Relentless Posted November 7, 2010 I got notice of infection with Trojan.Agent/Gen-Nullo[Micro] and have run SAS and rebooted multiple times, each time there are new entries. I also ran AVG on multiple occasions over the weekend but each time I re-ran SAS there were more entries - I recently ran it again immediately after running SAS and rebooting and still came up with a set of new issues - latest log as follows less cookies- I sure would appreciate some advice - Thanks folks Generated 11/07/2010 at 12:25 PM Application Version : 4.45.1000 Core Rules Database Version : 5821 Trace Rules Database Version: 3633 Scan type : Complete Scan Total Scan Time : 01:59:39 Memory items scanned : 997 Memory threats detected : 0 Registry items scanned : 8947 Registry threats detected : 0 File items scanned : 35419 File threats detected : 15 Trojan.Agent/Gen-Nullo[Micro] C:\RECYCLER\NPROTECT\00026691.DLL C:\RECYCLER\NPROTECT\00026684.DLL C:\RECYCLER\NPROTECT\00026686.DLL C:\RECYCLER\NPROTECT\00026735.LNK C:\RECYCLER\NPROTECT\00026901.SYS C:\RECYCLER\NPROTECT\00026902.SYS C:\RECYCLER\NPROTECT\00026903.SYS UPERAntiSpyware Scan Log https://www.superantispyware.com Generated 11/07/2010 at 04:38 PM Application Version : 4.45.1000 Core Rules Database Version : 5821 Trace Rules Database Version: 3633 Scan type : Complete Scan Total Scan Time : 01:45:36 Memory items scanned : 931 Memory threats detected : 0 Registry items scanned : 8927 Registry threats detected : 0 File items scanned : 35440 File threats detected : 10 Trojan.Agent/Gen-Nullo[Micro] C:\RECYCLER\NPROTECT\00027593.DLL C:\RECYCLER\NPROTECT\00027557.DLL C:\RECYCLER\NPROTECT\00027575.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP297\A0131832.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP297\A0131833.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP297\A0131834.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP297\A0131835.LNK C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP297\A0131836.SYS C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP297\A0131837.SYS C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP297\A0131838.SYS Share this post Link to post Share on other sites
siliconman01 Posted November 8, 2010 The NPROTECT folder on the Recycler is part of Norton System Works. And it is blocking SAS from removing these infections. Do you still have Norton System Works on your system? Please see the article below concerning issues with NPROTECT http://www.bleepingcomputer.com/forums/topic56202.html Share this post Link to post Share on other sites
Relentless Posted November 8, 2010 Thanks for your reply - yes, Norton is still on the system, I emptied the trash but am still getting warnings for this infection in other areas in the computer I will disable +/or uninstall Norton and try again when I get home unless there is another work around THANK you again The NPROTECT folder on the Recycler is part of Norton System Works. And it is blocking SAS from removing these infections. Do you still have Norton System Works on your system? Please see the article below concerning issues with NPROTECT http://www.bleepingcomputer.com/forums/topic56202.html Share this post Link to post Share on other sites
Seth Posted November 8, 2010 Thanks for your reply - yes, Norton is still on the system, I emptied the trash but am still getting warnings for this infection in other areas in the computer. I suspect that by "other areas", you mean the files in System Restore? Disable System Restore, restart the computer, then enable System Restore. Share this post Link to post Share on other sites
Relentless Posted November 8, 2010 Thanks Please bare with me, I am not all that Savvy How do you disable system restore? Do I run SAS after I disable system restore but before restarting or not at all? Sorry, unclear about when I run SAS again thanks for the assistance I suspect that by "other areas", you mean the files in System Restore? Disable System Restore, restart the computer, then enable System Restore. Share this post Link to post Share on other sites
siliconman01 Posted November 8, 2010 The link below should help you learn System Restore (Off/On). http://download.nai.com/products/mcafee-avert/systemhelpdocs/disablesysrestore.htm and http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/ After you disable System Restore, reboot your computer, and then re-enable System Restore. After you have rebooted and re-enabled System Restore, run another scan with SAS and see if any infections remain. Share this post Link to post Share on other sites
Relentless Posted November 9, 2010 THANKS EVERYONE!!! Issue resolved! Had to do a couple of steps twice but finally got a clean bill of health...could not believe it so I ran it again! I really don't know how you folks have the patience to deal with these issues each time I ran SAS was a 2 hour block of time so - each step of the way was a 4 hour adventure Cant thank you all enough for your help Share this post Link to post Share on other sites
Seth Posted November 9, 2010 Thanks for the update. Remember to turn back on System Restore if you haven't already. Share this post Link to post Share on other sites
