Win32.Lineage-518

  HelpHelpHelp 13:07 04 Apr 07
Locked

Firstly I'm not really a techie so I might be confused with whatyou tell me to do so please be patient with me.

My husband downloaded a free spyware detector (counterspy) and now we have a trojan (Win32.Lineage518) on our system; this can't be deleted, moved to chest, repaired or anything. In fact every time we do a scan it duplicates the infected file, first time it said we had 1 and today there are 4 logged in the scan report. Added to this we are running a resident scanner so that should of course pick it up and stop it before it gets on the system, but it hasn't. If it helps I can tell you that it's position keeps changing, at first it said it was within downloaded installations, now it states it's within SystemVolumeInformation; the entire file reads thus:

C:\System Volume Information\...\sunthreatfilename.sdb1

This same information has now been picked up 4 separate times in the most recent scan.

My husband has informed me that he attempted to delete the files and folders within the downloaded installations folder, where we originally had the virus found so we're wondering whether this is a back up.

Any help you could offer would be greatly appreciated!!!

Many thanks

HELPHELPHELP

  Jak_1 13:25 04 Apr 07

Ok try this:

open Control Panel > System > System Restore.
Now disable System Restore (note: you will lose all restore points).

Shut down the pc and re-boot into safe mode.

Run your antivirus program again.

A good idea whilst in safe mode is to rn your various antispyware progs also.
Once all this is complete re-boot in normal, go back into Control Panes and re-enable System Restore.

You will probably find no that the AV has been able to eradicate the trojan. Worthwhile at this stage is to run a registry cleaner to clear out any remains from the registry.

  MAJ 13:26 04 Apr 07

Uninstall Counterspy using Control Panel > Add/Remove Programs. Then download, install and run a full scan with Adaware (it's free), let it delete what it finds. click here

Then turn off System Restore to delete the infected restore points, that's the "C:\System Volume Information\...\sunthreatfilename.sdb1". Reboot your PC and do another scan with Adaware. If all clear, then re-activate System Restore.

  HelpHelpHelp 18:46 04 Apr 07

Just wanted to say took both of yours advice onboard and it's worked!! Thanks so much!

This thread is now locked and can not be replied to.

What is Amazon Go and will it come to the UK? The store without checkouts or queues

1995-2015: How technology has changed the world in 20 years

Why ecommerce hasn't taken off on social media

New MacBook Pro 2016 review | MacBook Pro with Touch Bar review: Apple's expensive and powerful…