Sign in to follow this  
wagesoffear

trojan.win32.refroso - FP?

Recommended Posts

Hi, my A2 just flagged this up:

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1563\A0179210.dll detected: Trojan.Win32.Refroso.bgpz!A2

Given that it says 'restore' I was reluctant to remove it.

I did a quick google and it says it may be related to remote irc chat servers; given that I recently visited an IRC chat channel, it is a concern.

I run Windows XP, Windows Firewall, Spybot S&D and Adaware, and A2 of course. Thanks.

Share this post


Link to post
Share on other sites

Hi wagesoffear,

1) If the flagging(s) you have are located only in the System Restore – the only way to

to get rid of the files is temporarily disabling Windows System Restore (switch it Off); Reboot and then turn it back On

The infection there is inactive. Antivirus Tools cannot clean System Restore Folder, since it's protected by Windows.

See How To Enable and Disable System Restore

If your have other detections and/or system is misbehaving and you want to investigate the matter please follow the standard procedure for this section of the forum (you were visiting before)

2) what client in particular you are using?

IRC chat clients sometimes are flagged by security, but that is not necessarily a real threat by itself

For example currently Emsisoft is flagging even the latest installer

F:\Downloads_Current\mirc635.exe detected: Riskware.Client-IRC.Win32.mIRC!IK

but it's is a Riskware, so not necessarily dangerous by itself

Please read about Riskware and about IRC client in particular

So basically the client itself can be white-listed

Another thing whether there were other detections?

Have you removed/quarantined something previously, that you think is related to IRC..., how the computer is behaving, meaning where you taking necessary precautions working with IRC as you have to using any chat client / e-mail attachments/ accepted files and so on

My regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.