-
FP Trojan?
I just ran a scan with new definitions and it came up with one Trojan:
SBI $64C1D65A Link C:/Documents and Settingsw\Owner\Desktop\System Restore.Ink
Fraud System Restore Trojan
I looked it up on Google and there was a post by "Friday" at:
http://forums.spybot.info/showthread.php?t=64284
Which mentioned removing these files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$COMMONAPPDATA>\~<$ENV(SystemRestore2)>".
The file at "<$COMMONAPPDATA>\<$ENV(SystemRestore2)>".
The file at "<$DESKTOP>\System Restore.lnk".
The file at "<$PROGRAMS>\System Restore\System Restore.lnk".
The file at "<$PROGRAMS>\System Restore\Uninstall System Restore.lnk".
How can you type any of those five files in Explorer? It keeps saying "these are not files!"
Such as typing in:
<$COMMONAPPDATA>\~<$ENV(SystemRestore2)>
-
Add-on to my previous (original) post:
I tried to Edit my post was not able to do so.
I just downloaded latest updates for SpyBot SD and ran a scan on my Vista computer.
SpyBot found the same 'threat' as it did when I ran the scan on my WinXP desktop (as noted above in my original thread message).
It was referring to a 'short cut' I had on my desktop screen which was for "System Restore/Create (%systemroot%\system32\rstrui.exe).
Why did SB pick this up as a Trojan Threat on all my computers? It never did in the past!
I clicked on "Fix Selected Problems" and all it did was remove the short-cut form my desktop.
-
On your computers you will not find other parts of the Trojan horse since it is not there. Your desktop link gets detected falsely because of its name.
Our detection rules will be adjusted with the next update scheduled for Wednesday 2011-11-09.
Until then you can have Spybot S&D 'Exclude this detection from further searches' by right clicking this item in the scan result.