cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Shockwave
Paper Tape
Posts: 13
Registered: ‎01-07-2011
Location: india
Views: 1,359
Message 1 of 15

How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

Respected Sir/Ma'am,

 

Recently I have bee experiencing a series of blue screen errors. Norton AntiVirus and other well known softwares simply crash. The virus definition update files are reported to be corrupt. luckily, I used this SPYWARE DOCTOR which founf an infected file by the name of HACKIT.ROOTKIT in the SYSTEM VOLUME INFORMATION folder, which is hidden from the usual WINXP interface.

 

Please suggest methods on how to DELETE the infected file on this hidden folder?

IF I MAKE THE HIDDEN PARTITION VISIBLE THROUGH THE IBM R&R, WILL IT HAVE ANY AFFECT ON THE CURRENT DATA ON THE DRIVE? ALSO, AFTER DELETING THE INFECTED FILE USING THIS METHOD, IF I SWITCH IT BACK TO HIDDEN, WILL IS HAVE ANY AFFECT ON THE CURRENT HARD DRIVE CONTENTS?

 

pleas suggest any alternate methods to get rid of this infection.

thank you!

Retired Guru
Posts: 1,928
Registered: ‎05-16-2008
Location: USA
Views: 1,351
Message 2 of 15

Re: How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

there is some good info in here http://forums.lenovo.com/t5/Security-Malware/bd-p/Security_Malware please don't repost this there as a Mod. may move it to this borad & if you have a recovery partition you can restore to factory it should take care of it Note: doing this will delete your data & Apps unless you have a good backup & any backups that were done after the malware should not be used




_______________________________
Thinkpad R61 7733-1GU
Thinkpad X61T 7762-54U
Thinkpad X60T 6363-4GU
_______________________________

Did a member help you today? Thank them with a Kudo!

If a post answers your question, please mark it as an "Accepted Solution"!

Regards,
GMAC
Highlighted
Community SeniorMod
Community SeniorMod
Posts: 1,990
Registered: ‎05-01-2010
Location: US
Views: 1,338
Message 3 of 15

Re: How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

SYSTEM VOLUME INFORMATION is your System Restore.As an alternative to doing a factory restore, try flushing System Restore so you can start fresh. This procedure will not delete your saved data and apps as restoring to factory condition would.

To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.

Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

If you still have problems, that would mean that you have active malware running, or that you at one time ran a scanner that was falsely flagged as that file, so please post back. Often our malware removal tools are picked up by general scanners as "Hacktools".












Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.

SpywareHammer





Shockwave
Paper Tape
Posts: 13
Registered: ‎01-07-2011
Location: india
Views: 1,330
Message 4 of 15

Re: How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

Thank you so much for the prompt reply.

 

I have flushed the system restore points as sugested. But running the same SPYWARE DOCTOR program to scan the computer is appearing to be a tedious task! I have recieved blue screen errors for three consecutive times mid-way during the full system scans. The latest one being, "driver caused error in memory pool destined for disk use", exactly which I could not read, the system restarted immediately.

 

history of the machine:

norton anitvirus 2005 crashed during an update around the 20th march,2011. the live update said that the virus definitions were corrupted. I used norton removal tool. I downloaded the Norton antivirus2011 from its website. Initially it worked well but later it also crashed.  Looking in the hardware section for a faulty driver, it highlighted two such drivers:

BHDrvx86 and Symantec iron Driver. After removing Symantec products completely , these drivers vanished!

I have tried MS essentials and ENod32 by d/l the trial version from their websites. however, the same result.

Using the PC Doctor tool through the service partition showed error in the memory and the dvdwriter. However, the drive reads the HP printer s/w but does not read the original music CDs!!

 

I had also updated my Service partition by d/l the  R&R new version in january. The computer did not behave as erratically before doing this. Is it possible that a virus was introduced into the service partition and hence the memory is giving me errors?

 

 

please help me out.!

Shockwave
Paper Tape
Posts: 13
Registered: ‎01-07-2011
Location: india
Views: 1,329
Message 5 of 15

Re: How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

The Norton Power Eraser tool gives a "catastrophic error" when it is runned. The Norton Boot recovery tool gives errors and fails to do its work.........
Community SeniorMod
Community SeniorMod
Posts: 1,990
Registered: ‎05-01-2010
Location: US
Views: 1,326
Message 6 of 15

Re: How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

I cannot tell if you have active malware on there unless I run some diagnostic tools. This forum is not set up for log posts and review. I would suggest posting your issue on one of the forums listed at the links in the recommended sites section on this page:
http://hjt-data.trendmicro.com/hjt/analyzethis/index.php

 

They will require you to follow their step-by-step troubleshooting instructions and not run extra tools unless your helper requests you to do so.












Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.

SpywareHammer





Shockwave
Paper Tape
Posts: 13
Registered: ‎01-07-2011
Location: india
Views: 1,321
Message 7 of 15

Re: How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

But Sir, once I had tried to restore my computer to the factory settings via the service partition using the IBM R & R.

The computer gave a blue screen error there also.

What can be the possible reason for this?

-virus in the service partition

-hardware problem?

 

 

Shockwave
Paper Tape
Posts: 13
Registered: ‎01-07-2011
Location: india
Views: 1,311
Message 8 of 15

Re: How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

The detected hacktool.rootkit was not detected in the latest full system scan using the same spyware doctor sofware.

Thank you for your patience!

I will be glad if you can help me out with the below mentioned possible hardware issue realted to blue screen error also.......
Community SeniorMod
Community SeniorMod
Posts: 1,990
Registered: ‎05-01-2010
Location: US
Views: 1,295
Message 9 of 15

Re: How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

You're welcome.

Regarding your hardware question, I specialize in malware removal, so perhaps someone else will come along to assist you with the hardware issue. If not, try posting on one of the Lenovo hardware forums that would apply to your system. Sorry that I cannot be more helpful.












Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.

SpywareHammer





Shockwave
Paper Tape
Posts: 13
Registered: ‎01-07-2011
Location: india
Views: 1,279
Message 10 of 15

Re: How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

Thank you so much Sir!

Check out current deals!


Shop current deals

Top Kudoed Authors