I have Norton Antivirus 2005 and I just updated the definitions for today. I thought I would go ahead and get a second opinion from another anti-virus program since Norton Antivirus 2005 says nothing is detected. I tried Bitdefender Online scanner (which took 40 minutes to scan) and found a couple of things.

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP32\A0009354.EXE=>wise0008
Detected with: Adware.Wheaterbug.A
Should I run a spyware program on this one?

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP32\A0009354.EXE=>wise0008
Disinfection failed This action refers to the one above APPLIES TO THE REST BELOW!

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP32\A0009354.EXE=>wise0008
Deleted

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP32\A0009354.EXE
Update failed

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP57\A0011617.exe=>(Quarantine-2)
Infected with: Dropped:Application.ProcKill.Jk

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP57\A0011617.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP57\A0011617.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011658.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Dyfuca.DU

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011658.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011658.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011659.exe=>(Quarantine-2)
Infected with: Dropped:Application.ProcKill.Jk

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011659.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011659.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011660.exe=>(Quarantine-2)
Infected with: Trojan.Hacktool.Pexer.A

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011660.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011660.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011661.exe=>(Quarantine-2)
Infected with: Dropped:Application.ProcKill.Jk

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011661.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011661.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011663.dll=>(Quarantine-2)
Infected with: Trojan.Downloader.Dyfuca.DD

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011663.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011664.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Dyfuca.DU

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011664.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011664.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011922.EXE=>wise0008
Detected with: Adware.Wheaterbug.A

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011922.EXE=>wise0008
Disinfection failed

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011922.EXE=>wise0008
Deleted

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP58\A0011922.EXE
Update failed

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP59\A0012008.dll
Detected with: Adware.Wheaterbug.A

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP59\A0012008.dll
Disinfection failed

C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP59\A0012008.dll
Deleted

Clean out your quarantine folder ,then turn off system restore and retry the online scan.

There is nothing in my quarantine folder in norton. How to I turn off system restore?

Info here: http://www.pchell.com/virus/systemrestore.shtml



And some here aswell : http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q263/4/55.ASP&NoWebContent=1

alright well I set system restore to "off". So Im guessing I dont really need it on right??? So I found out that it was used basically for my system recovery. So the reason the online scanner was detecting the quarantine files is cause they were backed up in my d:\ folder right? becuase I have a c:\ and a d:\ hard disk. But now how do I remove the quarantine files, should I just go into d:\ and try to find them and delete them?

System restore is a matter of choice , some use it some hate it. In Norton check properties open quarantine folder, delete files. :)



http://www.antivirus.vt.edu/help/quarantine.asp

I like to setup my Symantec to delete not quarantine ,if a file can't be repaired.

http://www.antivirus.vt.edu/help/quarantine.asp <HOW OLD IS THIS??

anyways thanks Peat moss but I still got some questions. You should give me your IM, much better if its coo. But there is nothing under my quarantine list, when I went to "View Quarantine files" it listed one file under "Backup Items" and I just deleted that one. So there is nothing there.

Old ,old you calling me old! :lol: Yes its from 2001 , but I like to link to info ,it explains way better than I could. PM me if you need to, I could set you up with a better Anti virus ! ;)

PM'd you