Trojan Horse Found

[Digïtál £vîl]

I need some help taking a trojan horse off of my computer. Over the last couple of days I have been able to find almost every file that it has created or infected and correct most of the problem. But I just cant seem to get rid of it!

 

Now I am getting worried because the Trojan horse is showing up in this one place and no matter how many times i delete it, move it, rename it, or quarintine it, it continues to come back

 

I have the Win32:Qoologic-T [Trj] Tro

 

I cant seem to find much information on exactly what this does, so I have been limiting my online time. I really need help getting rid of it or finding any more information on what it does and how to destroy it.

 

Currently my virus software (Avast!) is finding the trojan horse in

 

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8...

 

I cant even find that freaking directory. Wtf?

 

Since i moved into my dormroom the school provided us with an updated version of McAffe virus protection but the only problem is that it sucks and doesnt even find the trojan horse.

 

Can anyone help me out here? I seriously need to get rid of this thing

[BoMBeRMeN]

try panda onlien scan... you can find it via google... or try AVG Anti Virus...

 

[EmSixTeen]

Turn off System Restore Digi mate, then clean it up using Avast, then check it's cleaned. You can re-enable System Restore afterwards if you wish.

 

By the way, the reason you can't see the folder is because it's a hidden system folder.. You can set it to be viewable in the advanced folder view options.

[Digïtál £vîl]

Turn off System Restore Digi mate, then clean it up using Avast, then check it's cleaned. You can re-enable System Restore afterwards if you wish.

 

By the way, the reason you can't see the folder is because it's a hidden system folder.. You can set it to be viewable in the advanced folder view options.

I have it set up to view hidden system folders, but i still cant find it.

 

I'm gonna turn off system restore. Very smart of you em. See ya in tha mansion.

[Wolf68k]

Ok even if you could see the "System Volume Information" folder it wouldn't matter.

You cannot access that folder while you are using the Windows that is installed on that drive.

 

However if you were to boot from something like a BartPE disc that boots from a LiveCD stripped down version fo Windows XP then you could access the C:\System Volume Information\ folder, however even then it would not be a good idea to mess with anything in there as it could really FUBAR the OS and your restore points.

 

 

If the ONLY place on your system it is finding that your AV is finding the virus is in your System Restore.

You should be able to disable the System Restore and purge the restore points, all of them (better safe than sorry) and then if need be turn System Restore back on (not that I've had any luck using it and therefore don't use it anyway).

 

 

1.2. Purging System Restore in Windows XP

 

Note: this will delete any previously created restore points.

 

Go to Start|Control Panel|Performance and Maintenance. Double-click System, then select the System Restore tab. Click to select the 'Turn off System Restore on all drives' box. Click Apply. Click Yes.

 

Now click to clear the 'Turn off System Restore on all drives' box. Click OK. Restart the computer.

Source: http://www.sophos.com/support/tpti.html#1.2