Trojan.ribdew.c.dll
Bit defender found this trojan, but was unable to delete it because its in an archive. Any suggestions on how to get rid of it?
Here's the bitdefender log:
BitDefender Log File !!!!!
Product : BitDefender Antivirus 2008
Version : BitDefender UIScanner v.11
Log date : 20:35:32 14/12/2007
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1197689732_1_02.xml
Scan Paths:Path0000: C:\
Path0001: 
\
Path0002: E:\
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Scan engines summaryNumber of virus signatures : 960166
Archive plugins : 41
Email plugins : 6
Scan plugins : 12
Archive plugins : 41
System plugins : 4
Unpack plugins : 7
Overall scan summaryScanned items : 345306
Infected items : 1
Suspicious items : 0
Resolved items : 0
Individual viruses found : 1
Scanned directories : 5670
Scanned boot sectors : 5
Scanned archives : 866
Input-output errors : 26
Scan time : 00:03:16:01
Files per second : 29
Scanned processes summaryScanned : 35
Infected : 0
Scanned registry keys summaryScanned : 312
Infected : 0
Scanned cookies summaryScanned : 0
Infected : 0
Remaining issues:Object Name Threat Name Final Status
\System Volume Information\_restore{E9DF52E4-6601-4F09-BFD7-04F6D3CB8194}\RP206\A0016149.exe=](NSIS o)=]lzma_solid_nsis0005 Trojan.Ribdew.C.DLL Delete Failed (file was in an archive)
Resolved issues:Object Name Threat Name Final Status
Any help would be appreciated, thank you!
Comments
-
It looks like the trojan has crawled into your System Restore file (i.e. System Volume Information). It's a protected Windows folder, and many viruses attach themselves in there so that if you attempt to do a System Restore, the virus will still be there!
You need to purge System Restore to get rid of it. It's very simple:- Open the "Start" menu.
- Right-click on "My Computer."
- Click "Properties."
- Click on the "System Restore" tab.
- Check the "Turn off System Restore" box.
- A warning dialog box will appear; click OK to purge System Restore.
- Click "OK."
- Restart your computer.
- Do another deep/full computer scan with BitDefender.
Hope I've helped.
0 -
unfortunately that did not work, the trojan is still present after following the steps you suggested.
Thank you for the help though, and do you have any other ideas?0 -
Hello Vraknor,
Did you disable BD Realtime Protection before applying the steps that RubberBandit told you? You have to disable BD because it might block access to the infected files, therefore the system will not be allowed to access them (so they can't be deleted).
If that still doesn't work (even from SafeMode), then follow the steps presented HERE.
Please post if you managed to solve this problem.
Cris.0 -
Hi Cris,
No luck. Turning off the system restore did not remove the trojan, even when BD was turned off, or in safe mode. When following the instructions to use the repair function of windows OS, I was getting "Access Denied" whenever I tried to access the d:\"System Volume Information" folder or anything within it. Same message when trying to remove attributes.
At this point I am beginning to think it would be easiest to just reformat. However, I was curious if anyone had any information on exactly what the trojan does or what it can do from my volume information (As in does it ever actually get run?). The virus encyclopedia does not have an entry for this trojan.
Thank you0 -
I don't think you need to format just because one infected file.
To gain control over that folder, do this:- In Explorer, click Tools -> Folder Options... -> View
- Enable the option Show hidden files and folders.
- Disable the option Hide protected operating system files (Recommended)
- Confirm by clicking Yes when you are prompted to confirm the change and click OK to close that dialog
- Then right-click the System Volume Information folder in the D drive and then click Properties -> Security. You should see there a list which contains only one user, System, which has full access to that folder.
- Click Add -> Advanced -> Find Now. After a few moments, the list below will show all users from your PC (there are a lot more actual users then you know about. That's normal
). Search for your username in that list, select it and click OK twice. - In the main dialog (on the Security tab), select your user (it will appear in the same list as System) and enable Full Control for the folder. Click OK.
- Now it's enough to double-click the folder and you'll be able to access it. Go to that file and delete it.
After you're done, it might be a good idea to go back to Security and remove your user from the list (but be careful NOT to remove the System user, because then the system won't be able to access that folder).
Please post if this solves your problem.
I'll try to find out something about this virus.
Cris.0 - In Explorer, click Tools -> Folder Options... -> View
