This is my first time here after trying to do some research about a certain Trojan Horse stuck in my System Volume Information folder under my C-drive.

I understand a little of what the SVI folder does and know that it is hidden. Well, after some scans, I numerously recieved infected file warnings in that folder. After a while, i unlocked all my hidden folders, even that one, but I am still unable to acces it.

"C:\System Volume Information is not accessible"

"Access is denied."


Usually, when you hover over folders, it tells you how many bytes are in the folder. Well, when I hover over the SVI folder, it says it's empty.

How could I have Trojan Horses in that folder if it says there isn't anything in it?

The Trojan horse that comes up is the Trojan Horse Downloader.Zlob.AWQ, Downloader.Zlob.AOJ, & Downloader.Zlob.ATA

Sorry I could not provide a copy of my Scan Results but I didn't know how to copy it.

If someone has any idea what this means and can help me, I would appreciate this very much. Thank you!

-Airyk

Hello and welcome to the forum, we really should look at a HJT log, that is what we do here, please review this infomation:
Please be advised that most forums Pin the information you need at the top of the page. These two links are a must before you can proceed, but I suggest you review all Pinned (Sticky) information.
http://forums.spybot.info/showthread.php?t=425
http://forums.spybot.info/showthread.php?t=288


System Restore:
http://www.theeldergeek.com/system_volume_information_folder1.htm
http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx

If you Google System Restore, you will get more information than you need, here is the canned I add to any log I clean because of the fact that the System Restore files can get infected:

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

As you will read in the above links, SR is super protected and the only way to clean it is by turning it off, rebooting and turning it back on to set a new, clean restore point. Having said that, I should say that what you call zlob we know as Smitfraud and for it to only be in the SR files would mean you cleaned it off the balance of the computer.

If we can do more, follow the directions in the links I posted.

Thanks...pskelley
Safer Networking Forums

This topic is closed due to lack of a response.

If you need it re-opened please send me a pm and provide a link to the thread.

Applies only to the original topic starter.