Virus Removal Tool V2.1

Hello ginnpr,

trying to do a download - but would not complete

if you did run the tool then the download must have completed?

Anyway - please post the log - which contains the details of the detection - here (it's in C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log).

Christian

Hi - I was trying to do a d/l from homepage - not sure what version that was or is - but then ran the one I had - V2.1 and got file that could not be deleted.  Will send log file - cannot locate the Application Data under documents and settings

Hello ginnpr,

cannot locate the Application Data

it's a hidden folder. In Explorer's menu bar select Tools -> Folder options ... tab View, pane Advanced settings: a little bit down there's Hidden files and folders with two radio buttons. Select - naturally - Show hidden files and folders.

HTH

Christian

Thanks again for the reply - am using IE8 - when click on tools - there is no folder options to go to!!!  I am sure I am missing something!!!

Hello ginnpr,

not IE but Explorer, the program that opens My Computer, My Documents and so on - guess you used it when you first searched for the logs. Another option is clicking Start->Run (or entering Windows Logo+R) and paste the path (including the double quotes) "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\" into the dialog box.

Christian

Hi - I found the log file and sending!!!

2012-07-09 14:53:59 Sophos Virus Removal Tool version 2.1
2012-07-09 14:53:59 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2012-07-09 14:53:59 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-07-09 14:53:59 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
2012-07-09 14:53:59 Component SVRTcli.exe version 2.1
2012-07-09 14:53:59 Component control.dll version 2.1
2012-07-09 14:53:59 Component SVRTservice.exe version 2.1
2012-07-09 14:53:59 Component osdp.dll version 1.44.0.1982
2012-07-09 14:53:59 Component veex.dll version 3.33.2.1982
2012-07-09 14:53:59 Component savi.dll version 7.5.9.1982
2012-07-09 14:53:59 Component rkdisk.dll version 1.5.30.0
2012-07-09 14:54:32 Option all = no
2012-07-09 14:54:32 Option recurse = yes
2012-07-09 14:54:32 Option archive = no
2012-07-09 14:54:32 Option service = yes
2012-07-09 14:54:32 Option confirm = yes
2012-07-09 14:54:32 Option sxl = yes
2012-07-09 14:54:32 Option max-data-age = 35
2012-07-09 14:54:32 Version info: Product version 2.1
2012-07-09 14:54:32 Version info: Detection engine 3.33.2
2012-07-09 14:54:32 Version info: Detection data 4.79
2012-07-09 14:54:32 Version info: Virus data date 7/2/2012
2012-07-09 14:54:32 Version info: Data files added 238

I ran a full scan with MalWare and the only detected file it found was "PUP.BUNDLE.ORRERS.HQ - not sure why it

didn't pick up the Trojan Zapcas-AE - I did send log file -

Thanks again!!!!!

Hello ginnpr,

the log doesn't seem to be complete as it should at least contain a time-stamped line saying Scan completed (preceded by the details of the detections if applicable). So there should be at least something about the file you've mentioned in it.

Christian

Thanks - I will try running it again - as I mentioned it did say could not remove -  If latest version is 2.1 why is d/l 2.0

AM ATTACHING THE LOG FILE THAT WAS RUN ON THE 10th - IT IS COMPLETE WITH LISTING FOR "ZAPCAS-AE"  - THANKS FOR ANYHELP!!!!

2012-09-10 15:04:25 Sophos Virus Removal Tool version 2.1
2012-09-10 15:04:25 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2012-09-10 15:04:25 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-09-10 15:04:25 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
2012-09-10 15:04:25 Component SVRTcli.exe version 2.1
2012-09-10 15:04:25 Component control.dll version 2.1
2012-09-10 15:04:25 Component SVRTservice.exe version 2.1
2012-09-10 15:04:25 Component osdp.dll version 1.44.0.1990
2012-09-10 15:04:25 Component veex.dll version 3.34.0.1990
2012-09-10 15:04:25 Component savi.dll version 7.5.9.1990
2012-09-10 15:04:25 Component rkdisk.dll version 1.5.30.0
2012-09-10 15:04:58 Option all = no
2012-09-10 15:04:58 Option recurse = yes
2012-09-10 15:04:58 Option archive = no
2012-09-10 15:04:58 Option service = yes
2012-09-10 15:04:58 Option confirm = yes
2012-09-10 15:04:58 Option sxl = yes
2012-09-10 15:04:58 Option max-data-age = 35
2012-09-10 15:04:58 Version info: Product version 2.1
2012-09-10 15:04:58 Version info: Detection engine 3.34.0
2012-09-10 15:04:58 Version info: Detection data 4.80
2012-09-10 15:04:58 Version info: Virus data date 8/6/2012
2012-09-10 15:04:58 Version info: Data files added 225

2012-09-10 16:28:22 Could not open C:\Documents and Settings\All Users\Application Data\CheckPoint\ZoneAlarm\Data\avsys\bases_csd\SysWHist\file_cache\meta
2012-09-10 17:21:10 >>> Virus 'Troj/Zapchas-AE' found in file C:\WINDOWS\SYSTEM32\mirc.ini
2012-09-10 17:23:09 Could not open C:\WINDOWS\Temp\TMP0000506C8A6460E5CEE65471
2012-09-10 17:23:57 The following items will be cleaned up:
2012-09-10 17:23:57 Troj/Zapchas-AE
2012-09-10 17:42:02 >>> Virus 'Troj/Zapchas-AE' found in file C:\WINDOWS\SYSTEM32\mirc.ini
2012-09-10 17:42:02 Disinfection failed
2012-09-10 17:43:03 Warning: failed to stop SMS service (1460)

2012-09-10 17:45:11 Scan completed.
2012-09-10 17:45:11 

------------------------------------------------------------