PDA

View Full Version : Is this a Virus?



stephan08611
22-05-2009, 02:38 PM
I've been having all sorts of issues with my comp and ran Panda, Spy-Bot, Super Anti-virus and all came up clean. I recently got rid of my Panda and got Avast. It said it found a virus A0036911.cpy in my Restore folder but access was denied. Restore was disabled at the time. I can't find any info on this file. Anyone know what it is and if it is a virus how can I deal with it? Thanx all.

inphinity
22-05-2009, 02:40 PM
If system restore is disabled, there should be nothing in the system restore folder. What sort of issues are you having?

Speedy Gonzales
22-05-2009, 02:44 PM
Easiest way to fix it, disable system restore. Then open my computer, go to tools/folder options/view. Tick show hidden files and folders. Untick hide protected operating system files. Right mouse on system volume information folder / security (If you use XP Pro). Click on add, then add your username then check names. Then OK, OK. Open the system volume information folder, and delete everything in it. If you want to enable system restore again, do it after you delete whats in the above folder.

If you're using XP Home, do the above in safe mode

stephan08611
22-05-2009, 03:09 PM
Actually I didnt know system restore was disabled until I got the virus warning. Every time I tried to enable it the box would be checked again after reboot and Statemgr was missing from startup so I ticked 'Normal Startup' and it appereared.
I'll try to make this short cause all this was posted, but my comp was running extremely slow. I also couldn't open HJT ,got the 50003 error. I got rid of Panda AV and a file called DGELTEMP that I was told takes up too much room after awhile. I also couldn't open HJT ,got the 50003 error. I was told Autorun is similar to HJT but that wont open either. No error or anything just wont open except for the command line part. Comps running better after the Panda and file deletion.
But my question wans't answered. Is A0036911.cpy actually a virus? I don't wanna get rid of something that might be needed. Thanx again for the speedy reply for the first post.

Speedy Gonzales
22-05-2009, 03:17 PM
I have no idea what A0036911.cpy is. BUT since SR is disabled, I would delete it anyway

Pancake
22-05-2009, 05:04 PM
The A0036911.cpy is part of the Trojan.Downloader-WBRock

Blam
22-05-2009, 05:30 PM
Download KillBox, boot into safe mode and delete that file.
http://killbox.net/

Pancake
22-05-2009, 07:08 PM
Your best bet is to run this to make sure the rest of the infection has gone..

Download Malwarebytes' Anti-Malware from one of these places:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

http://www.besttechie.net/tools/mbam-setup.exe



Double Click mbam-setup.exe to install the application.
If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

PLEASE NOTE:
If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem.

gary67
22-05-2009, 08:22 PM
Listen to Eddy he is good and makes great assesments of viruses and such like

Pancake
22-05-2009, 08:58 PM
Listen to Eddy he is good and makes great assesments of viruses and such like

After 12 years of fixing malware I think I can say I know what i'm saying..:thumbs: