You are here:

Computer Security & Viruses/malware

Expert: Brian Benosky - 2/24/2008

Question
Hi,I had in my earlier session sent you a hijack this log which appeard clean.this is a copy of the DR web cure it file ,please let me know whether i should delete these items.
A0067379.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP104;Win32.HLLM.Limar.2277;;
A0067510.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP105;Win32.HLLM.Limar.2277;;
A0067551.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP106;Win32.HLLM.Limar.2277;;
A0067554.exe;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP106;Win32.HLLM.Limar.2278;;
A0067570.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP106;Win32.HLLM.Limar.2279;;
A0067581.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP106;Win32.HLLM.Limar.2279;;
A0067592.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP106;Win32.HLLM.Limar.2279;;
A0067621.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP107;Win32.HLLM.Limar.2279;;
A0067624.exe;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP107;Win32.HLLM.Limar.2279;;
A0067648.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP108;Win32.HLLM.Graz.based;;
A0067661.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP108;Win32.HLLM.Graz.based;;
A0067682.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP109;Win32.HLLM.Graz.based;;
A0067703.exe;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP109;Win32.HLLM.Graz.based;;
A0067712.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP109;Win32.HLLM.Graz.based;;
A0068712.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP110;Win32.HLLM.Graz.based;;
A0068725.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP110;Win32.HLLM.Graz.based;;
A0068762.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP110;Win32.HLLM.Graz.based;;
A0068767.exe;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP110;Win32.HLLM.Graz.based;;
A0068790.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP111;Win32.HLLM.Graz;;
A0069813.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP111;Win32.HLLM.Graz;;
A0069821.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP112;Win32.HLLM.Graz;;
A0069857.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP113;Win32.HLLM.Graz;;
A0069957.exe;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP113;Tool.Prockill;;
A0069958.exe;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP113;Program.PrcView.3741;;
A0069963.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP113;Win32.HLLM.Graz;;
A0069977.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP113;Win32.HLLM.Graz;;
A0070007.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP113;Win32.HLLM.Graz;;
A0070098.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP113;Win32.HLLM.Graz;;
A0070114.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP113;Win32.HLLM.Graz;;
A0070123.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP113;Win32.HLLM.Graz;;
A0071189.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP115;Win32.HLLM.Graz;;
A0071229.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP115;Win32.HLLM.Graz;;
A0071237.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP115;Win32.HLLM.Graz;;
A0071255.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP115;Win32.HLLM.Graz;;
A0071274.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP115;Win32.HLLM.Graz;;
A0071288.exe;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP115;Win32.HLLM.Graz.based;;
A0071322.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP115;Win32.HLLM.Graz;;
A0071357.dll;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP115;Win32.HLLM.Graz;;
A0071384.exe;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP115;Win32.HLLM.Graz;;
A0059569.exe;C:\System Volume Information\_restore{7B989D5D-FB59-46B0-8EAE-3B314D978F49}\RP88;Win32.HLLM.Graz.based;;
MSOH32.VLL;C:\WINDOWS\system32;Win32.HLLM.Graz;;
winamp535_full_emusic-7plus.exe;F:\backup 13-10-07\desktop;Trojan.Popuper;;

Answer
Hello Ritika

These items are in your System Restore file and will continue to reinfect your PC. Delete with Dr.Web, then disable System Restore, run a Dr.Web scan again, and after all malware is deleted or moved, turn back on System Restore.

Steps to turn off System Restore
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?
After a few moments, the System Properties dialog box closes.

Steps to turn on System Restore
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to clear the Turn off System Restore check box. Or, click the Turn off System Restore on all drives check box.
4. Click OK.
After a few moments, the System Properties dialog box closes.

Brian

Computer Security & Viruses

All Answers

Answers by Expert:

Ask Experts

Volunteer

Brian Benosky

Expertise

I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.

Experience

I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here: http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm I am also a Top Contributor of General Computing answers in Yahoo! Questions.

Education/Credentials
College Educated Self-taught Computer Skills

Encyclopedia

Browse Answers:

Computer Security & Viruses/malware

Related Articles

Brian Benosky

Expertise

Experience