Overclock.net › Forums › Software, Programming and Coding › Networking & Security › What do I do?? [Trojan in C:\System Volume Information]
New Posts  All Forums:Forum Nav:

What do I do?? [Trojan in C:\System Volume Information]

post #1 of 11
Thread Starter 
Helpful OCN members,

So...I just got a warning from AVG that I have a trojan...here is some information below...

Object name: A0016944.exe
Object path: C:\\System Volume Information\\_restore{BUNCH OF RANDOM STUFF}
Discovery: Trojan horse Generic9.ADDD

I searched on google really quick and found out that it was a file that infected system restore.

Well, I have a couple questions:
1) What is the best way to get rid of it?

2) Is my computer (and any info/passwords that are on it) at risk?? I have a decent ammount of important information on my hard drive(s) right now...should I be backing up my data and reformatting both drives?

3) Where the heck could I have gotten this from? I am quite careful on the net...and AVG is always up to date and running...just don't get it.

(PS...first trojan I have gotten...so it's kind of aggravating)

Thanks,
Elyaas

EDIT: woot...1000th post is about my deficiencies!
    
CPUMotherboardGraphicsRAM
E6600 @ 3.0 Ghz ASUS P5N32-E SLI eVGA 8800GTS (600/999) Gskill 2gb HZ 
Hard DriveOptical DriveOSMonitor
150g Raptor+160g storage Some random DVD+RW Windows 7 RC Samsung 226BW 
KeyboardPowerCaseMouse
Saitek Eclipse Seasonic 600W SLI TT Armor Logitech MX518 <3 
Mouse Pad
A composition notebook! 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
E6600 @ 3.0 Ghz ASUS P5N32-E SLI eVGA 8800GTS (600/999) Gskill 2gb HZ 
Hard DriveOptical DriveOSMonitor
150g Raptor+160g storage Some random DVD+RW Windows 7 RC Samsung 226BW 
KeyboardPowerCaseMouse
Saitek Eclipse Seasonic 600W SLI TT Armor Logitech MX518 <3 
Mouse Pad
A composition notebook! 
  hide details  
Reply
post #2 of 11
Turn of system restore reboot and scan see if it gets it and then you can turn system restore back on scan in safemode if you can that way stuff viri/trojans cant usualy load.
SABERWOLF
(18 items)
 
XEON-WOLF
(18 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6800K MSI X99A GAMING PRO CARBON EVGA GTX 1080 FTW Hydro Copper G.SKILL TridentZ Series 
Hard DriveCoolingCoolingCooling
Samsung EVO 850 500 EK-SBAY Dual DDC 3.2 PWM Serial Alphacool NexXxoS ST30 Full Copper Radiator 360 Hardware Labs Black Ice SR2 Multiport Black Car... 
CoolingCoolingOSMonitor
EK-CoolStream RAD XTC 420 koolance 380i Windows 10 Pro ASUS VW246H Black 24" 2ms 
PowerCaseMouseAudio
SeaSonic M12D SS-850 850W  Thermaltake core x71 CM Storm Sentinel Advance II Corsair Void 
CPUMotherboardGraphicsRAM
X5675@4400 1.344 ASUS P6X58D-E XfX RX480 RS F3-12800CL7T-6GBPI 6-7-6-21 1T 
RAMHard DriveHard DriveHard Drive
F3-12800CL9S-4GBRL WDC WD1001FALS-00J7B1 ST31000340AS WDC WD7500AAKS-00RBA0 
Hard DriveOptical DriveCoolingOS
Hitachi HDS723020BLA642 ihas 624-A SilverStone Heligon HE01 windows 10 64 Pro 
MonitorPowerCase
Vizio 42inch lcd tv CORSAIR CMPSU-950TX Modded Rocketfish 
  hide details  
Reply
SABERWOLF
(18 items)
 
XEON-WOLF
(18 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6800K MSI X99A GAMING PRO CARBON EVGA GTX 1080 FTW Hydro Copper G.SKILL TridentZ Series 
Hard DriveCoolingCoolingCooling
Samsung EVO 850 500 EK-SBAY Dual DDC 3.2 PWM Serial Alphacool NexXxoS ST30 Full Copper Radiator 360 Hardware Labs Black Ice SR2 Multiport Black Car... 
CoolingCoolingOSMonitor
EK-CoolStream RAD XTC 420 koolance 380i Windows 10 Pro ASUS VW246H Black 24" 2ms 
PowerCaseMouseAudio
SeaSonic M12D SS-850 850W  Thermaltake core x71 CM Storm Sentinel Advance II Corsair Void 
CPUMotherboardGraphicsRAM
X5675@4400 1.344 ASUS P6X58D-E XfX RX480 RS F3-12800CL7T-6GBPI 6-7-6-21 1T 
RAMHard DriveHard DriveHard Drive
F3-12800CL9S-4GBRL WDC WD1001FALS-00J7B1 ST31000340AS WDC WD7500AAKS-00RBA0 
Hard DriveOptical DriveCoolingOS
Hitachi HDS723020BLA642 ihas 624-A SilverStone Heligon HE01 windows 10 64 Pro 
MonitorPowerCase
Vizio 42inch lcd tv CORSAIR CMPSU-950TX Modded Rocketfish 
  hide details  
Reply
post #3 of 11
I'm not sure if this will work but think about trying a HiJackThis manual delete thing.
Kopisaurus
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k @ 5ghz 1.395v Gigabyte P67A-UD3P-B3 ATI HD6950 2GB (flashed --> 6970) 16GB Gskill Sniper 1600mhz 
Hard DriveOptical DriveOSMonitor
500gb WD Black / 2x 1TB WD Black RAID1 LG DVD/RW Super Multi Windows 7 Enterprise x64 ASUS ML239H 23" LED  
KeyboardPowerCaseMouse
Logitech G15 (modded) Corsair TV750W V2 Lian-Li Lancool PC-K62B Logitech G5 
  hide details  
Reply
Kopisaurus
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k @ 5ghz 1.395v Gigabyte P67A-UD3P-B3 ATI HD6950 2GB (flashed --> 6970) 16GB Gskill Sniper 1600mhz 
Hard DriveOptical DriveOSMonitor
500gb WD Black / 2x 1TB WD Black RAID1 LG DVD/RW Super Multi Windows 7 Enterprise x64 ASUS ML239H 23" LED  
KeyboardPowerCaseMouse
Logitech G15 (modded) Corsair TV750W V2 Lian-Li Lancool PC-K62B Logitech G5 
  hide details  
Reply
post #4 of 11
Thread Starter 
Quote:
Originally Posted by Bal3Wolf View Post
Turn of system restore reboot and scan see if it gets it and then you can turn system restore back on scan in safemode if you can that way stuff viri/trojans cant usualy load.
Yeah, I think this is what a couple of the websites I looked at said. What button do you hold for safe mode again?

And Kopi, what is Hijackthis? Lol
    
CPUMotherboardGraphicsRAM
E6600 @ 3.0 Ghz ASUS P5N32-E SLI eVGA 8800GTS (600/999) Gskill 2gb HZ 
Hard DriveOptical DriveOSMonitor
150g Raptor+160g storage Some random DVD+RW Windows 7 RC Samsung 226BW 
KeyboardPowerCaseMouse
Saitek Eclipse Seasonic 600W SLI TT Armor Logitech MX518 <3 
Mouse Pad
A composition notebook! 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
E6600 @ 3.0 Ghz ASUS P5N32-E SLI eVGA 8800GTS (600/999) Gskill 2gb HZ 
Hard DriveOptical DriveOSMonitor
150g Raptor+160g storage Some random DVD+RW Windows 7 RC Samsung 226BW 
KeyboardPowerCaseMouse
Saitek Eclipse Seasonic 600W SLI TT Armor Logitech MX518 <3 
Mouse Pad
A composition notebook! 
  hide details  
Reply
post #5 of 11
Or just clear all the System Restore data with Disk Cleanup....
Edit System
(15 items)
 
  
CPUMotherboardGraphicsRAM
830x4 ASUS blah blah blah PRO/USB3 FiveEightFiveZer0 2x4 AMD entertainment edition memory lolwut 
Hard DriveHard DriveOptical DriveCooling
Seagate Barracuda >:] WD Scorpio >:] idk lol 212 
OSMonitorKeyboardPower
xx64en_client_en-us_Retail_Ultimate-_EN_DVD LED 23'' 1080P 5MS no dead pixels :D Goodwill 500w PCP+C 80+<3 
CaseMouseMouse Pad
Antec 300 Was a G500 :*( Steel Series 
  hide details  
Reply
Edit System
(15 items)
 
  
CPUMotherboardGraphicsRAM
830x4 ASUS blah blah blah PRO/USB3 FiveEightFiveZer0 2x4 AMD entertainment edition memory lolwut 
Hard DriveHard DriveOptical DriveCooling
Seagate Barracuda >:] WD Scorpio >:] idk lol 212 
OSMonitorKeyboardPower
xx64en_client_en-us_Retail_Ultimate-_EN_DVD LED 23'' 1080P 5MS no dead pixels :D Goodwill 500w PCP+C 80+<3 
CaseMouseMouse Pad
Antec 300 Was a G500 :*( Steel Series 
  hide details  
Reply
post #6 of 11
Thread Starter 
Quote:
Originally Posted by redsunx View Post
Or just clear all the System Restore data with Disk Cleanup....
What if the most recent restore point has the trojan, though?
    
CPUMotherboardGraphicsRAM
E6600 @ 3.0 Ghz ASUS P5N32-E SLI eVGA 8800GTS (600/999) Gskill 2gb HZ 
Hard DriveOptical DriveOSMonitor
150g Raptor+160g storage Some random DVD+RW Windows 7 RC Samsung 226BW 
KeyboardPowerCaseMouse
Saitek Eclipse Seasonic 600W SLI TT Armor Logitech MX518 <3 
Mouse Pad
A composition notebook! 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
E6600 @ 3.0 Ghz ASUS P5N32-E SLI eVGA 8800GTS (600/999) Gskill 2gb HZ 
Hard DriveOptical DriveOSMonitor
150g Raptor+160g storage Some random DVD+RW Windows 7 RC Samsung 226BW 
KeyboardPowerCaseMouse
Saitek Eclipse Seasonic 600W SLI TT Armor Logitech MX518 <3 
Mouse Pad
A composition notebook! 
  hide details  
Reply
post #7 of 11
F8 is to get into safe mode
Quad Love
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 EVGA XFX 5850 6Gb - Corsair 
Hard DriveOSMonitorKeyboard
150gb raptor 1TB WD Black Win 7 Pro 64-bit Samsung T260HD Saitek Eclipse II 
PowerCaseMouse
OCZ ProXStream 1000w Lian Li V COOL PC-V1000 Logitech G5 
  hide details  
Reply
Quad Love
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 EVGA XFX 5850 6Gb - Corsair 
Hard DriveOSMonitorKeyboard
150gb raptor 1TB WD Black Win 7 Pro 64-bit Samsung T260HD Saitek Eclipse II 
PowerCaseMouse
OCZ ProXStream 1000w Lian Li V COOL PC-V1000 Logitech G5 
  hide details  
Reply
post #8 of 11
F8 for safe mode.

Edit: dammit, beaten to the point.
SUGO Reborn
(8 items)
 
   
CPUMotherboardGraphicsRAM
Intel i7-2620M @ 2.7 GHz Sony laptop AMD Radeon HD 6630m + Intel HD Graphics (hybrid) 6 GB DDR3 
Hard DriveOptical DriveOSMonitor
Crucial M4 SSD 16x DVD+/-RW SuperDrive Windows 7 Professional x64 13.3" (1366x768) 
KeyboardPowerCaseMouse
Chiclet keyboard Sony laptop charger Black plastic Trackpad 
  hide details  
Reply
SUGO Reborn
(8 items)
 
   
CPUMotherboardGraphicsRAM
Intel i7-2620M @ 2.7 GHz Sony laptop AMD Radeon HD 6630m + Intel HD Graphics (hybrid) 6 GB DDR3 
Hard DriveOptical DriveOSMonitor
Crucial M4 SSD 16x DVD+/-RW SuperDrive Windows 7 Professional x64 13.3" (1366x768) 
KeyboardPowerCaseMouse
Chiclet keyboard Sony laptop charger Black plastic Trackpad 
  hide details  
Reply
post #9 of 11
Quote:
Originally Posted by Elyaas View Post
What if the most recent restore point has the trojan, though?
Start>Run>cleanmgr.exe
When you come to the 'Disk Clean up for so and so disk' click more options.
See where it says System Restore, hit clean up, click yes. You're set.
I had this problem way back when and this solved it for me.

EDIT:OH, It doesn't do the most recent one, hm well if that doesn't work do what others have said.
Or Or, create a new restore point. Then do the steps I said so above.
Edit System
(15 items)
 
  
CPUMotherboardGraphicsRAM
830x4 ASUS blah blah blah PRO/USB3 FiveEightFiveZer0 2x4 AMD entertainment edition memory lolwut 
Hard DriveHard DriveOptical DriveCooling
Seagate Barracuda >:] WD Scorpio >:] idk lol 212 
OSMonitorKeyboardPower
xx64en_client_en-us_Retail_Ultimate-_EN_DVD LED 23'' 1080P 5MS no dead pixels :D Goodwill 500w PCP+C 80+<3 
CaseMouseMouse Pad
Antec 300 Was a G500 :*( Steel Series 
  hide details  
Reply
Edit System
(15 items)
 
  
CPUMotherboardGraphicsRAM
830x4 ASUS blah blah blah PRO/USB3 FiveEightFiveZer0 2x4 AMD entertainment edition memory lolwut 
Hard DriveHard DriveOptical DriveCooling
Seagate Barracuda >:] WD Scorpio >:] idk lol 212 
OSMonitorKeyboardPower
xx64en_client_en-us_Retail_Ultimate-_EN_DVD LED 23'' 1080P 5MS no dead pixels :D Goodwill 500w PCP+C 80+<3 
CaseMouseMouse Pad
Antec 300 Was a G500 :*( Steel Series 
  hide details  
Reply
post #10 of 11
Thread Starter 
Rep to all that helped. It's gone now...I think. I deleted the file from the AVG vault then rescanned. I then turned off system restore, restarted and scanned again. Then I turned system restore back on, started up in safe mode and ran AVG again (which took for-freaking-ever, BTW).

Not a single time did I find the trojan again. What I am VERY concerned about is how it got there and if I am going to have to worry about it coming back--and how do I know it hasn't been there for five months??? AHHHHH

I think I was on gmail and www.m-w.com (Merriam Webster Dictionary) when the trojan warning popped up from AVG. Why did it pop up in the first place? Did the trojan appear at that moment, or was it just detected at that point? (I wasn't running the scan at the time, so does AVG periodically check in certain vital folders?

I wish to leach some wisdom!!!
    
CPUMotherboardGraphicsRAM
E6600 @ 3.0 Ghz ASUS P5N32-E SLI eVGA 8800GTS (600/999) Gskill 2gb HZ 
Hard DriveOptical DriveOSMonitor
150g Raptor+160g storage Some random DVD+RW Windows 7 RC Samsung 226BW 
KeyboardPowerCaseMouse
Saitek Eclipse Seasonic 600W SLI TT Armor Logitech MX518 <3 
Mouse Pad
A composition notebook! 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
E6600 @ 3.0 Ghz ASUS P5N32-E SLI eVGA 8800GTS (600/999) Gskill 2gb HZ 
Hard DriveOptical DriveOSMonitor
150g Raptor+160g storage Some random DVD+RW Windows 7 RC Samsung 226BW 
KeyboardPowerCaseMouse
Saitek Eclipse Seasonic 600W SLI TT Armor Logitech MX518 <3 
Mouse Pad
A composition notebook! 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › What do I do?? [Trojan in C:\System Volume Information]