System detected a virus. I can't remove it.

[Zanatar]

I have Windows XP Pro. I use AVG 6.0 Free Edition.

The AVG Resident Shield detected a virus. Here is the info it has given me:

AVG Resident Shield:

VIRUS Trojan Horse Dropper.Bridge.A

C:\System Volume Information\restore-{3feee37e-374c-4012-8f39-61ebaf6789ea}-\rp248\a0043565.exe

To remove this virus please run AVG for Windows.

I have the latest definitions downloaded and I have ran the complete full AVG scan twice. It didn't detect anything.

I have tried looking manually for the directory structure. I don't have a C:\System Volume Information\ directory.

Yet AVG Resident Shield keeps popping up with this detection.

Can anyone help me?

Thank you

[Sushubh]

C:\System Volume Information\restore-{3feee37e-374c-4012-8f39-61ebaf6789ea}-\rp248\a0043565.exe

make a fresh system restore point using System Restoreand remove all the old ones using Disk CleanUp!

that should do... :)

[Krudomanic]

Can I suggest not to use System retore in the future but, to use GoBack in stead more stable more reliable... If you have Norton Systemworks 2003 this is free with this program... Windows System Restore sometimes will not allow you to run sucessfully and fails to run...

[[DGS]]

the most correct way to run the antivirus (ANY antivirus) is to boot in safe mode and scan !

that way the antivirus can delete the infection.

try that and report back! :cool:

edit: also i would recommend you d/l norton antivirus from symantec.com and scan with that!

[livesoca]

Simple solution.

1 Disable System Restore (Righ-click on My Computer)

2 Scan enitre HD

3 Reboot

4 Enable System Resore again.

Works everytime.

LIVESOCA

[shihchiun]

you do have a C:\System Volume Information\. it's hidden by windows by default. you can disable this, of course.

[Zanatar]

Ok well basically I stoped and restarted system restore. That seemed to have done the trick.

I did go download Norton Anti Virus (The 15 day trial period one).. while it's nice, and I'm sure it's better then AVG in many ways, I don't want to pay the $$ for it. I'll stick to AVG, which is free. It did detect the virus after all.. in the Vshield. ) but neither AVG's full scan or Norton's full scan was able to detect any viruses. Of course that was probably due to the fact that it was deleted when I turned off System restore.

Two questions: Do any of you use AVG 6.0 Free edition? Do you like it? Is there a better free anti virus software out there? AVG seems to do it all. Free updates, scheduled scans, V-shield, e-mail scanner.

And what is Go Back? Is it free? How is it better then system restore? And for that matter what is wrong with XP's system restore?

Thanks for all your help,

[dreamthief]

There's nothing wrong with XP System Restore. Just that when a virus/worm attacks, it will surely be targeted since it's a standard feature in every XP installation. Most of the time, using system restore would not be feasible as the system restore files are corrupted (due to virus/worm doings).

GoBack is a payware software, definitely not free. It has a good track record of successfuls restoration of the whole system. Before System restore came around, GoBack was the best option there is.

Two questions: Do any of you use AVG 6.0 Free edition? Do you like it? Is there a better free anti virus software out there? AVG seems to do it all. Free updates, scheduled scans, V-shield, e-mail scanner.

I tried AVG. Not to say i dont like it. Just that i prefer using Symantec Antivirus instead. It's a matter of preference actually.

[Zanatar]

I would agree to the comment of it being a matter of preference, if Norton was free, but it isn't unfortunetly.

But as they say, you get what you pay for. So I'm sure Norton Antivirus kicks the pants off AVG. Although I have no complaints so far with AVG. AVG has a pay version as well (AVG version 7). But all it seems to offer is a few options (that I don't remember off hand what they were), but it did nothing to improve what it's 6.0 free edition does.

[ramian]

GoBack is a payware software, definitely not free. It has a good track record of successfuls restoration of the whole system. Before System restore came around, GoBack was the best option there is.

Is GoBack really all that good? I bought a copy a couple of years ago but have never used it. Would an older version work on XP? How is it compared to Norton Ghost? I'm still using the 2003 version.

Thanks!

[dreamthief]

Is GoBack really all that good? I bought a copy a couple of years ago but have never used it. Would an older version work on XP? How is it compared to Norton Ghost? I'm still using the 2003 version.

Thanks!

Whether or not GoBack is realy that good. Go get yourself a trial copy and test it for yourself. But I am doubtful the old version supports XP. Check the documentation for that information.

Firstly, GoBack and Norton Ghost are developed to serve different purposes although it might perform similar tasks.

Main features

GoBack - It restores / undo certain installation, registry changes and software setting changes to the restore date.

Norton Ghost - creating an image for backup and restoring the whole computer back according to the image.

The two seems to be doing the same thing. But here's an example on how different it would be.

Case scenario

Let's say you created a restoration date for GoBack and an image file for Ghost at point A. After that, you downloaded a 700MB file. Install some program that messes up the whole system.

With GoBack, it will retain the 700MB file in the system and undo all the above mentioned (look above the Goback description). Layman's term, retains all the files created, modified after point A.

However with Ghost, it will not do so. It will restore back the system back to where point A was created. So basically any files after point A will not be there.

Conclusion

think GoBack as an UNDO feature. Ghost as a major SAVE function.

I hope that clears up things for you.

[ramian]

thanks for clarifying things for me. Since I don't save any of my documents or download anything to my system partition (which I Ghost) I technically won't gain much by using GoBack. (Right?). I'm thinking that GoBack's backups take as much space or more than what System Restore does. I'll probably stick with my Ghost for now.

Thanks!

[ctrlaltdelete]

Simple solution.

1 Disable System Restore (Righ-click on My Computer)

2 Scan enitre HD

3 Reboot

4 Enable System Resore again.

Works everytime.

Didnt work for me :no:

AVG just last night updated and now detects the dropper.bridge.A trojan horse, unfortunately they do this two days after i get the virus. I tried running the scan with system restore disabled, virus could not be removed. Tried removing the virus in safe mode with restore disabled, couldnt be removed. Having this problem on two computers. Ran a search on the net for "dropper.bridge.A" on several search engines and this is the only link any of them came up with. I just reformatted both computers to get rid of a mydoom.f virus and I really dont want to reformat again. Anyone have any other suggestions or should I kiss my data goodbye and count my losses?

On a side note, Hi! I am new to the forums. I will check if there is a place I should introduce myself soon, but right now I'm busy bending my brains over this stupid trojan horse. And congrats for being the only website with any clue that this trojan horse even exists yet. LOL

[roypou]

Hi people. I'm also new to this forum - hi to all. I have been experiencing problems like a few members here - TROJAN HORSE DROPPER.BRIDGE.A which is resident in the System Volume Information and another trojan PSW.BLISS.B It keeps popping up, but this seems to be the only website in English that has anything to say about them (dropper Bridge A).

For the record, I also use AVG vers 6 - it's free, I've used it for years and never had a problem with it, until these nasty little things have turned up. :angry:

Good to read all the info and will heed all advice given to others.

regards to all

[ctrlaltdelete]

OK it looks like AVG now has it figured out. Roypou, see if you can update AVG again. They made a new update file (third update in two days). This time, I kept system restore disabled, not in safe mode, and the file was removed with no problems. Bless their hearts, they kept on top of this virus and gave us all the needed updates for FREE! I've used Norton and dont like it. Its just so invasive and nearly impossible to use on older computers as it bogs everything down. I havent done the checks myself but word is there are more usless registry entries with norton than there is with AOL. I wonder if norton had this specific virus figured out before AVG. Considering the lack of any information on the norton site about it, I am doubting it. They have their money, why care if they are behind the times in updating their virus definitions? Ok i'm done slamming Norton, mind if i slam Bill Gates for a little while? nahh... Anyway, good luck Roypou. I'll be curious to see if this little update will fix your problem as well as it did mine.

ps..I got the psw.bliss.b at the same time I got the dropper.bridge.a on one of my computers. So far no sign of it on this computer, but it looks like somewhere they were bundled together. anyway, AVG spanked that one right off my hard drive with no problems. good luck!

[Night.Hawk]

Hey, people. I've never had a virus but that popped up. I'm going to try what was suggested and disable system restore, then scan for the virus, reboot, and enable it again. I'm going to try creating one, then deleting everything first like someone else suggested. It'd save time. I have SP2 and am about to install the new RCI version of it. I wanted to have it clear of everything before I install. I'm glad I started backing up my important files with web-a-file.com last week though. Well, going off to see if it works. If it does I'll post it. Wish us luck.

[l77Il7H]

i have this exact same virus, bummer.

[Bruce1526]

I have the same Dropper.Bridge.A virus that AVG has detected, but cannot remove for some reason. I have done all of the steps suggested in the previous posts. However, the virus is in C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files. I have done searches for the specific files, and have not found them. Here is the specific information returned by the AVG log:

C:\Documents and Settings\BRUCE\Local Settings\Temporary Internet Files\CONTENT.IE5\6LBW1G7A\ACDSee%206.0.2.0014%20PowerPack%20Trial%20English%20-%20Bidjan[1].zip:\start.exe Trojan horse Dropper.Bridge.A

C:\Documents and Settings\BRUCE\Local Settings\Temporary Internet Files\CONTENT.IE5\KTENC1E7\ACDSee%206.0.2.0014%20PowerPackTrial%20English%20-%20New%20Patch[1].zip:\start.exe Trojan horse Dropper.Bridge.A

Can anyone please help me find a solution to this?

Thanks,

Bruce

[Sushubh]

boot into command prompt mode and delete the infected file!

[roypou]

Ctlaltdelete - thanks for time and info m8. I seem to be clear at the moment, I've updated AVG 5 times in the last 2 days hoping they would catch up. Seems they have, but no other site seems to have cottoned on yet - i've been tracking them all.

I'm :) with the service AVG service provide. I too have run Nortons vbefore and like you found themultra intrusive. I have a number of preventative measures up to stop these trojans etc getting on, but this one was quicker than technology obviously.

anyhow thanks for your time. PS - I cleared ALL my cookies and Temp internet files out aswell. I reckon it was hiding in there somewhere!!

[Bruce1526]

Actually, it wasn't in C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files. That is the log file that AVG reported. It was in:

C:\Documents and Settings\All Users\Local Settings\Temporary Internet Files.

I found the nasty bugger and deleted it. Of course, you cannot steer your way there directly through My Computer. You have to go from the RUN command in the START menu.

Bruce

[Joel]

Actually, it wasn't in C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files. That is the log file that AVG reported. It was in:

C:\Documents and Settings\All Users\Local Settings\Temporary Internet Files.

I found the nasty bugger and deleted it. Of course, you cannot steer your way there directly through My Computer. You have to go from the RUN command in the START menu.

Bruce

Of course you can, set your view to show hidden folder and files.

[mAcOdIn Veteran]

I'm curious about the trojan you mentioned. I want to look it up but McAfee's site has nothing on it.

I tried to look it up on www.grisoft.com's virus encyclopedia as well but it seems they only have 15 virii listed on thier website. You can't happen to pull up the info on the trojan through the program could you?

I'm just curiouse because sometimes the dropper isn't dangerouse at all once infected, so it may not be a big deal at all.

[ewebenterprises]

New here found you guys after doing a search on Dropper.bridge

I have had this little pest for the past two weeks after I though I got rid of it

I found out AVG is the only one picking it up

If I can remember its spyware and other people have had it and started posting within the past two weeks

Where it is coming from who knows?

I have AVG and a firewall also

I removed it last week but guess what? "its back"

Im pretty sure they said it replicates itself back into the system files after AGG said it was removed

Try doing another scan like i did and see if its there again

Do a search on it and you may find more info

Thanks

[Harsesis]

I have the same Dropper.Bridge.A virus that AVG has detected, but cannot remove for some reason. I have done all of the steps suggested in the previous posts. However, the virus is in C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files. I have done searches for the specific files, and have not found them. Here is the specific information returned by the AVG log:

C:\Documents and Settings\BRUCE\Local Settings\Temporary Internet Files\CONTENT.IE5\6LBW1G7A\ACDSee%206.0.2.0014%20PowerPack%20Trial%20English%20-%20Bidjan[1].zip:\start.exe Trojan horse Dropper.Bridge.A

C:\Documents and Settings\BRUCE\Local Settings\Temporary Internet Files\CONTENT.IE5\KTENC1E7\ACDSee%206.0.2.0014%20PowerPackTrial%20English%20-%20New%20Patch[1].zip:\start.exe Trojan horse Dropper.Bridge.A

Can anyone please help me find a solution to this?

Thanks,

Bruce

They are putting those files in cracks now aren't they :whistle:

[mAcOdIn Veteran]

If you want to try and find out when and where you got it follow these instructions to gain access to the system restore folder.

http://www.tweakxp.com/tweak2086.aspx

Find the date and time the file was created.

Then run a search on your computer for that specific date looking for archives, installed programs, and your history files and see what matches. Start systematically checking out each one to see if you find a match on where it came from.