Results 1 to 3 of 3

Thread: FP Trojan?

  1. #1
    Senior Member alicez's Avatar
    Join Date
    Apr 2008
    Posts
    179

    Default FP Trojan?

    I just ran a scan with new definitions and it came up with one Trojan:

    SBI $64C1D65A Link C:/Documents and Settingsw\Owner\Desktop\System Restore.Ink
    Fraud System Restore Trojan

    I looked it up on Google and there was a post by "Friday" at:

    http://forums.spybot.info/showthread.php?t=64284

    Which mentioned removing these files:


    Please use Windows Explorer or another file manager of your choice to locate and delete these files.

    The file at "<$COMMONAPPDATA>\~<$ENV(SystemRestore2)>".
    The file at "<$COMMONAPPDATA>\<$ENV(SystemRestore2)>".
    The file at "<$DESKTOP>\System Restore.lnk".
    The file at "<$PROGRAMS>\System Restore\System Restore.lnk".
    The file at "<$PROGRAMS>\System Restore\Uninstall System Restore.lnk".

    How can you type any of those five files in Explorer? It keeps saying "these are not files!"

    Such as typing in:

    <$COMMONAPPDATA>\~<$ENV(SystemRestore2)>
    Vista also Win7 (64-Bit) IE 9; MSE; SpywareBlaster; MalwareBytes; SpyBot

  2. #2
    Senior Member alicez's Avatar
    Join Date
    Apr 2008
    Posts
    179

    Default

    Add-on to my previous (original) post:

    I tried to Edit my post was not able to do so.
    I just downloaded latest updates for SpyBot SD and ran a scan on my Vista computer.
    SpyBot found the same 'threat' as it did when I ran the scan on my WinXP desktop (as noted above in my original thread message).

    It was referring to a 'short cut' I had on my desktop screen which was for "System Restore/Create (%systemroot%\system32\rstrui.exe).

    Why did SB pick this up as a Trojan Threat on all my computers? It never did in the past!

    I clicked on "Fix Selected Problems" and all it did was remove the short-cut form my desktop.
    Last edited by tashi; 2011-11-02 at 20:57. Reason: Moved to possible F/P forum
    Vista also Win7 (64-Bit) IE 9; MSE; SpywareBlaster; MalwareBytes; SpyBot

  3. #3
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    On your computers you will not find other parts of the Trojan horse since it is not there. Your desktop link gets detected falsely because of its name.

    Our detection rules will be adjusted with the next update scheduled for Wednesday 2011-11-09.
    Until then you can have Spybot S&D 'Exclude this detection from further searches' by right clicking this item in the scan result.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •