GRRRR!!! (Computer viruses)

Ok, so I’ve been getting these popups from AVG that say there’s a virus at C:\System Volume Information_restore[random numbers and letters that I’m not quite sure matter].exe. (Says that it’s Sasser.B, but AVG, McAfee and Window’s Sasser removal tool

There also says that there’s a virus at C:\Windows\system32\oobeTVM_BS.exe. Same story.

Is it safe to just delete these files?

Also, my AVG freezes now when it gets to a certain point, and McAfee doesn’t find the virus that AVG freezes after when it finds. Anything else I can do?

I think there’s some problem with AVG and the system restore files. I also get a popup about a virus in that area (but not the same one, mine is presario), and when I run an AVG scan it doesn’t lock up, but fails to find it.

It only just occurred to em this moment to run the free virus scanner at:

Maybe it will help both our problems.

Well, Trend Micro failed to find anything on my machine.

It’s not just AVG, it is any antivirus program: Antivirus Tools Cannot Clean Infected Files in the _Restore Folder

Disabling or enabling Windows Me System Restore

Disabling or enabling Windows XP System Restore

Ok, while we’re at it, we might as well tackle my other computer problem now. (I just went and deleted those files (hope my computer will still work :p) and ran that trend micro scan, and I’m not getting the message. Something fixed it)

But there’s a toolbar in IE that I can’t get rid of through McAfee, Ad-Aware, or Spybot. It also doesn’t have a convenient add/remove program entry. :frowning:


The dimensions suck on that screenshot, but across the top, it has “Search the web” with an entry box, then “search engined, software, credit apps, email, useful sites, dating, and cool sites”.

It also turns keywords into links on any page (In the screenshot, the word “Popup” is linkified.)

Any suggestions?

Go to and get a program called Hijack This and either post your logfile here or on a place like The Tech Support Guy Forum where it can be analyzed and people can tell you what to remove and how.

Viruses in the _restore folder are nothing to be concerned about. They are dormant and will only activate if you use system restore. Since the average user doesn’t use it, it shouldn’t be a problem. The virus will vanish in about three months.

Turning system restore on and off will remove the virus, but will also remove all restore points.

But as long as you don’t use System Restore, you are not actually infected with anything. The file is there, but isn’t causing any problems.

chaoticdonkey, is there an entry under the menu item “View>Toolbars” at the top of your IE window? You can select to display or hide toolbars there, and it might also give you the name of the toolbar so you can find out how to remove it.

Actually, everything’s OK. (I think)

The whole hijackthis was great until no one replied to my thread on those boards. So I just started deleting things on there that seemed out of place and it got fixed.

Ok, new problem now. AVG hangs at c:\windows\system32\oobe\msobshel.dll, and won’t continue (even after over 30 minutes of waiting). Worse: there’s a virus, which I keep manually deleting, and it keeps coming up. I tried uninstalling and reinstalling AVG, but it didn’t help. Then I got the pro upgrade, and that didn’t help. What should I do from here?

Grr, this is really bothering me b/c now there are 2 viruses dancing and playing about.

Does anyone have any idea how I can get AVG to stop hanging on that file? (Trend Micro and McAfee don’t find the viruses that AVG keeps warning me are there)

Also, I’m running a firewall (Zone Alarm) which has been pretty effective in stopping stuff (says 1522 access attempts stopped… it’s been on here a week)… how do I keep getting these???

Well… if you’ve done all the stuff in the sticky in this forum, have you tried scanning in safe mode? Fewer stuff is running to take countermeasures.

For the System Restore infection, all you need to do is turn System Restore off, then back on; all the associated files will be deleted.

Housecall is a virus scanner - you might want to try Pest Patrol’s scanner (no removal, but scan is free). And just from the name itself, that first infected file could be associated with the “TV Media” spyware. Don’t install Service Pack 2 for XP until you’re sure that’s gone, or you’ll have to mess about in the recovery console uninstalling SP2 when things go pear shaped.