Hi all,

I have 2 Trojan horse viruses which I think are lodged in System restore.
I have tried turning off System restore and running an anti-virus programme but it doesn't work. Does anyone have any other ideas please?

I'm running Windows XP Home and use AVG home edition for anti-virus ops.

Shutting down the system restore should delete the restore points.

What makes you think they are still there in the old files?

Also has AVG id'd them? If so what are their names ?

Rob

You're on the right lines - running a full virus clean after disabling system restore should do the trick. I'd suggest therefore that you disabled system restore again, REBOOT, do a full virus scan, REBOOT, then do another full virus scan. If the second scan doesn't remove it, there's something else at fault. Perhaps either a secondary quarantine system or defective scanning engine.

Either way, I'd do the above the re-post your results here and we can advise.

HTH!

Care as the re-boot will enable the system restore again ;)

Rob

Hi Matrixx,

The file names came up as:
Trojan horse IRC/Backdoor.SdBot.GBF
C:\Documents and Settings\John\Local Settings\Temp\ab62f1.exe

and

Trojan horse IRC/Backdoor.SdBot.GBF
C:\Documents and Settings\Karen\Local Settings\Temporary Internet Files\Content IE....k2[1].txt

Nice one John,

Have you tried the following..

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html

Rob

Thanks Rob, I'll give it a try - and thanks to Stephen as well :D

If all else fails

Format C:\

Good luck !

Graham (http://www.smallbizsoftware.co.uk)

If all else fails

Format C:\

Good luck !

Graham (http://www.smallbizsoftware.co.uk)

There are a few more options before this action is needed as it will wipe all your C drive which is probably where all your operating system and all your files (including the virus) is stored John.

Rob

Heres another link if that fails..

http://www.mcse.ms/archive118-2005-8-1714951.html

Rob

but of course before you format c:\ you will have secured a clean version of your os and data on a daily backup won't you!

Surely no business forgets to backup data and applications these days in case they are hit by a worm or trojan?

Backups (http://www.smallbizsoftware.co.uk/backup.htm)

Well I've now tried almost everything and still can't get rid of the virus. Virus removal tools, scanning in safe mode, scanning with system restore disabled, so just one thing left.......hurl the PC through the window!

Got a mate who does PC repair and maintenance coming to have a look at it.

Thanks for all the helpful ideas though - at least I learnt a bit more about other systems in computers, so not a total loss.

Thanks,