Free Malware Removal Forum

[lithiumus]

I went through my Archive folders and simply deleted everything (why take a chance)... I emptied the deleted folders, compacted it and verified that the archive folder size is now 0.

I'm performing another Kaspersky scan now. Below are the entries from the Symantec Risk log. I can't access the "System Volume Information" directories...

Code: Select all

Risk	Action	Filename	Original Location	Logged By	Date
Trojan Horse	Quarantined	GetPopupInfo.exe.e68908.tmp	C:\For Burn\Adobe Illustrator CS3\Program Data\4000002800003i\	Auto-Protect scan	2009-12-09 0:48
Trojan Horse	Quarantined	GetPopupInfo.exe.e68908.tmp	C:\For Burn\Adobe Illustrator CS3\Program Data\4000002800003i\	Auto-Protect scan	2009-12-09 0:47
Trojan Horse	Quarantined	GetPopupInfo.exe.e68908.tmp	C:\For Burn\Adobe Illustrator CS3\Program Data\4000002800003i\	Auto-Protect scan	2009-12-09 0:47
Trojan Horse	Quarantined	GetPopupInfo.exe.e68908.tmp	C:\For Burn\Adobe Illustrator CS3\Program Data\4000002800003i\	Auto-Protect scan	2009-12-09 0:47
Trojan Horse	Quarantined	GetPopupInfo.exe.e68908.tmp	C:\For Burn\Adobe Illustrator CS3\Program Data\4000002800003i\	Auto-Protect scan	2009-12-09 0:47
Trojan Horse	Quarantined	GetPopupInfo.exe.5b4dcc.tmp	C:\For Burn\Adobe Illustrator CS3\Program Data\4000002800003i\	Auto-Protect scan	2009-12-09 0:45
Trojan Horse	Quarantined	A0021314.exe	C:\System Volume Information\_restore{FF4B3B50-83E3-4A5F-B273-B341A337A52E}\RP250\	Auto-Protect scan	2009-12-08 1:12
Trojan Horse	Quarantined	surcodedvd.exe	C:\Program Files\Minnetonka Audio Software\SurCode DVD DTS\	Auto-Protect scan	2009-12-07 20:37
Trojan Horse	Partial	surcodedvd.exe	c:\program files\minnetonka audio software\surcode dvd dts\	Defwatch Scan	2009-12-07 9:30
Trojan Horse	Quarantined	A0019756.exe	C:\System Volume Information\_restore{FF4B3B50-83E3-4A5F-B273-B341A337A52E}\RP229\	Scheduled scan	2009-11-18 1:08
Trojan Horse	Quarantined	A0018122.exe	C:\System Volume Information\_restore{FF4B3B50-83E3-4A5F-B273-B341A337A52E}\RP212\	Scheduled scan	2009-11-04 10:42
Trojan Horse	Quarantined	A0016443.exe	C:\System Volume Information\_restore{FF4B3B50-83E3-4A5F-B273-B341A337A52E}\RP204\	Scheduled scan	2009-10-28 1:10
Trojan Horse	Quarantined	TeamViewer_Setup.exe	C:\Documents and Settings\glau\My Documents\Personal\Software\	Scheduled scan	2009-10-28 1:04
Trojan Horse	Quarantined	TeamViewer_Setup.exe	C:\Documents and Settings\glau\Desktop\Software\Installed\	Scheduled scan	2009-10-28 1:02
Trojan Horse	Quarantined	A0016178.exe	C:\System Volume Information\_restore{FF4B3B50-83E3-4A5F-B273-B341A337A52E}\RP199\	Auto-Protect scan	2009-10-23 0:43

[deltalima]

Hi lithiumus,

The "System Volume Information" directories are special hidden system folders where the files and other data required to perform System Restore and cannot be accessed via Windows Explorer.

I will give you some instructions (once we have decided that your system is clean) to clear out this folder to ensure nothing remains in there.

ESET online scannner

• Please go Here then click on:
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

[Carolyn]

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.