Hi Jeff,
The infected files in question, are they all on the G: (USB) drive? Does
avast! find anything on the other drives? If the infected files are not in
folders protected by Windows (System Volume Information or other), I have no
idea why avast! doesn't take the appropriate action. I assume the G: drive
was connected and turned on when you went through the process of turning
System Restore off and back on. If it wasn't, try that process again with it
connected, turned on and showing as "Turned off" on the System Restore tab
of System Properties prior to the restart.
A note of interest if you have installation files for old programs. They may
contain what is recognized now as Trojan horses by many, if not all, present
day anti-virus programs. Also, there are Web sites when you can get an
online scan, a 'second opinion' of sort. Here are several you can try:
Trend Micro - Free online virus Scan:
http://housecall.trendmicro.com/
Panda ActiveScan - Free online scanner:
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Symantec Security Check:
http://urlsnip.com/925922
PC Pitstop AntiVirus Center:
http://www.pcpitstop.com/antivirus/default.asp
If none of the above helps please post specifics on some of the files; exact
name, location, etc. Another thought is if, as you said, the G: drive is
only used to transfer files from one computer to another, and the infected
files are confined to the G: drive, a simple solution would be to format the
drive.
Sven Swanson, Sr.
----- Original Message -----
From: "Jeffrey Forman" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Saturday, January 22, 2005 4:14 PM
Subject: Re: [PCSOFT] Anti-Virus confusion
Sven,
Thanks for your suggestion. Unfortunately, it didn't work. Since you
wrote back this is what I did:
1) Deleted Antivir and installed Avast. Avast showed a few hundred infected
files(trojan-gen).
2) Avast would not delete, move or do anything other than ignor these files.
What do I do next?
Jeff
Date: Mon, 17 Jan 2005 12:41:45 -0600
From: Sven <[log in to unmask]>
Subject: Re: Anti-Virus confusion
Hi Jeff,
The file in question does exist on the G: drive. The "System Volume
Information" folder is a hidden Windows System folder and protected by
Windows. Either you have, or had, this infection when Windows established a
routine "System Checkpoint" in System Restore. Since Windows won't allow the
anti-virus, or anything else, into those files, you need to eliminate them
manually by turning off System Restore in this manner:
Go to Start \ Settings \ Control Panel and open "System". Click on the
"System Restore" tab. I suggest you turn off System Restore on all drives by
checking that option. Be aware that this will eliminate all System Restore
points that are presently established, but it will clear any infections that
may exist in any drive restore files. You can also turn it off for
individual drives by selecting that drive and pressing the "Settings..."
button. Once you've made your selections and clicked "OK" on the way out,
close everything and restart the computer.
After the restart, run the anti-virus scans again and you should be clean.
If you encounter a problem running the scans, restart in Safe Mode and run
the scans again. After you get clean scans, return to System Properties and
turn System Restore back on. Since you only use the external drive for
transferring data, I suggest you turn System Restore off for it.
Apparently Norton doesn't have Worm/Spybot31232 in it's definition files and
I couldn't find anything on it. Is that the correct name? You may find
something at the Antivir Web site or in their forums.
Sven Swanson, Sr.
----- Original Message -----
From: "Jeffrey Forman" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Saturday, January 15, 2005 9:59 PM
Subject: [PCSOFT] Anti-Virus confusion
"Hold No Punches.." Rode brings you great shareware/freeware
programs with his honest opinions in this weekly column.
http://freepctech.com/rode
|