System Volume Infection?

  • Thread starter Thread starter The Crow
  • Start date Start date
T

The Crow

Hi.
Two questions. First, I've recently had the following virus reported to me
by my antivirus software, which cannot shift the infection. It says a worm,
WORMAPSIV.A, has been found in the System Volume information folder. I run
XP and wondered how to deal with this? Is it, as with similar ones I've
had, a case of disabling the system restore and then restarting? Second,
last week I had a Trojan in this folder, which is when I was told about
disabling system restore, and so this is the second virus in a week in this
folder. I run up to date AVG, Adaware and Spybot, but still seem to be
getting these infections. Could this be a sympton of a larger problem, or
is this common enough? Thanks.
 
from the wonderful said:
Hi.
Two questions. First, I've recently had the following virus reported to me
by my antivirus software, which cannot shift the infection. It says a worm,
WORMAPSIV.A, has been found in the System Volume information folder. I run
XP and wondered how to deal with this? Is it, as with similar ones I've
had, a case of disabling the system restore and then restarting?
Click to expand...

Almost certainly yes.
Second,
last week I had a Trojan in this folder, which is when I was told about
disabling system restore, and so this is the second virus in a week in this
folder. I run up to date AVG, Adaware and Spybot, but still seem to be
getting these infections. Could this be a sympton of a larger problem, or
is this common enough? Thanks.
Click to expand...

I would worry about how it got there, yes. Do you have open shares or
ports exposed to the www? Do you run some cr&p like Kazaa??
 
GSV Three Minds in a Can said:
Almost certainly yes.


I would worry about how it got there, yes. Do you have open shares or
ports exposed to the www? Do you run some cr&p like Kazaa??
Click to expand...

I run Kazaar Lite, and have just got a adsl router, which may be the cause
of any vulnerability. It has a firewall, but it is conceivable that I have
not configured it propperly.

Actually, this may be an opportune moment to bring up this question. I was,
when on dialup, running Sygate Personal Firewall. My router has a hardware
firewall, so should I still run SPF too, or should that go? Thanks again.
 
The said:
I run Kazaar Lite, and have just got a adsl router, which may be the cause
of any vulnerability. It has a firewall, but it is conceivable that I have
not configured it propperly.

Actually, this may be an opportune moment to bring up this question. I was,
when on dialup, running Sygate Personal Firewall. My router has a hardware
firewall, so should I still run SPF too, or should that go? Thanks again.
Click to expand...

If your sharing files then obviously you have an open port. I'd suspect
your router has NAT and maybe SPI. It likely only blocks inbound,
uninitiated connections. Even a firewall like Sygate isn't going to stop
malware from getting on your system. Only you can do that. When you
share files over the internet, your sharing the risk, as well.
 
optikl said:
If your sharing files then obviously you have an open port. I'd suspect
your router has NAT and maybe SPI. It likely only blocks inbound,
uninitiated connections. Even a firewall like Sygate isn't going to stop
malware from getting on your system. Only you can do that. When you
share files over the internet, your sharing the risk, as well.
Click to expand...

Excuse the sloppy grammar. I meant "you're" not "your" in the 1st and
last sentences. It's these damn decongestants.
 
The Crow said:
Hi.
Two questions. First, I've recently had the following virus reported to me
by my antivirus software, which cannot shift the infection. It says a worm,
WORMAPSIV.A, has been found in the System Volume information folder. I run
XP and wondered how to deal with this? Is it, as with similar ones I've
had, a case of disabling the system restore and then restarting?
Probably.

Second,
last week I had a Trojan in this folder, which is when I was told about
disabling system restore, and so this is the second virus in a week in this
folder. I run up to date AVG, Adaware and Spybot, but still seem to be
getting these infections. Could this be a sympton of a larger problem, or
is this common enough?
Click to expand...

It is common enough methinks.

Your AV may have caught it out on its first appearance and
attempted (successfully) to delete it. The problem is that XP
(and ME) have a kernel mode monitor that intercepts that
action and makes a backup copy of the malware in the system
restore before allowing the delete action to continue. Your AV
may have logged the original detection and also the action taken.
Check your log file to see if it offers any insight into the vector
the malware used to get on the system in the first instance.
 
Back
Top