Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Trojan-DIALER in System Volume Informatiom/_restore?

Feb 17, 2004 6:58AM PST

Keep getting a dialogue box coming up telling me I have a problem with a trojan Dialer in:
C:\System Volume information\_restore(E06FA9D44-E043-4518-A5F9-DA777E6401A2)
Check with AVG. Doesn't find it.
If I go into registry and follow the path:
HKEY_LOCAL_MACHINE>SYSTEM>ControlSet001>Control>BackupRestore>FilesNotToBackup>
If find System Restore with the same coding.
Is it safe to delete this line from the registry?

Discussion is locked

- Collapse -
Re:Trojan-DIALER in System Volume Informatiom/_restore?
Feb 17, 2004 7:02AM PST

You have to disable System Restore - scan again and afterwards ENABLE system restore again.

In WinXP:

Disable the System Restore Utility (WinXP Users)
1. From the taskbar, click Start, right-click My Computer, and click Properties.
2. Click on the System Restore tab.
3. Checkmark Turn off System Restore on All Drives.
4. Click OK.
5. You'll be prompted to restart the computer. Click Yes.
Note: To re-enable the Restore Utility, follow steps 1-5 but remove the checkmark next to Turn off System Restore on All Drives in step 3.

- Collapse -
Re:Re:Trojan-DIALER in System Volume Informatiom/_restore?
Feb 17, 2004 7:50AM PST

Thank you for your reply.
I did exactly as you said, but the entry still remains in the registry. The code is an exact match to that in the alert diaologue box that keeps appearing at regular intervals.
Question: Is it safe to delete entry from registry, or might I create even further problems.

- Collapse -
Trojan-DIALER in System Volume Informatiom/_restore?
Feb 17, 2004 8:04AM PST

based on the information you have submitted, I believe it would be safe to delete it because it seems to be in the restore folder instead of your System 32 which could create a problem.

david williams

- Collapse -
That's strange......
Feb 17, 2004 8:06AM PST

backup your registry before changing or deleting anything!If something would go wrong - you always can use your backup.

Click on Start-Run. When the box opens type in "Regedit" (without the quotes). Click Ok. When the Registry Editor window opens, Click on "Registry" in the upper left corner of the window, choose "Export Registry File" from the menu. When the next window opens, be sure of the location where you are saving it to and give the file a name like Backup. Click "Save". You now have a backup registry that can be double clicked and will replace the new one you?re going to make, IF you make any deletions you don't like.

- Collapse -
Thanks for your help.
Feb 21, 2004 8:22AM PST

Followed your suggestions, and removed the link.
No repercussions.
The dialer dialogue box has not returned,
Seems like we have zapped it.
Thanks to you both for your help.
Bryan.

- Collapse -
(NT)Bryan - Great Job ! Thanks for your feedback !
Feb 21, 2004 8:28AM PST

.