a-squared cannot remove the following files

[Mike 0]

Hey there,

Did a deep scan and found some malware thanks to a-squared FREE. However, it could not get rid of the items in the following log:

a-squared Free - Version 4.5
Last update: 30/09/2009 11:47:24 PM

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\, D:\, E:\, F:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start:	30/09/2009 11:48:07 PM

E:\System Volume Information\_restore{D7282F60-B40B-4CCF-AA32-A5EF552EFE49}\RP177\A0068249.exe/regfix.exe 	detected: Trojan-Dropper.Win32.VB!IK
E:\System Volume Information\_restore{D7282F60-B40B-4CCF-AA32-A5EF552EFE49}\RP177\A0068249.exe/A2ANTI~1.EXE 	detected: Trojan-Dropper.Win32.VB!IK
E:\System Volume Information\_restore{D7282F60-B40B-4CCF-AA32-A5EF552EFE49}\RP177\A0068271.exe 	detected: Win32.SuspectCrc!IK
E:\System Volume Information\_restore{D7282F60-B40B-4CCF-AA32-A5EF552EFE49}\RP177\A0068274.nfo 	detected: Win32.SuspectCrc!IK
F:\Programs\0 New - SORT\Alcohol 120% v1.9.7 (Build 6221)+patch.rar/patch.exe 	detected: Riskware.Patch.Alcohol!IK
F:\Programs\0 New - SORT\Alcohol 120%.rar/Activator.exe 	detected: MalwareScope.Trojan-PWS.Game!IK
F:\Programs\0 New - SORT\Alcohol 120%.rar/keymaker.exe 	detected: Riskware.Keygen.Alcohol!IK
F:\Programs\0 New - SORT\ImTOO DVD Audio Ripper.rar/keygen.exe 	detected: Win32.SuspectCrc!IK
F:\Programs\Alcohol 120% v1.9.7 (Build 6221)+patch.rar/patch.exe 	detected: Riskware.Patch.Alcohol!IK
F:\Programs\Alcohol 120%.rar/Activator.exe 	detected: MalwareScope.Trojan-PWS.Game!IK
F:\Programs\Alcohol 120%.rar/keymaker.exe 	detected: Riskware.Keygen.Alcohol!IK
F:\Programs\ImTOO.rar/keygen.exe 	detected: Win32.SuspectCrc!IK
F:\Programs\ImTOO.rar/Lz0.nfo 	detected: Win32.SuspectCrc!IK

Scanned

Files: 	440805
Traces: 	657784
Cookies: 	0
Processes: 	35

Found

Files: 	13
Traces: 	0
Cookies: 	0
Processes: 	0
Registry keys: 	0

Scan end:	1/10/2009 9:07:23 PM
Scan time:	21:19:16

I have manually removed the ImTOO and Alcohol associated files from my system, but cannot the ones in system volume info...

any help will be appreciated

[Lynx 34]

Hi Mike,

Welcome to the forum

Your logs show that you have pirated / patched Software on your system and using keygens for generating illegal product keys.

Please read special clause of the the instruction about that (see the reference below)

You must not just remove kegens / patches / cracks modules, but uninstall all illegal Software before posting reports, otherwise you will not be assisted by malware fighter.

I have manually removed the ImTOO and Alcohol associated files from my system, but cannot the ones in system volume info...

You will be advised about the way to turn off Restore Point later

After unistalling illegal software update a-squared, Deep rescan and repost

all required log files into this thread as per instruction

=======

Read the instructions in http://forum.emsisoft.com/Default.aspx?g=posts&t=1930

Prepare and post the required log files into this thread

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana for assistance and further instructions.

=======

My regards

P.S. If you have any Antivirus with it's real-time resident being active - disable it when you are performing Deep Scan by a-squared. That will substantially decrease total time of the scan

[Mike 0]

Hey Lynx,

I got my current winXP of my mate when my last version of legit winXP died. I do not think this current version is legit so I will get back to you when I am legal. However, by that stage I will probably be free of malware (will format hard drive in the process), but I will come back if I get malware in the future.

Cheers, Mike

[Lynx 34]

Thanks for reply, Mike.

I will lock this thread

Please send PM to any moderator requesting reopening this case if needed

My regards