, 2005, 11:12 am

HI,
I scanned my Pc with Kaspersky on line and look what was found:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, December 28, 2005 16:01:01
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 28/12/2005
Kaspersky Anti-Virus database records: 167975
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 31435
Number of viruses found: 4
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 4799 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{B22D9EFC-8B1D-4299-88D0-76C4229F0FFA}\RP42\A0010200.exe/a Infected: Net-Worm.Win32.Randon.aa
C:\System Volume Information\_restore{B22D9EFC-8B1D-4299-88D0-76C4229F0FFA}\RP42\A0010200.exe/b Infected: Net-Worm.Win32.Randon.aa
C:\System Volume Information\_restore{B22D9EFC-8B1D-4299-88D0-76C4229F0FFA}\RP42\A0010200.exe/dlcl.edp Infected: Backdoor.IRC.Zapchast
C:\System Volume Information\_restore{B22D9EFC-8B1D-4299-88D0-76C4229F0FFA}\RP42\A0010200.exe/hosts Infected: Trojan.Win32.Qhost
C:\System Volume Information\_restore{B22D9EFC-8B1D-4299-88D0-76C4229F0FFA}\RP42\A0010200.exe Infected: Trojan.Win32.Qhost
C:\WINDOWS\system32\client.exe Infected: Backdoor.Win32.VB.ann

Scan process completed.

Shall I delete those files??? It seems that this is going to go on for ever. Don't you think??
ommi
Regular Member
 
Posts: 36
Joined: November 23rd, 2005, 9:25 am
Advertisement
Register to Remove

Unread postby VopThis » December 28th, 2005, 12:02 pm

C:\System Volume Information\_restore{B22D9EFC-8B1D-4299-88D0-76C4229F0FFA}\RP42\A0010200.exe/a Infected: Net-Worm.Win32.Randon.aa
C:\System Volume Information\_restore{B22D9EFC-8B1D-4299-88D0-76C4229F0FFA}\RP42\A0010200.exe/b Infected: Net-Worm.Win32.Randon.aa
C:\System Volume Information\_restore{B22D9EFC-8B1D-4299-88D0-76C4229F0FFA}\RP42\A0010200.exe/dlcl.edp Infected: Backdoor.IRC.Zapchast
C:\System Volume Information\_restore{B22D9EFC-8B1D-4299-88D0-76C4229F0FFA}\RP42\A0010200.exe/hosts Infected: Trojan.Win32.Qhost
C:\System Volume Information\_restore{B22D9EFC-8B1D-4299-88D0-76C4229F0FFA}\RP42\A0010200.exe Infected: Trojan.Win32.Qhost

In a previous post (Preventative measures) dated Dec 01/2005 9:56AM one of the issues was a follows:
c:\System Volume Information\_restore….

ONCE your are as clean as possible - As a final cleanup step, it is often advisable to Reset and Re-enable your System Restore to remove any bad files that may have been backed up by Windows . The files in System Restore are protected to prevent any programs changing them. And, this is the only complete way to clean these files: (You will lose all previous restore points which could likely be infected, anyway.)

PLEASE NOTE: you will need to log into your computer with an account that has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
To Turn OFF System Restore.
  1. Click the Start button.
  2. Right-click My Computer, and then click Properties.
  3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
  4. Click Apply.

To Turn ON System Restore.
  1. Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.
  2. Create new System Restore points.




Delete the following file, in SAFE MODE if necessary:
C:\WINDOWS\system32\client.exe
User avatar
VopThis
Regular Member
 
Posts: 203
Joined: August 1st, 2005, 1:43 am
Location: Halifax, Nova Scotia, Canada

Unread postby ommi » December 28th, 2005, 3:42 pm

Thanks for the speedy answer; by return of post.
ommi
Regular Member
 
Posts: 36
Joined: November 23rd, 2005, 9:25 am

Unread postby NonSuch » January 1st, 2006, 5:29 am

Glad we could be of assistance.

As this issue appears to be resolved, this topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27235
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware