DescentBB

AVG keeps picking up a soo-called trojan.

everytime i try to open the location in RUN it says Access Denied


C:\System Volume Information\_restore{30D3ED36-4949-44A0-A92C-5AD1E23E156F}RP49\A0024113.exe

Thats a system restore point.

edit: Btw, you have to grant yourself access to that directory. Right-click on it and hit properties. Click the Security tab and go from there.

If its a trojan, why are you trying to open it?

MD-2389 wrote:Thats a system restore point.

edit: Btw, you have to grant yourself access to that directory. Right-click on it and hit properties. Click the Security tab and go from there.

thanx, i know its a system restore point.

EDIT: i went to properties, i dont see a "Security" tab.

Vindicator wrote:If its a trojan, why are you trying to open it?

im not trying to open it, im trying to get AVG to delete it

Youre running XP Pro, yes? Right click it and hit explore.

Simple solution. Right click on My Computer goto properties and click the system restore tab. Check "Turn off System Restore on all drives". It might take a few minutes but if you only have one HDD then it shouldn't be too long.

Reboot.

When windows starts up again turn system restore back on.

Then create a fresh restore point. Go to Start/Programs/Accessories/System Tools/System Restore.

Check "Create New Restore Point" and hit next and put in whatever you want the restore point to be called. Say ok or whatever and once its finished click done.

Just to double check scan using your AV program.

Trojan should go bye bye. This basically reformats system restore. Turning it off and rebooting deletes the system restore folder and the trojan inside. Turning system restore back on and creating a new restore point then re-creates the folder sans the trojan.

This is the easiest way to take care of the problem.

If this didn't work then there is another way to take care of it a little bit more in-depth assuming you're using XP Pro which is what I had to do because I didn't find out about the easy way until later.

thats the thing that annoys me about SR... it doesn't really talk to virus scanners.

Tyranny has the solution, I used this method on several occasions and it works great.

It's funny, every now and then I use RegCleaner to clean out stuff from the registry that isn't being used and AVG kept telling me that it found a Trojan somehwere and that I need to run AVG and do a scan to fix the problem.

So I do a system scan and nothing. I go about my business with RegCleaner again and all of a sudden AVG tells me the same thing. Finally I pay attention to where the location is and thats when I ran into the trouble of not being able to gain access to the folder.

I did the long way. Disabling simple file sharing to bring up the security tab and then adding myself to the list with full access (which I should already have being an admin anyways, Windows...go figure). Still wouldn't give me access, so finally I had to do a full transfer of ownership of the folder using the advanced options and finally Windows let me get into it. Scanned it with AVG, it found not 1, but 2 different trojans. Had to lock up one but the other was repaired easily.

If I had known about the system restore method which I found out much later because my sister had the same problem on an XP Home machine, I would have used that instead.

Trojan horse Dropper.Swicer.A

thats the name of the SOB.

i will do that with my system restore. had to do the same thing with my NAV 04 running and it couldnt fix a similar problem.

Moving onto getting the Security tab in properties....i still dont see this specific tab.

Ace, answer a simple question. Are you using XP Home or XP Pro?

Pro

DUDE...... WTF

I have never seen anyone on this board have more problems than you AceVirus©!

well almost...thewolf has you beat...and makes you look like a genius

but then again...

bubba.....FFS!! for once can you just STFU and be constructive

AceCombat wrote:bubba.....FFS!! for once can you just STFU and be constructive

No...

So if NAV is up to date, why wouldn't it catch the trojan and repair or qurantine it?

Ok Ace. Now another simple question....did the System Restore method work?

No? Ok...here is what you do. *takes deep breath*

Open Windows Explorer. Go to Tools/Folder/Options and click on the 'View' tab. Scroll to the very bottom and Uncheck "Use Simple File Sharing". Since you can apparently already see the System Volume folder then you obviously already unchecked 'Hide Protected Operating System Files' so you don't need to do that. If you haven't though you might want to uncheck that and click YES to the dialog that pops-up as a precaution.

NOW...right click on the System Volume folder and go to Properties. By unchecking 'Use Simple File Sharing' there should be a 'Security' tab available. Click it and you should see a 'Group or User names' displayed. By default it probably will have 'SYSTEM' which is allowed full access, go figure.

You'll want to click 'add' below that and a new dialog will popup to select the new user group. There should be a button that says 'Advanced' on this new dialog, click it. It extends an extra portion to the dialog that is basically a search. Click the 'Find Now' button and it will start to display all the user groups available. Find the one that applies to your specific user that has Administrator privileges, highlight it and click 'OK' and then click 'OK' again.

This should have added you to the list and now below is the options to allow permissions. Check Full Control on the allow column and that should grant you permission to view the folder.

Now try the folder and see if you have access. If you do, run Norton on it with updated Virus definitions and that should take care of it.

If you don't, then you might have selected the wrong User setup and will have to remove the one you setup and go through and do the process over again. If at any time you changed your user name after the initial WinXP install there is a possibility that Ownership permissions might need to be granted on the folder to gain access, which is yet another thing along with what I've mentioned above that I had to do.

Hope this helps. The System Restore method should have fixed it though.

I had a good one yesterday where I found 4 Trojans in a folder in my Temp directory, lol. Just deleted the folder and the virii went with it. Not sure how they got there, everything I download or get through e-mail gets scanned before it's even allowed on my PC. oh well, they were hardly anything to worry about.

woodchip wrote:So if NAV is up to date, why wouldn't it catch the trojan and repair or qurantine it?

you know, you might want to read my NSW 2004 Pro thread



TY Tyranny, that did it.......file has been "incinerated" a feature that i use for when i need to destroy a file and prevent it from ever being recovered