Kolotoc virus

  • Thread starter Thread starter Neil Kernot
  • Start date Start date
N

Neil Kernot

Having read some of the posts, I can see a pattern emerge...
My AVG free edition keeps warning me via the resident shield of a virus:

Joke program Kolotoc (modified) is found in file C:\System Volume
Information\_restore{64C6DA1B-8B16-4BE4-905A-D91CE7193AB8}\RP122\A0006558.ex
e

and tells me to run AVG (which does not find it). The Grisoft virus database
does not recognise the virus. Grisoft replied to my email by saying I had to
buy AVG7.0 (Why would I buy from a company like this?)

I cannot access the .exe because "Access is Denied" (although I have
administrator access). I am not sure if I should delete the .exe anyway?

I have 6 svchost.exe processes; is this normal?

The only weird (very annoying) thing I am getting is multiple prints when I
only want one.

I have found a couple of references to Kolotoc (modified) on Google, but
they are not much help in removing it. The online mcaffe scan found nothing,
and their database had not heard of Kolotoc (same with Sophos).

I can search & find a similar {###} hex number in regedit - should I delete
this?

to coin a phrase, HELP!
 
Neil Kernot said:
Having read some of the posts, I can see a pattern emerge...
My AVG free edition keeps warning me via the resident shield of a virus:

Joke program Kolotoc (modified) is found in file C:\System Volume
Information\_restore{64C6DA1B-8B16-4BE4-905A-D91CE7193AB8}\RP122\A0006558.ex
e
Click to expand...

If it is only in your "_restore" folder, then you need only to
purge the restore points to flush it. Disable "restore", reboot,
re-enable "restore", and reboot again. The next scan shouldn't
find it.
 
Neil said:
Having read some of the posts, I can see a pattern emerge...
My AVG free edition keeps warning me via the resident shield of a virus:

Joke program Kolotoc (modified) is found in file C:\System Volume
Information\_restore{64C6DA1B-8B16-4BE4-905A-D91CE7193AB8}\RP122\A0006558.ex
e
Click to expand...

a joke program is trapped in your system restore folders...
and tells me to run AVG (which does not find it).
Click to expand...

by default no interactive user has access to the system restore folders...
The Grisoft virus database
does not recognise the virus.
Click to expand...

it's not a virus, it's a joke program... also, nobody has a complete
online database - that's just too much work for too little money in
return...
Grisoft replied to my email by saying I had to
buy AVG7.0 (Why would I buy from a company like this?)
Click to expand...

why should they provide support for free?
I cannot access the .exe because "Access is Denied" (although I have
administrator access). I am not sure if I should delete the .exe anyway?
Click to expand...

purge your restore points and it will be gone...
I have 6 svchost.exe processes; is this normal?
Click to expand...

sure... it may not be ideal, but there's nothing particularly out of
the ordinary about that...
The only weird (very annoying) thing I am getting is multiple prints when I
only want one.
Click to expand...

purely coincidental...
I have found a couple of references to Kolotoc (modified) on Google, but
they are not much help in removing it. The online mcaffe scan found nothing,
and their database had not heard of Kolotoc (same with Sophos).
Click to expand...

no program you run is going to be able to locate it on the disk when
they're trapped in a folder you don't have access to...
I can search & find a similar {###} hex number in regedit - should I delete
this?
Click to expand...

that 'hex number' is a guid and really doesn't have anything to do with
the malware in question, rather it has to do with how windows keeps
track of things in the system restore...
to coin a phrase, HELP!
Click to expand...

turn system restore off, reboot... turn it back on if you wish and
reboot again...
 
Thanks for the tip - That did the trick! (easy when you know how...)
I also fixed the printer problem. My default printer was defaulting to 600
pages each time I sent one print. After deleting and restoring the printer
driver this is OK now.
Cheers,
Neil
 
Just to say thanks to the group for your help & advice.

I am not sure what I expect support wise from Grisoft when the software is
free (and works quite well to be honest). I think maybe they should put a
bit more effort into online documentation and point users at the right bits
of that. After all, they are trying to convince us that they make good AV
software with a view to making money out of us at some future time! If the
users have no trust in their solution then the whole idea falls down, from a
marketing standpoint.

Neil
 
Back
Top