Results 1 to 6 of 6

Thread: [Solved] Fix for trojan in your System Restore files..

  1. #1
    gardenperson Guest

    Default [Solved] Fix for trojan in your System Restore files..

    I am on windows XP home SP3

    I have been having a nightmare trying to get rid of this virus/spy/adware whatever it is and i am having no luck.

    The name of it is 'not-a-virus:AdWare.Win32.Zwangi.ae.'
    Zonealarm keeps finding it and i have deleted and deleted on reboot but it still does not go away.
    I run spyware and adware every day, update them everyday too. I have scanned with MBAM and run Ccleaner, even D/L'd superantispyware after reading a thread in here today and ran that. I keep all my security programs up to date.
    I have not run zonealarm anti virus in safe mode yet because i am not that sure on the exact process. I ran MBAM in safe mode today but it found nothing (deep scan).
    I can find no answers online (that i actually understand) to solve this problem. Some of the answers i found seem to involve a lot of 'sending reports' to forums but i was hoping that this would not be that much of a complicated issue.
    When i look at my log viewer after deleting i see that this issue says that some files are still infected. In the column that says 'type' it says 'on access.....' and the rest of the line is not viewable due to the size of the box containing that information.


    not-a-virus:AdWare.Win32.Zwangi.ae was found in C:\System Volume Information\_restore{52095AB4-547A-456A-A73F-E9E029D9B17D}\RP187\A0036348.dll on 04/11/2009 15:44:34

    not-a-virus:AdWare.Win32.Zwangi.ae was found in C:\System Volume Information\_restore{52095AB4-547A-456A-A73F-E9E029D9B17D}\RP187\A0036349.exe on 04/11/2009 16:41:54

    not-a-virus:AdWare.Win32.Zwangi.ae was found in C:\System Volume Information\_restore{52095AB4-547A-456A-A73F-E9E029D9B17D}\RP187\A0036350.exe on 04/11/2009 17:31:10
    These are coming up every 40 minutes or so and when i quarantine them they are still coming back.

    I am just hoping i don't have to do a restore!
    Last edited by GeorgeV; November 6th, 2009 at 12:23 PM. Reason: Correct Topic Title..

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,470

    Default Re: Anyone have any ideas about this?

    Quote Originally Posted by gardenperson View Post
    I am on windows XP home SP3

    I have been having a nightmare trying to get rid of this virus/spy/adware whatever it is and i am having no luck.

    The name of it is 'not-a-virus:AdWare.Win32.Zwangi.ae.'
    Zonealarm keeps finding it and i have deleted and deleted on reboot but it still does not go away.
    I run spyware and adware every day, update them everyday too. I have scanned with MBAM and run Ccleaner, even D/L'd superantispyware after reading a thread in here today and ran that. I keep all my security programs up to date.
    I have not run zonealarm anti virus in safe mode yet because i am not that sure on the exact process. I ran MBAM in safe mode today but it found nothing (deep scan).

    * Snip *

    I am just hoping i don't have to do a restore!

    Try this Forum Link from the Helpful Hints and Links section..

    http://www.zaforums-stg.com/showthread.php?t=71586

    or this Forum Link on how to Clean your Computer..

    http://www.zaforums-stg.com/showpost...07&postcount=2

    Please Post back with your Progress Report..
    --------------------------------------------------------
    Last edited by GeorgeV; November 5th, 2009 at 01:23 PM. Reason: Typo
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    gardenperson Guest

    Default Re: Anyone have any ideas about this?

    Thanks for the response.
    After i posted this i managed to find the solution (and it was, as is usually the case ) quite simple. I found the solution by typing the result of the search into google rather than the name of the virus/adware/spyware whatever.
    This is what i found.

    System Volume Information is where your system restore points are saved...in case you ever have to use system restore.

    One of the restore points has become infected.

    That trojan is in your System Restore files which are basically locked by Windows so your Avast (or whatever antivirus you are running) cannot touch it, to remove the infected file.

    The solution is easy. You simply need to delete all your old system restore points. To do so:
    go to control panel > system > system restore > check mark "Turn off system restore on all drives" > apply > answer "yes" > OK > reboot. Then turn System Restore back on again.

    Once the old restore points have been purged, the trojan will be gone too!

    Thanks again George. I hope this becomes useful to someone else who is not too PC savvy (like me).

  4. #4
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,470

    Default Re: Anyone have any ideas about this?

    Quote Originally Posted by gardenperson View Post
    Thanks for the response.
    After i posted this i managed to find the solution (and it was, as is usually the case ) quite simple. I found the solution by typing the result of the search into google rather than the name of the virus/adware/spyware whatever.
    This is what i found.

    System Volume Information is where your system restore points are saved...in case you ever have to use system restore.

    * Snip *

    Once the old restore points have been purged, the trojan will be gone too!

    Thanks again George. I hope this becomes useful to someone else who is not too PC savvy (like me).

    Your Welcome..

    Thank you for your Feedback..
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    gardenperson Guest

    Default Re: Anyone have any ideas about this?

    BTW. Is there any way the title of this thread can be changed so people who might search a similar problem can find it?
    I should have titled it to be more relevant to the actual topic and only thought of that in hindsight. I was getting wound up by the problem at the time and was just looking for a solution to MY problem and not thinking about other people who might come across the same sort of problem in the future.

  6. #6
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,470

    Default Re: [Solved] Fix for trojan in your System Restore files..

    Yes.. Title has been changed..
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •