Kapersky Finds The Following

Kapersky Finds The Following
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Kapersky Finds The Following Marcus 03-30-2006
Posted by Marcus on March 30, 2006, 12:31 am
If you were  Registered and logged in, you could reply and use other advanced thread options
How do I remove these? Can I delete them?

Thanks,

Marc



C:\Documents and Settings\HP_Administrator\Local
Settings\Temp\GLF1FGLF1F.EXE/WISE0007.BIN Infected:
Trojan-Downloader.Win32.TSUpdate.p

C:\Documents and Settings\HP_Administrator\Local
Settings\Temp\GLF1FGLF1F.EXE Infected: Trojan-Downloader.Win32.TSUpdate.p

C:\System Volume
Information\_restore\RP4\A0002113.exe/WISE0010.BIN
Infected: Trojan-Downloader.Win32.TSUpdate.k

C:\System Volume
Information\_restore\RP4\A0002113.exe/WISE0011.BIN
Infected: Trojan-Downloader.Win32.TSUpdate.p

C:\System Volume
Information\_restore\RP4\A0002113.exe/WISE0012.BIN
Infected: Trojan-Downloader.Win32.TSUpdate.l

C:\System Volume
Information\_restore\RP4\A0002113.exe
Infected: Trojan-Downloader.Win32.TSUpdate.l

Scan process completed.



Posted by =?Utf-8?B?UGFuZGFfbWFu?= on March 30, 2006, 5:56 am
If you were  Registered and logged in, you could reply and use other advanced thread options
My reply is at the bottom of your message :


"Marcus" wrote:

> How do I remove these? Can I delete them?
>
> Thanks,
>
> Marc
>
>
> C:\Documents and Settings\HP_Administrator\Local
> Settings\Temp\GLF1FGLF1F.EXE/WISE0007.BIN Infected:
> Trojan-Downloader.Win32.TSUpdate.p
>
> C:\Documents and Settings\HP_Administrator\Local
> Settings\Temp\GLF1FGLF1F.EXE Infected: Trojan-Downloader.Win32.TSUpdate.p
>
> C:\System Volume
>
Information\_restore\RP4\A0002113.exe/WISE0010.BIN
> Infected: Trojan-Downloader.Win32.TSUpdate.k
>
> C:\System Volume
>
Information\_restore\RP4\A0002113.exe/WISE0011.BIN
> Infected: Trojan-Downloader.Win32.TSUpdate.p
>
> C:\System Volume
>
Information\_restore\RP4\A0002113.exe/WISE0012.BIN
> Infected: Trojan-Downloader.Win32.TSUpdate.l
>
> C:\System Volume
> Information\_restore\RP4\A0002113.exe
> Infected: Trojan-Downloader.Win32.TSUpdate.l
>
> Scan process completed.
>
>
>


Yes , these files
> C:\Documents and Settings\HP_Administrator\Local
> Settings\Temp\GLF1FGLF1F.EXE/WISE0007.BIN Infected:
> Trojan-Downloader.Win32.TSUpdate.p
>
> C:\Documents and Settings\HP_Administrator\Local
> Settings\Temp\GLF1FGLF1F.EXE Infected: Trojan-Downloader.Win32.TSUpdate.p
must be deleted.

System Restore is function of XP that allows users to recover their system
to a state exactly it was before.It is really helpful but it also stores
malware tracks.You only have to disable System Restore and this will empty
its folder
Right click on My Computer->Properties->System Restore
Check Turn off system restore.Click OK


Now , perform full scan with your antivirus or with Kaspersky again and at
the end turn ON System Restore back again

Again Right click on My computer->Properties->System Restore
Uncheck Turn off system restore ,so you'll have your Restore function ON.

If you encourage problems you can also perform the fast malware removal
instructions in my web-site
http://pandaman.my.contact.bg


Panda_man
--
Prevention is always better than cure !
--
http://pandaman.my.contact.bg
http://www.activescan.com
Please , rate posts

Posted by Marcus on March 30, 2006, 2:04 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Thanks..........Should I assume for the future that it is best to do these
scans with SR disabled?

Marc


> My reply is at the bottom of your message :
>
>
> "Marcus" wrote:
>
>> How do I remove these? Can I delete them?
>>
>> Thanks,
>>
>> Marc
>>
>>
>> C:\Documents and Settings\HP_Administrator\Local
>> Settings\Temp\GLF1FGLF1F.EXE/WISE0007.BIN Infected:
>> Trojan-Downloader.Win32.TSUpdate.p
>>
>> C:\Documents and Settings\HP_Administrator\Local
>> Settings\Temp\GLF1FGLF1F.EXE Infected:
>> Trojan-Downloader.Win32.TSUpdate.p
>>
>> C:\System Volume
>>
Information\_restore\RP4\A0002113.exe/WISE0010.BIN
>> Infected: Trojan-Downloader.Win32.TSUpdate.k
>>
>> C:\System Volume
>>
Information\_restore\RP4\A0002113.exe/WISE0011.BIN
>> Infected: Trojan-Downloader.Win32.TSUpdate.p
>>
>> C:\System Volume
>>
Information\_restore\RP4\A0002113.exe/WISE0012.BIN
>> Infected: Trojan-Downloader.Win32.TSUpdate.l
>>
>> C:\System Volume
>> Information\_restore\RP4\A0002113.exe
>> Infected: Trojan-Downloader.Win32.TSUpdate.l
>>
>> Scan process completed.
>>
>>
>>
>
>
> Yes , these files
>> C:\Documents and Settings\HP_Administrator\Local
>> Settings\Temp\GLF1FGLF1F.EXE/WISE0007.BIN Infected:
>> Trojan-Downloader.Win32.TSUpdate.p
>>
>> C:\Documents and Settings\HP_Administrator\Local
>> Settings\Temp\GLF1FGLF1F.EXE Infected:
>> Trojan-Downloader.Win32.TSUpdate.p
> must be deleted.
>
> System Restore is function of XP that allows users to recover their system
> to a state exactly it was before.It is really helpful but it also stores
> malware tracks.You only have to disable System Restore and this will empty
> its folder
> Right click on My Computer->Properties->System Restore
> Check Turn off system restore.Click OK
>
>
> Now , perform full scan with your antivirus or with Kaspersky again and at
> the end turn ON System Restore back again
>
> Again Right click on My computer->Properties->System Restore
> Uncheck Turn off system restore ,so you'll have your Restore function ON.
>
> If you encourage problems you can also perform the fast malware removal
> instructions in my web-site
> http://pandaman.my.contact.bg
>
>
> Panda_man
> --
> Prevention is always better than cure !
> --
> http://pandaman.my.contact.bg
> http://www.activescan.com
> Please , rate posts



Posted by Malke on March 30, 2006, 2:18 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Marcus wrote:

> Thanks..........Should I assume for the future that it is best to do
> these scans with SR disabled?

No, do not scan with System Restore disabled. After your computer is
completely clean, you can make a new, clean Restore Point and delete
the previous ones from Disk Cleanup.

When you scan, you should do the preparatory work listed here and then
move onto the rest of the removal steps:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Posted by Jupiter Jones [MVP] on March 30, 2006, 2:33 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Marc;
Definitely not.
Turning off System Restore also permanently deletes all Restore Points.
Only turn it off if Restore Points are infected or there is another good
reason to do so.
As long as the Restore Points are clean leave System Restore on.

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org


> Thanks..........Should I assume for the future that it is best to do these
> scans with SR disabled?
>
> Marc



Similar ThreadsPosted
NAV 2007 Finds 7 Cookies December 30, 2006, 12:38 am
Re: NOD32 and KAPERSKY ANTIVIRUS PERSONAL December 29, 2005, 8:01 pm
NOD32 and KAPERSKY ANTIVIRUS PERSONAL December 29, 2005, 8:05 pm
Avira finds 3 hidden objects... June 16, 2008, 10:54 pm
The Cleaner finds RAS trojans, I can't find them on harddrive November 19, 2007, 2:52 am

The site map in XML format XML site map

Contact Us | Privacy Policy