I realize this is old news now and while I've read over all the postings in the original trojan thread - I still haven't found a solution around this.

I deleted all the xenocode files and I updated HEM to Beta 40 as suggested.

However the back-door alerts now show up in C:\System Volume Information\
instead of xenocode when I do a virus scan.

See attached image for details.

What should I do to solve this problem? I'm not the most computer savvy when it comes to dealing with stuff like this.

Help appreciated.

The folders where you still get the problems are backup folders for the system configuration. You can delete them.

I don't know where to locate these backup folders.

Can't find C:\System Volume Information\

I have "show hidden files and folders" turned on.

Where's this system configuration at? I can delete ALL the backup folders for system configuration and it won't matter?

I don't know where to locate these backup folders.

Can't find C:\System Volume Information\

I have "show hidden files and folders" turned on.
......


If you can't see it, turn off the windows option that is hiding that directory. http://www.bleepingcomputer.com/tutorials/tutorial62.html



# Remove the checkmark from the checkbox labeled Hide protected operating system files.

I removed the checkmark from the checkbox labeled "Hide protected operating system files."

So I can see the folder called "System Volume Information"

However when I try to access it - it says

"C:\System Volume Information is not accessible."

"Access is denied."

I'm not sure whether System Volume Information is accessible. Isn't it a subfolder where you get this error from? Try to delete only this subfolder.
I suggest you try Google for this because its a very system specific problem and you will possibly find better help somewhere else.

I removed the checkmark from the checkbox labeled "Hide protected operating system files."

So I can see the folder called "System Volume Information"

However when I try to access it - it says

"C:\System Volume Information is not accessible."

"Access is denied."

You should not delete anything from \system volume information afaik

the only xenocode files you should delete are in the \appliance cache folder.

I suggest you run a MBAM scan.