Results 1 to 3 of 3

Thread: Spyware in the System Volume Information\-restore area?

  1. #1
    melody Guest

    Default Spyware in the System Volume Information\-restore area?

    Hi,
    I posted a similar question days ago and was given much helpful
    advice, but what
    I would now like to know
    is how do I go about removing manually 4 Spyware objects in the {System Volume Information\restore......} area of my PC, but should
    you have some ideas
    I will give more details below.
    Microsoft Defender Beta 2 has not been successful in removing the following < High >
    to <
    Severe >
    Spyware objects that it's alerts revealed on scanning but instead
    produced the following

    <Failed>
    error code
    0x80004005
    indicating it encountered errors while taking action,
    so it cannot <delete> or <quarantine>
    the 4 Spyware objects found
    which are :





























































    NewDotNet
    (High Alert)
    (Failed 0x80004005)





























































    WebHancer
    (High Alert)
    (Failed 0x80004005)





























































    Marketscore.Internet Accelerator
    (Severe Alert)

    (Failed 0x80004005)





























































    Marketscore.Relevant Knowledge
    (High Alert)




    (Failed 0x80004005)
    M/s Defender Beta 2 on repeated scanning produces the same error message, unable to delete or quarantine.
    Also on using the WebHancer removal tool
    < Bit Defender > indicated and seems to have
    cleared
    the 4
    Spyware objects and a
    lot more, but when I re-scan using the M/S
    Defender
    Beta 2,
    I still get these
    4
    (High to Severe)

    Spyware objects
    showing and still unable to clear it.

    I
    used Ewido as well which cleared a **bleep** of a lot of other spyware/ad-ons.
    So, the question is how do I extract manually the above listed 4
    (High/Severe)
    Spyware objects from the
    <System Volume Information\- restore ...... (followed by a long list of characters and numerals) area of my PC?



    Where do I start!






    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:6.0

  2. #2
    Join Date
    Apr 2004
    Location
    East Coast of Florida - Lightening/Shark Bite Capital of the World
    Posts
    2,477

    Default Re: Spyware in the System Volume Information\-restore area?

    Hi melody,






    "PERHAPS" I can help you, as I am a user of Zone Alarm Pro.
    How about turning your System Restore off, reboot your computer, then turn System Restore back on.
    Then scan your computer to see if the problem is gone.
    If not, PLEASE go to the following site and have them completely check your computer for the bugs.
    These people are "HIGHLY TRAINED"
    and "VERY EXCELLENT".
    If they find any type of bugs, they will help you remove them from your computer.






    http://chiawaikian.proboards78.com/index.cgi?board=log







    Hope this info has helped you.






    Thank you for your time and have a nice evening!

































    SlyFox:8}
    "Politeness costs nothing and gains everything".

    Click here for ZA Support

    Avail. 24x7 - Excl. Holiday













  3. Default Re: Spyware in the System Volume Information\-restore area?

    hi melody Maybe this will work for manual removal, these sound like CWS . They can be removed with Ad-Aware SE (free) from lavasoft.com and CWShredder from intermute or trendmicro.com (free and look for the antispy free tools). Manual removal is as follows: open regedit ( start then run then type regedit then okay it) HKey_Current_User (open it) and open Software, then Microsoft then Windows, then Current Version, then Internet Settings then Zone Maps (and also Ranges(but they will be viewed as just Internet addresses ) and look at the file if any under Domains and or Ranges. Delete any item that sounds like newdotcom, webhancer,newmarketscore (with.com on the end). Follow the same trail for HKey_ Local_Machine, HKey_Users_Default, S-1-15-18, S-1-15-19, S-1-15-20 and S-1-15-21... Okay there are complete lists of CWS on the net to help users to clean these out (which ones are bad and which ones are good?). If this was the right solution it maybe advisable to "lock" the Host File, thus preventing future invasions in this area. Check the ZA boxes for Locking Host File. If not, it can be done manually (just remember where and to unlock when the time needbe) Open Windows Directory (Folder in C: ), then open system 32, then open drivers, then open "etc" then right click "host' and left click "Properties". Tick the Read-Only box ,click Apply and then click okay They are now locked and remember to unlock when you find difficulty in surfing sites or downloading. Take care Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •