Virus on D drive. - BitDefender Total Security 2008, on Gateway 6022GZ laptop.
I clicked on an online link, on what should have been a SAFE website.
I got some very dire warnings from BOTH my antivirus and anti-spyware, as well as McAfee SiteAdviser.
I ran Webroot Spy Sweeper -Nothing. Then I ran 'BitDefender Total Security 2008', it came up with 30 virus files on my "D" drive.
It came up with "Password-Protected Items - No action was possible"
D: is is an inacessible "Recovery Partition" and protected by 'PC Angel' that contains my systen recovery files.
BitDefender said, "These items could not be scanned, due to password protection and they are considered potential threats.
PLEASE EXTRACT THE FILES BEFORE PERFORMING A SCAN."
-- I have no knowledge how to do that. ???
Gateway said to 'do a complete wipe of the hard drive.'
I have tried:
(A) Running the antivirus in safe mode,
(B) On D: drive - Clicking on "Alow Blocked Content" on the yellow Explorer bar, "Did you notice the Information bar?", at the top of the page.
(C) Doing a System Restore, which was 'sucessful', but it did not remove the virus files.
How ever I have tried to attack this problem, the virus files remain inaccessable.
Remaining issues:Object Name Threat Name Final Status
D:i386AppsApp01496mscagentins.ui=]agentins.ini
D:i386AppsApp01496mscagentins.ui=]agntcons.vbs
D:i386AppsApp01496mscagentins.ui=]agntinst.htm
D:i386AppsApp01496mscagentins.ui=]agntinst.vbs
D:i386AppsApp01496mscagentins.ui=]agntlang.vbs
D:i386AppsApp01496mscagentins.ui=]default.htm
D:i386AppsApp01496mscagentins.ui=]header.vbs
D:i386AppsApp01496mscagentins.ui=]HtmlUtil.vbs
D:i386AppsApp01496mscagentins.ui=]images/bg_left_1x314.gif
D:i386AppsApp01496mscagentins.ui=]images/bg_left_MSC_165x314.gif
D:i386AppsApp01496mscagentins.ui=]images/icon_info_16x16.gif
D:i386AppsApp01496mscagentins.ui=]images/icon_mcafee_61x61.gif
D:i386AppsApp01496mscagentins.ui=]images/icon_progress_checked_13x13.gif
D:i386AppsApp01496mscagentins.ui=]images/icon_progress_hot_13x13.gif
D:i386AppsApp01496mscagentins.ui=]images/icon_progress_unchecked_13x13.gif
D:i386AppsApp01496mscagentins.ui=]InstUtil.vbs
D:i386AppsApp01496mscagentins.ui=]instwiz.css
D:i386AppsApp01496mscagentins.ui=]instxp.css
D:i386AppsApp01496mscagentins.ui=]mcccom.lpk
D:i386AppsApp01496mscagentins.ui=]pbar.vbs
D:i386AppsApp01496mscagentins.ui=]setcss.vbs
D:i386AppsApp01496mscagentins.ui=]SubInfoData.vbs
D:i386AppsApp01496mscsharedagentcfg.cab=]screm.ui=]agntcons.vbs
D:i386AppsApp01496mscsharedagentcfg.cab=]screm.ui=]agntlang.vbs
D:i386AppsApp01496mscsharedagentcfg.cab=]screm.ui=]comctl.lpk
D:i386AppsApp01496mscsharedagentcfg.cab=]screm.ui=]config.ini
D:i386AppsApp01496mscsharedagentcfg.cab=]screm.ui=]pbar.vbs
D:i386AppsApp01496mscsharedagentcfg.cab=]screm.ui=]UnInsStr.vbs
D:i386AppsApp01496mscsharedagentcfg.cab=]screm.ui=]uninst.vbs
D:i386AppsApp01496mscsharedagentcfg.cab=]screm.ui=]uninstall.htm
Those are files that McAfee has locked in the virus vault. You need to open McAfee and empty the virus vault if you want to re-scan without interference. You should get Hijackthis. It is a utility that destroys trojans and many other malware and viruses. It is free and you can do a scan, save it and display the results here. Ccleaner is another free utility that can empty all temp files and other un needed files. Hijackthis lists all exe. files so they are not all harmful, that is why its important to list them here so I can tell you which ones to fix.
That's the contents of a webpage. I'm 100% sure it's not a virus. You probably shouldn't worry about it. Just about the only file type you need to look out for that contains viruses is .exe. They can contain viruses. None of the file types there (.gif, .htm, .vbs, .css, .ini, .lpk) are viruses. In fact, they're common files that are used to display web sites. Even the file names look like a web site ("default.htm" is the actual page containing the code for the website). I wouldn't worry about that at all. It looks exactly like the file structure of a web site. You may be asking "why is there a web site on my computer?" It's because when you go to a web site, Internet Explorer downloads all of the componants of it to your computer to display, and saves them for fast access later.
Also, recovery partitions are Read-only meaning that a virus couldn't even get put on there, let alone deleted from there. These files are probably a web page showing something relating to recovering your computer. The files are password protected because your computer manufacturer that put them there didn't want you deleting them because then the recovery wouldn't work if you ever needed it. My advice: Leave these files alone. They're not a threat to anything, and you may need them if you ever need to recover your PC.
The anti-virus program probably just doesn't expect a web site to be sitting in that type of directory. The same file types can be found in your temporary internet files directory on your computer, but the anti-virus software knows it's ok for them to be there. It probably just looks suspicious that they're zipped, because zipped folders look suspicious anyway, and that they're on a hidden partition. I've seen a few cases on my computer where even genuine safe software is mistakenly classified as some sort of virus. I use Avast for my anti-virus. It's free, and I never have any trouble with it.
I think you misunderstood what I said. The files on the D: drive are not the system restore files. I didn't say they were. The web page files are for the recovery of your computer. Manufacturers do this. They probably open when you recover the computer from that partition, and give you further instructions on how to continue. The point is, they're not a threat of any type to your computer, and you shouldn't worry about them.
×
If there are important files on your hard disk drive (HDD) that you need and don't have any other copies of, you might be best advised to get a new HDD, and add it to your computer as the 'master' drive, and switch your current drive to 'slave' status. You can find an HDD for about $50.00 at a local store, or online. Make sure that it is large enough to provide you the space for your operating system. Install the new HDD, with your old drive disconnected from the system, and add your operating system software to the new drive, including your anti-virus software. Beware though, that the virus that you have on your infected drive got around your anti-virus software the first time, so it may do so again. Consider buying a better package. I recommend Norton Anti-Virus. After doing that, plug your old HDD back in (making sure that you've jumpered it according to the wiring diagram on the edge of the HDD so that it is a 'slave' drive) and boot your computer into safe mode. Move the files that you need to a flash drive (after scanning them for viruses) and then format your old HDD.
Alternatively you can format your current HDD and re-install your system software on it.
Either way you go, I would also recommend using Spywareblaster, which is freeware, from Javacool Software. It will give you added protection from getting viruses, by blocking you from being able to access known 'bad' websites. The list of restricted sites is simply loaded into your internet options security file (works with Microsoft Internet Explorer or Mozilla Firefox. Currently the list of bad websites it protects you from is over 9,000 sites long. After updating, which Javacool updates their list usually about once a week, you can enable protection for the new sites, and then shut Spywareblaster down, and that's it. It doesn't run in the background, taking up processor time, it merely puts the list of restricted sites in your computer's browser security. Then when you click on a link to go to a site that will give you a virus or trojan (most of them, anyway) your browser will simply deny any access to the site automatically. You can override it, but why would you want to? If you need further help or instructions for doing anything I've suggested (or forgotten) please let us know. Hope this helps.
I apologize, I overlooked the fact that you have a laptop. From looking at your original problem post, it looks like you have the trojan: "Vicsfram." Norton has a fix for that:
http://www.symantec.com/security_respons...
Alternatively, you can try using Cleanup452:
http://www.stevengould.org/downloads/cle...
Kawika, you said, "Each time I run the anti-virus program the same 30 files come up as "virus" files. This has never happened before. I have had this program for three or more months."
Virus files aren't designed to say, "Hey!!! I'm a virus." They are as subtle as possible in their location as well as their filenames, most often. Hijackthis is very effective. Seeing what you have running in the background (hiding) often reveals the name of the virus.
×
You can use this program:
http://www.download.com/Unlocker/3000-2248_4-10637577.html?tag=lst-1
to unlock the files and then delete them. I've used it before to remove virus files that I couldn't delete the normal way.
203 views
Usually answered in minutes!
Very nice utility, but it will not work on this problem. "No Locking Handle"
Can not "Slave/Master" on a laptop, no room inside!
I have Spywareblaster installed and have updated it recently.
What I really need to do, is to be able to: "EXTRACT THE FILES BEFORE PERFORMING A SCAN"
What I really need to do, is to be able to: "EXTRACT THE FILES BEFORE PERFORMING A SCAN" on D: drive
Each time I run the anti-virus program the same 30 files come up as "virus" files. This has never happened before. I have had this program for three or more months.
They do SEAM to look to be as a web page files, so why do they report as a virus?
TO: ryanriopel28 --
This D: drive contains the files for the Recovery of the computer back to the "New just out of the Box" state.
(3.98GB Free Space, on a 6.82GB Total Size partition) NOT the day to day system restore files.
There is supposed to be NO web page files in there. Nothing at all that the computer manufacturer did not put there, before it went into the box.
×