Trojan.ribdew.c.dll

Bit defender found this trojan, but was unable to delete it because its in an archive. Any suggestions on how to get rid of it?


Here's the bitdefender log:


BitDefender Log File !!!!!


Product : BitDefender Antivirus 2008


Version : BitDefender UIScanner v.11


Log date : 20:35:32 14/12/2007


Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1197689732_1_02.xml


Scan Paths:Path0000: C:\


Path0001: D:\


Path0002: E:\


Scan Options:Scan for viruses : Yes


Scan for adware : Yes


Scan for spyware : Yes


Scan for applications : Yes


Scan for dialers : Yes


Scan for rootkits : Yes


Target selection options:Scan registry keys : Yes


Scan cookies : Yes


Scan boot sectors : Yes


Scan memory processes : Yes


Scan archives : Yes


Scan runtime packers : Yes


Scan emails : Yes


Scan all files : Yes


Heuristic Scan : Yes


Scanned extensions :


Excluded extensions :


Target ProcessingDefault action for infected objects : Disinfect


Default action for suspicious objects : None


Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 960166


Archive plugins : 41


Email plugins : 6


Scan plugins : 12


Archive plugins : 41


System plugins : 4


Unpack plugins : 7


Overall scan summaryScanned items : 345306


Infected items : 1


Suspicious items : 0


Resolved items : 0


Individual viruses found : 1


Scanned directories : 5670


Scanned boot sectors : 5


Scanned archives : 866


Input-output errors : 26


Scan time : 00:03:16:01


Files per second : 29


Scanned processes summaryScanned : 35


Infected : 0


Scanned registry keys summaryScanned : 312


Infected : 0


Scanned cookies summaryScanned : 0


Infected : 0


Remaining issues:Object Name Threat Name Final Status


D:\System Volume Information\_restore{E9DF52E4-6601-4F09-BFD7-04F6D3CB8194}\RP206\A0016149.exe=](NSIS o)=]lzma_solid_nsis0005 Trojan.Ribdew.C.DLL Delete Failed (file was in an archive)


Resolved issues:Object Name Threat Name Final Status


Any help would be appreciated, thank you!

Comments

  • It looks like the trojan has crawled into your System Restore file (i.e. System Volume Information). It's a protected Windows folder, and many viruses attach themselves in there so that if you attempt to do a System Restore, the virus will still be there!


    You need to purge System Restore to get rid of it. It's very simple:

    1. Open the "Start" menu.
    2. Right-click on "My Computer."
    3. Click "Properties."
    4. Click on the "System Restore" tab.
    5. Check the "Turn off System Restore" box.
    6. A warning dialog box will appear; click OK to purge System Restore.
    7. Click "OK."
    8. Restart your computer.
    9. Do another deep/full computer scan with BitDefender.
    You should now be virus-free! If BitDefender finds nothing, then you can safely turn System Restore back on. Just follow the instructions listed above, this time unchecking the "Turn off System Restore" box.


    Hope I've helped. :)

  • unfortunately that did not work, the trojan is still present after following the steps you suggested.


    Thank you for the help though, and do you have any other ideas?

  • Hello Vraknor,


    Did you disable BD Realtime Protection before applying the steps that RubberBandit told you? You have to disable BD because it might block access to the infected files, therefore the system will not be allowed to access them (so they can't be deleted).


    If that still doesn't work (even from SafeMode), then follow the steps presented HERE.


    Please post if you managed to solve this problem.


    Cris.

  • Hi Cris,


    No luck. Turning off the system restore did not remove the trojan, even when BD was turned off, or in safe mode. When following the instructions to use the repair function of windows OS, I was getting "Access Denied" whenever I tried to access the d:\"System Volume Information" folder or anything within it. Same message when trying to remove attributes.


    At this point I am beginning to think it would be easiest to just reformat. However, I was curious if anyone had any information on exactly what the trojan does or what it can do from my volume information (As in does it ever actually get run?). The virus encyclopedia does not have an entry for this trojan.


    Thank you

  • I don't think you need to format just because one infected file.


    To gain control over that folder, do this:

    1. In Explorer, click Tools -> Folder Options... -> View
    2. Enable the option Show hidden files and folders.
    3. Disable the option Hide protected operating system files (Recommended)
    4. Confirm by clicking Yes when you are prompted to confirm the change and click OK to close that dialog
    5. Then right-click the System Volume Information folder in the D drive and then click Properties -> Security. You should see there a list which contains only one user, System, which has full access to that folder.
    6. Click Add -> Advanced -> Find Now. After a few moments, the list below will show all users from your PC (there are a lot more actual users then you know about. That's normal ;) ). Search for your username in that list, select it and click OK twice.
    7. In the main dialog (on the Security tab), select your user (it will appear in the same list as System) and enable Full Control for the folder. Click OK.
    8. Now it's enough to double-click the folder and you'll be able to access it. Go to that file and delete it.
    If you cannot delete it, you can try to use a software like Unlocker.


    After you're done, it might be a good idea to go back to Security and remove your user from the list (but be careful NOT to remove the System user, because then the system won't be able to access that folder).


    Please post if this solves your problem.


    I'll try to find out something about this virus.


    Cris.