backdoor.generic3.RTF Trojan

joroma · 29 Oct 2006 at 17:55

Picked up by AVG and put in the Virus Vault. I have got two one in:

C:\RECYCLER\S-1-5-21-507921405-1123561945-682003330-1003\Dc1\msnmgr.exe

and one in:

C:\SystemVolumeInformation\_restore{3737CEOA-16B2-4DAA-A8D8-CE7DF41C9A2B}\RP208\A0075069.exe

They were picked up when my son went to a dodgy link on Messenger (you are in this picture). I have uninstalled messenger and deleted the MSN Messenger folder (after running AVG).

What do I need to do to safely remove these from my PC???

Scottland · 29 Oct 2006 at 17:59

Are these ones that AVG can't do anything with?

If so, you can get rid of the one in: C:\SystemVolumeInformation\_restore{3737CEOA-16B2-4DAA-A8D8-CE7DF41C9A2B}\RP208\A0075069.exe
by disabling system restore normally. Not sure on the other one though, you could try changing the options for that drive in recycle bin to delete and not store anything in there.

joroma · 29 Oct 2006 at 18:05

According to AVG they are not healable.

If I disable system restore will I lose all my restore points?

I haven't tried simply deleting them yet in case that causes me other problems?

ns400r · 29 Oct 2006 at 18:11

Yes you will, but you want restore points that are infected? Turn off system restore. Reboot into safe mode and delete the recycler. Also empty the vault. Why keep viruses in a vault ? What you going to do with them ? I don't understand why people have this turned on. Restart and turn system restore back on if you wish. Then do another full system scan.

joroma · 29 Oct 2006 at 18:15

When you say delete recycler do you mean empty the recycle bin? Only I did that after running AVG and it is currently empty (though I didn't do it in safe mode).

ns400r · 29 Oct 2006 at 18:22

Sorry, yes, I meant delete the contents of the Recycle Bin while in safe mode.

joroma · 29 Oct 2006 at 20:34

Thanks. Done as suggested and both Trojans have gone.