System detected a virus. I can't remove it.

[Zanatar]

I have Windows XP Pro. I use AVG 6.0 Free Edition.

The AVG Resident Shield detected a virus. Here is the info it has given me:

AVG Resident Shield:

VIRUS Trojan Horse Dropper.Bridge.A

C:\System Volume Information\restore-{3feee37e-374c-4012-8f39-61ebaf6789ea}-\rp248\a0043565.exe

To remove this virus please run AVG for Windows.

I have the latest definitions downloaded and I have ran the complete full AVG scan twice. It didn't detect anything.

I have tried looking manually for the directory structure. I don't have a C:\System Volume Information\ directory.

Yet AVG Resident Shield keeps popping up with this detection.

Can anyone help me?

Thank you

[Night.Hawk]

One thing to try is to boot to safe mode and delete temporary internet files.

Disable System Restore

Scan for spyware with the updated version of the program. Delete them.

Scan for viruses with the updated version. Delete them.

Restart.

Scan again. If it doesn't show up, enable System Restore again.

[GRIFFCON]

Hi Guys:

I had (have) this same Dropper.Bridge.A Trojan Horse, which AVG seems to detect every other day! The problem. of course, is that the little bugger keeps rearing its ugly head. In addition, there is very little information on this troublesome creature. The one thing that I have discovered is that it likes to reside in Windows XP's System Volume Information folder (which is hidden and 'Read Only').

1. Click Start, and then click My Computer.

2. On the Tools menu, click Folder Options.

3. On the View tab, click Show hidden files and folders.

4. Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are

prompted to confirm the change.

5. Clear the Use simple file sharing (Recommended) check box.

6. Click OK.

7. Right-click the System Volume Information folder in the root folder, and then click Properties.

8. Click the Security tab.

9. Click Add, and then type the name of the user to whom you want to give access to the folder. Typically,

this is the account with which you are logged on. Click OK, and then click OK.

10. Double-click the System Volume Information folder in the root folder to open it.

If you're using the professional version of AVG, right click on that folder and run a scan. (It found that little monster along with: 'PSW.Briss.A' and 'PSW Briss.B'). If you're using the free version of AVG, you may have to run a full system scan. If it is successful, we're in luck. If not, we're......!

Good luck

Griff

[supernova_00]

  I have the same Dropper.Bridge.A virus that AVG has detected, but cannot remove for some reason. I have done all of the steps suggested in the previous posts. However, the virus is in C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files. I have done searches for the specific files, and have not found them. Here is the specific information returned by the AVG log:

C:\Documents and Settings\BRUCE\Local Settings\Temporary Internet Files\CONTENT.IE5\6LBW1G7A\ACDSee%206.0.2.0014%20PowerPack%20Trial%20English%20-%20Bidjan[1].zip:\start.exe Trojan horse Dropper.Bridge.A

C:\Documents and Settings\BRUCE\Local Settings\Temporary Internet Files\CONTENT.IE5\KTENC1E7\ACDSee%206.0.2.0014%20PowerPackTrial%20English%20-%20New%20Patch[1].zip:\start.exe Trojan horse Dropper.Bridge.A

Can anyone please help me find a solution to this?

Thanks,

Bruce

I heard on Tech TV today that some group that hates Software Pirates have been putting viruses into files and sharing them on P2P programs like Kazaa...and looks to me like you downloaded the ACDsee and the patch for it from a P2P program and thats where you got your virus

[Night.Hawk]

I know one virus I got from a Freeze.com Screensaver through another person. One of the sponsers that were installed by accident had one in it.

[tupac004]

a few minutes ago i downloaded a .zip file and its currently on my dektop,i right clicked and selected the "scan with AVG" option and it detected the Dropper.Bridge.A and when i went to the test results history and it says that its a trojan horse..............anyways if i haven't opend the zip file yet could i just delete the zip file like any other file or would this have negative effects??

[uniacidz]

Delete

[tupac004]

ok cool,i ran AVG again after i deleted it and theres no sign of it........man that right-click scan option is a life saver

[sim1]

1. disable system restore thing

2. get rid of ur temporary files with Window Washer (pretty good for me) (link: http://www.webroot.com/wb/products/windowwasher/index.php ) u can do this manually for sure

3. update antivirus (avg free edition is a good option if u want a free antivirus program)

4. scan for it

5. delete it :D

or maybe try trojanremover http://www.simplysup.com/tremover/index.html or ad-aware http://lavasoft.element5.com/support/download/???

i found this: http://securityresponse.symantec.com/avcen...an.dropper.html

hope this helps

sim1

[europanorama]

They are putting those files in cracks now aren't they?:whistle::

hartsesis is half-right: i received this trojan iafter downloading a crack. next time i downloaded directly onto a floppydisc a. it was undetected. then i downloaded again onto hdd and it was detected. next time i will download into a special locked folder(of course unlocked when saving into). better would be via floppy. maybe this will all not helpful since dropper will be active as soon as he can see the crack-files in my case it was a zip.. so maybe stay away from the same crackfile. look for alternative. maybe renaming would help.

in the second infection it could be detected by avg 6 in start.exe of adaware(free). i dont know if its healed. there is a heal-button in the avg-alarm-popup. its a pity i do not get a confirmation.

a use avg, sygate, adaware, spybot, spywareblaster, spywareguard,

since i have a port-problem-a hyjacking-program is using my standard internet-port nr- i have no access on this pc.

i must know which port is free or where the problem is. maybe downloading a tool from http://www.grc.com. it is a very important security-website-check for shields and unplug and pray(play) etc.

i must download the avg-definitions from my second pc and transfer them to the possibly still infected one. is this possible?

i am doing pc-service for around 10 years now. i am working all around the clock searching to solve the problems.

i have pentium 1 mmx(2) windows millenium(wiihout office!!!)- pentium 3-winme-no office!!(safe installation is possible but tricky.

two other good forums are:

http://www.sysopt.com

http://www.techrepublic.com has a strange points-system but is working fine-easy to find old messages)

maybe

http://www.neoseeker.com

hello new friends i hope you are not too much confused by my first message here.

Edited March 26, 2004 by europanorama

[europanorama]

boot into command prompt mode and delete the infected file!

go to avg- faq-healing in dos-mode(winme special: use bootdisk to find dos-prompt).

print out the instructions.

i will now have to find a way to eighter 1. reconnect to internet(port-nr-problem) 2. find the dropper again. or 1. try to install a definition-update manually without internet-connection. 2. then solve the port-nr problem.

any tips?

[Skylargo]

I have been using AVG, the free edition, for well over a year now, on both pc's I use at home, and I will testify to the following:

1) Not once has it ever failed to find something that it had popped an alert up about, as long as all the proper settings have been made. When you download AVG and install it, just like other programs that offer variable settings, you should configure it to maximize it's search scope as well as set the types of virus scans to perform.

a) insure all hard-drive partitions are included. My newest pc came with the XP System Restore area pre-assigned specifically to a separate partition of its own, and I even include it, even though it is supposed to be secure, I refuse to assume that it will always be safe from viruses, especially as we evidence almost weekly mutations of viruses, and the fact that someone out there will surely be working on a way to crack into it as well.

b) I also insure that every file type possible to be included in the scan is also selected.

2) It is of course important to insure you have the most recent AVG database update installed, and is also a free service provided with AVG 6.0. It only takes about 30 seconds through DSL connections to update, install and complete the refresh.

3) I also recommend that under the advanced features that AVG 6.0 supports, that Heuristics are checkmarked as well since some viruses may be infected in portions of undetectable code on the pc.

These steps followed you should find anything and everything that it warns you about upon the intrusion alert. There are some strains that it will not heal on it's own when encountered, and to be honest I really don't think that any one anti-virus product can find everything under the sun, or be able to heal/quarantine everything that it does find. As famous and staunch as Trend's PC-Housecall is, it actually missed some things that a subsequent run of AVG found, and that's happened on more than one occasion. I'm staying with AVG and we are actually fortunate to have such a powerful defense in a free version that is supported through constant updates for any new virus's encountered anywhere in the world.

Still, I know it's a hassle, but I believe in not depending on any one product to keep my PC's in tip top shape, and I've been known to run all of the following in this order and each one find something the other didn't!

1) Run Trend's PC-Housecall (Online scan) [the best first line of defense if you're online to run it]

2) Run Trojan Remover 6.2.1 (pc resident) [searches upon bootup and scans for "live" trojans automatically

after which you can then "scan drives" to find dormant/sleeping trojans]

3) CWShredder (pc resident) [has recently been the only way to cleanup what some viruses have damaged]

4) Panda Active-Scan (Online Scan) [sometimes Panda finds things in places the others can't check]

5) AVG 6.0 (pc resident) [the one I prefer to leave running 24/7, at least for now, and also auto-scans emails]

I always run AVG last simply because it is my "main antivirus" and is running 24/7.

[gomcmillan]

Hi people my first visit and it helped me to get rid of this trojan i first upgraded my avg 6 then turned off system restore [no experiance with goback yet may look for it now] kept on getting a virus found thought the reboot did not work until i looked at the extension the original zipped file was in the recycle bin as i know now i did not open :rofl: as opposed to me emptying the recycle bin my 2 bottles of wine on a sunday has kept me a bit slow but let me tell other guys EMPTY YOUR RECYCLE BIN it will stop you getting a bit frustrated

[chaz125]

:) try DOS prompt

locate file

delete it!

[chaz125]

PS

Never try to delete a file AVG won't touch in Windows. AVG knows not to attempt a Windows fix.

A DOS delete is usually safe because it doesn't activate the file in any way!

[Mavrick1]

I got the same virus and same symptoms that you guys have.

I noticed that since we're all using AVG it is picking it up as this dropper.bridge.A virus.

I got mine from a legit program that was trial software from the web, it's embedded right in the archive.

I haven't gotten rid of mine yet, but AVG keeps saying it found it and to run AVG for windows.. which I thought I was already running, but anyway..

Perhaps the reason we can't find it on the web is because other AV programs call it something differently cause I have seen that case with different programs. If you search for a dropper trojan on Symantec's site you do get info on some "dropper" trojans.

Let me know if anyone can figure out how to get rid of this pest cause it's a pain.

I had this stupid "vb" form opening up on my boot into WinXP and traced it to a strange named file but I'm not leaving my machine unattended while this is still on the machine.

Any other ideas yet?

[Os-er]

hi all

FreeAVG calls it Dropper.Bridge.A

FreeAV calls it DR/Bridge.A.2

as someone said, "it comes with cracks", so be sure to scan 1st

:cool:

[BobSOFT]

Greetings;

Hey: just thought I'd post a message, since I ended up with a cute little virus called: Trojan horse Dropper.Bridge.A.

Sound familiar? And I'm running Windows XP Pro, Service Pack 1 on a Dual Pentium III machine. My system restore has been switched off because I found that too much garbage ends up in the System Volume Information folder. (Not necessarily recommended: I use Norton's Ghost to back up my system.)

I'm running LavaSoft's Adaware (free spyware removal tool) and AVG?freeware version 6. AVG detected the virus and did sweet nuthin' to clean it up.:blink:k:

So: here's my solution. Hope this works just as well for you. :D:D

1) I ran AVG and let it locate where the virus hides. (Now, XP isn't very helpful in locating files/folders on the HD. The Search feature couldn't find it and the CMD.EXE prompt was no more helpful with the DIR /S command either. It's almost like these features have become stupider over time:whistle:e: )

2) AfteAVGb> located the virus, I clicked the "Test Results" button, bottom middle.

3) I scrolled down the list of results to the most recent finds that are marked in red indicating successful scans.

4) I clicked the line that indicated the virus (in the List of Test Results dialogue box) and then clicked the "Write to File" button (bottom right). Just save it to your desktop where it's most convenient to retrieve later. Now click "Cancel" and then exit (if you wish) AVG.

5) Open up the report on your desktop (double-clicking it should open it up directly in Notepad). Here's a partial listing of what is in the log:

C:\Documents and Settings\...\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!C:\Documents and Settings\...\Local Settings\Temporary Internet Files\CONTENT.IE5\4X6LMHEH\jI1080801534[1].zip:\start.exe Trojan horse Dropper.Bridge.Ab>

C:\Documents and Settings\LocalService\NTUSER.DAT Cannot open; not checked!

Note: the elipsis (...) removes unnecessary information.

The middle listing there is the one where the virus is hiding. (Now I didn't need to boot to safe mode or anything fancy. As I said earlier: Search and CMD.EXE aren't very helpful. But this tool is: explorer.exe. So let's carry on.)

6) I copied thpathb> to the virus from the report. In other words I highlighted the centre line froC:\...b> t4X6LMHEH\b> with my mouse and right-clicked it. Then I clicked "Copy" and closed the report file.

7) I opened Windows Explorer (Start > All Programs > Accessories > Windows Explorer) and removed the text in the Address Bar by highlighting it and hitting the Delete key. Then I right-clicked in that space and clicked Paste. The path I copied appeared here.

8) I clicked thGo b> button and presto! In the right panel was the contents of the offending folder. In the left panel was a long list of subfolders to a folder calleCONTENT.IE5b>. These are temporary folders that contain copies of the Trojan Horse. I grabbed all those subfolders (highlighted them), held down the Shift key and then clicked the big red X in the upper button bar. This form of deleting does not send these files to the Recycle Bin. They are promptly removed from your drive.

9) I ran thAVGb> scan again and ... ahhh, sweet freedom!

Please don't be put off by some of the extra details. Newcomers to Windows appreciate the extra assistance.

BobSOFT

My Webpage.