cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Community SeniorMod
Community SeniorMod
Posts: 1,999
Registered: ‎05-01-2010
Location: US
Views: 456
Message 11 of 15

Re: How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

You're welcome. Best of luck in getting your problem resolved. Let us know if the Security & Malware Forum can be of help in the future.






Microsoft MVP Consumer Security 2006-2016 / Windows Insider MVP 2016-
I am not employed by Microsoft or Lenovo.

  Communities:   English    Deutsch    Español    Português    Русскоязычное    Česká    Slovenská    Українська   Polski    Türkçe    Moto English

Shockwave
Paper Tape
Posts: 13
Registered: ‎01-07-2011
Location: india
Views: 448
Message 12 of 15

Re: How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

I just checked with the task manager and I found the following peculiarities:

 

process SCVHOST.EXE running in SEVEN instances

process ATI2EVXX.EXE running in TWO instances

 

Is it a symptom of a malware on the machine which might explain the flowwing blue screen errors:

MEMORY MANAGEMENT ERROR

BAD POOL HEADER ERROR

IRQ NOT LESS THAN EQUAL TO ERROR

INADEQUATE DISK SPACE OR MEMORY ERROE

 

Please suggest with a remedy if it is really a malware issue.

Thank You  so much!

Community SeniorMod
Community SeniorMod
Posts: 1,999
Registered: ‎05-01-2010
Location: US
Views: 440
Message 13 of 15

Re: How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

Those are legitimate files. I cannot tell you if you have a malware problem without doing some diagnostics, and this forum is not set up for that. Try one of the forums I mentioned above. They will have you run some scans and post the log output in their forum so they can analyze them. Give SpywareHammer a try. Usually you won't have more than a 24-hour wait for them to pick up your issue there.






Microsoft MVP Consumer Security 2006-2016 / Windows Insider MVP 2016-
I am not employed by Microsoft or Lenovo.

  Communities:   English    Deutsch    Español    Português    Русскоязычное    Česká    Slovenská    Українська   Polski    Türkçe    Moto English

Shockwave
Paper Tape
Posts: 13
Registered: ‎01-07-2011
Location: india
Views: 436
Message 14 of 15

Re: How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

Thank you Sir!

 

I will definitely give Spyware Hammer  a try once my exams finish! Smiley Wink

 

Sir, on the 4th of may, my gmail account was accessed from an IP in China(115.49.89.74). I live in India. Obviously my account was compromised! The person sent spam emails to everyone on my contact list as BCC. The spamincluded promotional message(probably spurious). My friends tell me that they recieved a warning message for this email. It said, WARNING! SENDERS ACCOUNT MAY HAVE BEEN COMPROMISED. THIS IS A SUSPCIOUS MESSAGE.

 

Sir, I have changed my password. But I am still wary of the fact that what all the hacker could have done through my email.

However, I was fortunate as I opened my email within three hours of this unathorosied access and changed the password.

 

Is this really a scam by hackers in China or is it just a prank played by some intelligent people(probably who know me) by guessing my password and doing it for fun? Also, the account access type through that IP shows "unknown". What does this mean? Is it possible that the prankster masked his IP and used some prank method learnt from the web to do this sort of an act?

 

Please suggest alternate forum links to sort this out.

I will be obliged to you!

 

Thank you once again for your prompt help.

Smiley Happy

Community SeniorMod
Community SeniorMod
Posts: 1,999
Registered: ‎05-01-2010
Location: US
Views: 430
Message 15 of 15

Re: How to delete an infected file in the SYSTEM VOLUME INFORMATION folder on T43?

I cannot tell exactly how your system has been compromised unless some diagnostics are run. Perhaps it was just an email hacker.  If you are in doubt, and you use your computer for any online transactions (banking, credit card purchases) you might consider that if you do in fact have a random access trojan, a hacker can operate your computer just as if he were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

If you suspect that you had or have one of these you may want to go ahead and backup important files and reinstall everything from scratch. There are so many changes that could have been done if a backdoor was used.

If you decide to proceed with trying to clean the trojan let your helper at the malware removal forum know.  IF your logs show that you may have such an infection, he will not guarantee that he will be able to COMPLETELY clean all components of such a dangerous infection.

Here are some informative links to use to help you make a decision:

Danger: Remote Access Trojans

Consumers ? Identity Theft

When should I re-format? How should I reinstall?

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Rootkits: The Obscure Hacker Attack

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

Microsoft Says Recovery from Malware Becoming Impossible







Microsoft MVP Consumer Security 2006-2016 / Windows Insider MVP 2016-
I am not employed by Microsoft or Lenovo.

  Communities:   English    Deutsch    Español    Português    Русскоязычное    Česká    Slovenská    Українська   Polski    Türkçe    Moto English

Check out current deals!


Shop current deals