[trevorjaydee]

It's ages (2002) since I last signed in and I'm pleased to renew the contact.
I use AVG antivirus control, free version and it informs me that I have a virus entitled 'Trojan Horse Downloader.Perfiler.A'. It apparently resides in C:\Restore\Temp\A0217916.cpy. AVG cannot heal it or move it into temporary suspension and I cannot delete the file, even though I changed the attributes to archive. Can anyone help please?

Thanks, Trevor Durbidge.

 

[dai]

you have to turn off sytem restore to clean it out and then turn it back on again

 

[Miz]

Since it's in a folder called "Restore," I assume it's been included in a restore point made either by your computer (WinME?) or by software like GoBack.

You sure don't want to be using a restore point that has a virus packed inside so you need to delete all the restore points.

If it's WinME, go to Control Panel>System>Performance tab>File System Button>Troubleshooting tab and check the box for "Disable System Restore." Click OK, click Yes. Reboot. Then if you want System Restore running, go back and uncheck that box.

If you're using some other backup software, read its help files on instructions on how to delete old restore points.

 

[trevorjaydee]

Thanks Dai and Miz for your help.
I disabled system restore and then ran AVG again. This time it picked up a virus 'Trojan Horse downloader.Small.4.D' in two areas as follows:
C:\windows\temp\bridge.exe and c:\windows\temporary internet files\contentI.E.5\slavodyJ\Bridge~1.exe. Fortunately AVg dealt with them. How are they getting through my firewall (ZoneAlarm)?
I haven't turned system restore back on yet - will that virus still be there do you think?

Many thanks again, Trev.

 

[dai]

when you turn restore back on and reboot it will create a restore point,all others will be gone.
you get the virus from something you d/l,they are hidden in the d/l
get in the habit of scanning before opening

 

[WhitPhil]

Firewalls do not stop viruses and they can get infect your pc in ways other than via downloads.

What you want to do is start running your AV in the background continuously. You want to detect a virus before the fact, not after it is already inside and "potentially" doing damage to your files.

 

[trevorjaydee]

Thanks dai and WhitPhil, I have AVG running in the background so the only download I have undertaken recently is 'startup faster 2004', a recommended download. Perhaps my family users are picking up something with their music downloads.

Thanks again, Trev.

 

[trevorjaydee]

I can't believe it! After following your respective advice I ran AVG as soon as I started up again and found the following:

C:\WINDOWS\BI.DLL Trojan horse PSW.Bispy.A
C:\WINDOWS\BIPREP.EXE repaired
C:\WINDOWS\TEMP\BI.DLL repaired
C:\WINDOWS\TEMP\BIPREP.EXE repaired
C:\WINDOWS\TEMP\BRIDGE.EXE repaired
C:\WINDOWS\Temporary Internet Files\CONTENT.IE5\OP23S5U7\BRIDGE~1.EXE repaired

Can you advise me how I can get rid of BI.DLL? When I tried to delete it manually I was informed that Windows was using the file. I wondered whether, if I changed the attribute I could perhaps delete it manually, but that involves accessing the file, which AVG strongly advised against.

Hope that you can help

Regards, Trev.

 

[trevorjaydee]

Hello everyone, I have just taken my ignorance in both hands and deleted the infected file from DOS. Everything now seems to be OK! Many thanks to those who have assisted me. Regards, Trev.

 

[xdanx]

thanks for this thread trevor... ive had the same problem with infected files in restore... but now i can deal with them thanks!!!