Trojan, trojan, go away! It's name? downloader.onenet.a

I’m using AVG Anti-Virus. I’m minding my own business when the Resident Shield says that I have the Trojan downloader.onenet.a on my computer and should run an anti-virus scan to remove it. I do so, and it claims that the file has been removed. Today, I’ve gotten several pop-ups claiming that the Trojan is still on my computer, located in a folder called C:\System Volume Information. When I tried to enter this folder, my access was denied.

For the record, I’m running Windows XP and using the Administrator account.

Any and all help would be greatly appreciated. I’m using a personal firewall (ZoneAlarm), so I don’t think any information is getting out.

The system volume information folder is usually used by System Restore to save data as it backs up your system files. The point of it is to allow you to “go back” (where MS stole the idea from) and restore your system to a particular point in time, say before you installed software.

There are two problems with it when it comes to viruses: the system restore also backs up virus files (it thinks they’re part of the system) and all files in system restore are write protected. Thus, the virus is backed up, and can’t be deleted.

On the positive side, it isn’t running, either. It’s just stored until you use system restore. If you choose the wrong restore point, you get the virus back, though.

There are two options:

  1. Ignore it. If you don’t plan to use system restore, it won’t cause a problem. Eventually, the system restore with the virus will be overwritten.

  2. Turn of System Restore. In XP, click on “Start,” then right click on “My Computer” and choose “Properties.” Look for the “System Restore” tab. Select it, and click on “Turn off System Restore.” Now clean your system and the antivirus will remove the file. You can then turn system restore on again. The disadvantage is that you will lose all your restore points, but you probably aren’t using them, anyway.

Thanks for the response; I don’t use System Restore, so I guess this is just going to be a short-lived affair.

Sorry for the hijack, but while we’re on the subject of trojans and popups, maybe someone can help me.

Last night I was just surfing about to watch a news report on the Paris Hilton video, when I get bombarded with popups. Like, not your usual one or two that you can just click away, but a whole mess of them. I would close them and then more would pop up. I had to turn off the computer to stop them.

While that happened yesterday, I think my computer has been messed up for a while now. It seems to be downloading things by itself. Three different search bars, and this thing called N-Case, and a couple or things. When I try to get rid of them, they open up Internet Explorer and they usually tell me to download an uninstaller.

I’ve been able to keep my computer fairly good by going back to last Saturday’s restore point. But I’m afraid to open Internet Explorer (I use Compuserve and AOL) because I might be downloading a bunch of garbage.

Looking back at what I just wrote, it seems like I don’t really make too much sense. So I’ll just break it down to this; can anyone help me get ride of the search bars, and stop my computer from downloading stuff when I open IE

AAHHH!, while I was typing, this thing called Zero Trace downloaded itself!

Also, these things seem to be downloading themselves more at night then during the daytime.

hi teemingONE,
i’d recommend downloading this program called ad aware from and run the web update to update it to the latest reference file. then i would restart windows into safe mode (push F8 while it is booting up to get to this) and then scan your computer. It will find and remove all spyware you may have…

Do you mean that it’s happening at night, when you are not using your computer? Do you have a DSL or similar always-on internet connection?

Then you really ought to be running a firewall to prevent people from getting into your computer. Google for Zone Alarm. Their free version works quite well, and is sufficient for most home users. This is worth running even if you only have a dial-up connection.