Brian Dixon

Hi all.
I need a bit of help, please.
I run a Win XP machine, and regularly update and use F-Prot as my virus checker. I also use the on-line Trend Micro as a back-up virus checker, but have been having a few problems with that one of late.

Anyhoo... F-Prot has picked up a suspicious file that I am having great difficulty locating and removing. The file is called A0021218.exe and the file path is given as follows: C:\System Volume Information\_restore{F1C1C3C9-25FF-4E75-A8D8-79324AE6DADE}\RP191\
I have run Hijack This, but it doesn't show up. I have run the file find program on XP, but it doesn't show up there either. Ad Aware didn't help either.

Any clues? I was recently hit with something that installed an unwanted toolbar on my machine (similar to the Google toolbar), but forget it's name - sorry.

I use IE and Outlook Express for all things Internet.

I've a horrible feeling that I've been hijacked, but would appreciate any advice (as usual - in words of one syllable or less) on how to remove the little blighter from my machine. I've 'Googled' the .exe filename but didn't find anything that helped me.

As always, I'm grateful for your help and advice.
Regards,
Brian

Jet II

To clean out your System Restore, do the following:
Turn OFF System Restore.
1. On the Desktop, right-click My Computer.
2. Click Properties.
3. Click the System Restore tab.
4. Check the box beside "Turn off System Restore".
5. Click Apply, and then click OK.
6. Restart the computer. (You must restart your computer to clear the old Restore Points)
To Turn System Restore back ON.
1. Follow the above Steps 1 to 3
2. UNcheck the box beside "Turn off System Restore".
3. Click Apply, and then click OK.
4. Restart your computer.
Then do another scan with your virus scanner to see if you are still being alerted to anything.
Bad idea - change to Opera or Firefox/Thunderbird

Brian Dixon

Jet II,
very many thanks. That sorted it.

I'll have a look at the programs you suggest.

Brian