nod32 threat

sobranie · Jun 25, 2009, 18:26:22

nod32 has just thrown this up and has not automatically removed same;

G:\System Volume Information\_restore{313B26BB-4A4F-4248-B2A1-AA4D09BB4EA2}\RP763\A0124087.exe »RAR »Toolbar.exe - Win32/Toolbar.AskSBar application

I'd like to remove it of course but damned if I can find it on Drive G.

Any ideas pls folks?

vitriol · Jun 25, 2009, 18:54:32

looks like its situated in the system restore volume. Try disabling system restore then run the cleaning program.

Gary · Jun 25, 2009, 19:15:00

Quote from: sobranie on Jun 25, 2009, 18:26:22
nod32 has just thrown this up and has not automatically removed same;

G:\System Volume Information\_restore{313B26BB-4A4F-4248-B2A1-AA4D09BB4EA2}\RP763\A0124087.exe »RAR »Toolbar.exe - Win32/Toolbar.AskSBar application

I'd like to remove it of course but damned if I can find it on Drive G.

Any ideas pls folks?

Do you have Nero?

Sebby · Jun 25, 2009, 19:24:31

Disable system restore, run a scan, restart and enable it again.

Gary · Jun 25, 2009, 20:01:42

Nero often installs that toolbar, its a pain, I will not use it anymore, its not a nasty but its still something you didnt want, been mentioned on the Nod32 forum before, and on Kaspersky.

Sebby · Jun 25, 2009, 21:19:36

Nero is fast becoming like Norton.

sobranie · Jun 25, 2009, 22:30:12

sys restore disabled. nod32 in depth analysis reveals infection gone I hope. jftr my sys restore packed in a few weeks ago and having scoured the net to re-enable it I decided to do without it so things will have to await a feformat which I intend to do next week (I think).

Q. Is it possible to use win explorer to dump sys restore app and files & do a sfc /scannow and let the winxp disc dump a new copy on the 'puter automatically?

Sebby · Jun 25, 2009, 23:21:37

You can't remove system restore, but try an sfc /scannow (though I've never had any luck with that - a clean install of Windows would be my preferred option!).

Gary · Jun 26, 2009, 00:01:58

Quote from: sobranie on Jun 25, 2009, 22:30:12
sys restore disabled. nod32 in depth analysis reveals infection gone I hope. jftr my sys restore packed in a few weeks ago and having scoured the net to re-enable it I decided to do without it so things will have to await a feformat which I intend to do next week (I think).

Q. Is it possible to use win explorer to dump sys restore app and files & do a sfc /scannow and let the winxp disc dump a new copy on the 'puter automatically?

sfc/ Scannow may help but I would be inclined like Sebby says to reinstall if its a very old install anyway. Have you checked the system restore service? Open Administrative Tools, click Computer Management, and then click Services and Applications. Click Services, and double-click System Restore Services from the list. Verify the service is started and running. If not, under Service status, click Start and change the startup type to Automatic. then reenable it and see if its ok. It could also be the system volume information folder is corrupt see how to fix that here http://support.microsoft.com/kb/841568

sobranie · Jun 26, 2009, 19:06:06

Thanks for all replies. Have kicked solutions around accordingly and found system volume information on 1 external HD only which I have renamed to system volume information2 as per MS help sheet. On drives C and F on main computer I have drawn a complete blank on system volume information file which doesn't seem to exist. Barking up wrong tree perhaps, ......... an idiots guide to finding elusive file would be greatfully appreciated.

Gary · Jun 26, 2009, 19:15:28

Quote from: sobranie on Jun 26, 2009, 19:06:06
Thanks for all replies. Have kicked solutions around accordingly and found system volume information on 1 external HD only which I have renamed to system volume information2 as per MS help sheet. On drives C and F on main computer I have drawn a complete blank on system volume information file which doesn't seem to exist. Barking up wrong tree perhaps, ......... an idiots guide to finding elusive file would be greatfully appreciated.

I'll try on mine, have you re-enabled system restore in your main drive?

Gary · Jun 26, 2009, 19:22:11

Quote from: sobranie on Jun 26, 2009, 19:06:06
Thanks for all replies. Have kicked solutions around accordingly and found system volume information on 1 external HD only which I have renamed to system volume information2 as per MS help sheet. On drives C and F on main computer I have drawn a complete blank on system volume information file which doesn't seem to exist. Barking up wrong tree perhaps, ......... an idiots guide to finding elusive file would be greatfully appreciated.

You need to Clear the Hide protected operating system files (Recommended) check box in folder options as well as View hidden files and folders on your main drive.

sobranie · Jun 26, 2009, 20:13:11

Quote from: Gary on Jun 26, 2009, 19:15:28
I'll try on mine, have you re-enabled system restore in your main drive?

Yep.

Quote from: Gary on Jun 26, 2009, 19:22:11
You need to Clear the Hide protected operating system files (Recommended) check box in folder options as well as View hidden files and folders on your main drive.

Have now found system volume information files on C and F. Both files are blank. Both files are access denied too! Both files refuse to be renamed.
Now reached the stage where I am about to reach for my windows xp disc and reformat .... either that or go back to my beloved BBC 'puter which hasn't seen the light of day in 20+ years!!
Once again, thanks for all your help guys.

Gary · Jun 26, 2009, 20:19:33

Quote from: sobranie on Jun 26, 2009, 20:13:11
Yep.

Have now found system volume information files on C and F. Both files are blank. Both files are access denied too! Both files refuse to be renamed.
Now reached the stage where I am about to reach for my windows xp disc and reformat .... either that or go back to my beloved BBC 'puter which hasn't seen the light of day in 20+ years!!
Once again, thanks for all your help guys.

Are you using a AV that protects operating file systems? you need to have ful admin rights to rename them.

Sebby · Jun 26, 2009, 21:34:54

Quote from: sobranie on Jun 26, 2009, 20:13:11
Yep.

Have now found system volume information files on C and F. Both files are blank. Both files are access denied too! Both files refuse to be renamed.
Now reached the stage where I am about to reach for my windows xp disc and reformat .... either that or go back to my beloved BBC 'puter which hasn't seen the light of day in 20+ years!!
Once again, thanks for all your help guys.

If access is denied, it sounds like system restore is still switched on to me.

Gary · Jun 26, 2009, 22:52:56

Quote from: Sebby on Jun 26, 2009, 21:34:54
If access is denied, it sounds like system restore is still switched on to me.

I agree, disable system restore, and rename the folder it should work then.

Baz · Jun 27, 2009, 07:29:40

Quote from: sobranie on Jun 26, 2009, 20:13:11
.... either that or go back to my beloved BBC 'puter which hasn't seen the light of day in 20+ years!!
Once again, thanks for all your help guys.

you still have a BBC?? so do I. were clearing out junk recently and forgot we had it, monitor,discs,books everything.

Do you want to buy mine

does any one want to buy it

does any one know any where that will be interested in it

Gary · Jun 27, 2009, 07:38:30

Quote from: Baz on Jun 27, 2009, 07:29:40
you still have a BBC?? so do I. were clearing out junk recently and forgot we had it, monitor,discs,books everything.

Do you want to buy mine does any one want to buy it

does any one know any where that will be interested in it

Its probably collectable, you never know

Baz · Jun 27, 2009, 07:50:54

hmmmm you sound interested Gary.

when can you collect it

Gary · Jun 27, 2009, 08:45:21

Quote from: Baz on Jun 27, 2009, 07:50:54
hmmmm you sound interested Gary.

when can you collect it

sobranie · Jun 27, 2009, 12:16:20

Sys restore now working, thanks guys.

Sebby · Jun 27, 2009, 12:18:27

Gary, sounds like a legally-binding agreement to me.