trojan horse

[Boyho1]

Hi guys

I ran my normal virus scan (AVG) yesterday and it reported that I had a trojan horse.

To remove it I was asked to run the avg scan again and this time it reported that the virus was healed and the system was now clean. However, I keep getting a pop up message as follows:-

Virus
Trojan Horse Backdoor.Punctes.A
c;\SystemVolumeInformation\-restore{70D594FB-CD3C-BE3A-6DCE6785BA18}\RP503\A0091287.EXE

I have tried to locate this address but am told that access is denied. what do I do guys...the rig is operating normally except for the aforementioned message which appears when the m/c has been standing for say 30 minutes?

frank

 

[MrBond]

You can safely ignore that - its just detecting a copy of the trojan horse in a system-restore file. If you don't restore to a date when you had the trojan horse, you'll be fine (otherwise you'll have to remove it again)

 

[mechBgon]

Your question would fit best in the Operating Systems/Software category but here's my suggestion:

• Disable System Restore and get rid of all SR files
• Get the lastest virus definitions for AVG using its Update feature, and arm Heuristics, then click "set as new default" so it uses that setting in the future
• Install free ZoneAlarm Basic firewall software and don't let stuff have permission to access the Internet unless you know what it is, when ZoneAlarm asks if you want to let it out or not
• Go to Windows Update repeatedly until your system is coming up "clean", with all Critical Updates installed
• Download free McAfee Stinger, reboot into Safe Mode and run Stinger, then run a full AVG scan
• If you have a broadband Internet connection, get a Linksys BEFSR41 or a Netgear RP614 or similar cable/DSL router, to form the first line of defense against the bad guys
• If you engage in high-risk behaviors like warez, etc... consider not doing that anymore

Good luck, hope that helps you out. Worst-case scenario, reformat and reinstall, and get your firewall and antivirus defenses up before plugging in your network cable, because a "raw" Windows installation is not a safe thing to expose to the Internet anymore

 

[Boyho1]

thanks guys for your help.

I had most of what you suggested with the exception of the McFee Stinger. I have done now done all the things that you suggested and hopefully all will now be ok.

thx again and I will try to post in the correct forum next time!

frank

 

[imported_Nacelle]

Install free ZoneAlarm Basic firewall software and don't let stuff have permission to access the Internet unless you know what it is, when ZoneAlarm asks if you want to let it out or not

The only problem is, if you are playing a game online that it hasn't encountered, it sometime won't bring up the box for you to let the game connect. So, you're SOL

 

[mechBgon]

Originally posted by: Nacelle

Install free ZoneAlarm Basic firewall software and don't let stuff have permission to access the Internet unless you know what it is, when ZoneAlarm asks if you want to let it out or not

The only problem is, if you are playing a game online that it hasn't encountered, it sometime won't bring up the box for you to let the game connect. So, you're SOL

That is true, although ALT + TAB may get you to ZA's popup box when your game decides not to connect, or you can manually pre-set ZoneAlarm to allow your game. A router would be a more elegant solution, of course, provided there aren't any worm-infected PCs on your side of the router.