I'm at my friends' in Idaho.
OS is ME, I've turned system restore off. Restore folder has multiple infected files in C:\Restore folder.
Virus is love letter.
NAV did not find, SARC online scan did not find,
Trendmicro online scan DID.
Infection is in Restore\.CAB files.
How do I rip this shit out?
Pls advice.
Scott
Last edited by serlv; 09-02-2002 at 04:58 PM.
serlv What tipped you off that the pc might be infected? Reason I ask is before you go deleting anything how sure are you that the trendmicro scan is correct, because NAV is usually very good. Can you use any other scan engines to test?
Try anti-vir or avg.
http://www.free-av.com/
http://www.grisoft.com/html/us_downl.htm
It should be easy enough to just delete the entire restore folder then scan your entire system again.
You haven't tried AVG 6.0 for Windows. God damn, how do people get so many viruses? I mean I pr0n and all, download all kindsa, trade stuff over P2P, but I can't find a damn virus in my systems. Enough about me. Try AVG, might find it and get rid of it for you. Better yet, wipe the restore folder.
http://www.grisoft.com/
Life is an unrelenting comedy. Therein lies the tragedy of it. - Martin Stillwater
Dude, check out my DVD Collection!
Read your 2 responses, both mention deleting Restore folder.
Hey, my friends have teenagers, that's how he got it.
ANYWAY, want to clarify.
>>>>I have turned off the System Restore function
Can I just SAFELY delete the entire Restore folder? (This isn't my computer, I'm just visiting. ) Will ME recreate a new Restore folder upon a reboot, so System Restore can be reactivated once the machine is clean?
Scott
to be on the safe side, why don't you open restore folder, select all, make sure folder option is set to show hidden files, and delete. that way you don't have to worry about the missing restore folder. But then again, I'm pretty sure windows will recreate the restore folder if you delete it just like the temp folder.
Somebody else please confirm.
http://www.sarc.com/avcenter/venc/da...oveletter.html
from here
http://www.sarc.com/avcenter/tools.list.html
from here
http://www.antivirusebook.com/popup/...uscleaner.html
id make sure you had it...i always verify with 2 more av before i act...
Windows will not let us delete any of the selected ten Items in the Restore folder, nor will it allow us to delete the entire folder >>" ACCESS IS DENIED"
I agree with vitalt, make sure you really have it before going crazy trying to delete it.
Something else you could try.
First off, work out what the ms-dos name for the restore folder is called.
Boot the pc from an ms-dos boot disk.
Navigate to the folder that the restore folder is contained in.
Type "deltree **********" ... the stars of course being the name of the restore folder.
Type "md **********" , and reboot the system.
Stoner is right about AVG6 ... get it!
Sorry i cant be more specific about ME, but i despise that OS more than words can describe.
M
Right click on the Folder Properties and see if its set to Read Only. If so, uncheck it and give it the one finger salute.Originally posted by serlv
Windows will not let us delete any of the selected ten Items in the Restore folder, nor will it allow us to delete the entire folder >>" ACCESS IS DENIED"
| Asus Rampage II Gene uATX | Intel Core i7-920 @ 4.0GHz |
| 6GB Mushkin Redline (6-7-6-18)| Cooler Master V8 HSF|
| Asus Radeon 5870 | Dell 3007-WFP 30" LCD |
| Intel X-25M G2 80GB SSD| |Western Digital Raptor 150GB|
| Corsair HX620W PSU (System) | Tagan EasyCon 530W PSU (Dedicated GPU) |
| Lite-On 4x Blu-Ray Reader| Creative X-Fi Fatality Audio| Klipsch ProMedia 2.1|
| Lian-Li PC-A10 |Windows 7 Ultimate 64-bit|
Spezi had it. After Rebooting, old restore "sets"" were gone. did 3 Scans >> TrendMicro's online, the up=to=date installed NAV's and Panda's online. Not a trace. clean.
Thanks all!
Scott
After another reboot, we went back to system> Performance> file System etc., and reactivated it.
So I imagine it makes a new set ( a "restore point" ) then, once you enable?
Dramen generallly if trend says there is a virus its usually in my experience about 95% correct.Originally posted by Dramen
serlv What tipped you off that the pc might be infected? Reason I ask is before you go deleting anything how sure are you that the trendmicro scan is correct, because NAV is usually very good. Can you use any other scan engines to test?
Try anti-vir or avg.
http://www.free-av.com/
http://www.grisoft.com/html/us_downl.htm
It should be easy enough to just delete the entire restore folder then scan your entire system again.
Also would like to ad that PCCilln eats the lowest of all virus scanners in system resources. It has been my favorite for years now.
Well all this talk of virus's got me a bit nervous. In the years I have been online and I have never (knock on wood) had a virus. I have had accounts hacked but that'll happen in AOL chat rooms. (my wife, not me. Ok well not to often.)
Anyhow, I DL'd AVG at Stoners recommendation and scanned all my machines. across 3 machines and better than 47,000 files I had no virus's.
so I uninstalled it. Ok not really. but if I notice any system performance hits than I will take it of. That is my biggest beef with any AV software. They are resource hogs and slow ya down ta boot.
BTW, serlv, glad ya got your system worked out with minimal trouble.
TheHeretic
What we do in Life, Echoes through eternity.
so you don't run AV software in the background Hairy?? I mean with today's speeds, an AV scanner running makes small differences in speed and is well worth the trouble IMO
Interesting how the Love Virus infected your restore.cab files - seems like it could have done more damage with current ones. but why surmise when you removed the virus safely...good to hear swerlie
I'm home now. And their machine is clean, so I'm happy.
Judging from all the reports, I wouldn't own ME either. I have WFW 3.1 ( or is it 3.11), a late 95 (B?), 98SE , W2K. I just avoided ME altogether.
I guess, they must a had it, the system did a restore, they cleaned the "day to day" system files ( present ) , but couldn't get it out of the "backup set" that Restore creates. It's gone now. Told 'em to keep the kids off Kazaa. While looking through Activity.log files in NAV, I saw lot of xxxxx.mp3.vbs files mentioned that were in the Kazaa shared folder ( at one time ).
Scott
Yeah I dont wish to have that reduction in resources. And one can take steps to avoid virus's.
I have an OS only partition. if I were to get a virus than I am not going to lose all data and info. simply wipe that Partition and reinstall. It does make for a small amount of grief when having to reinstall shared files. That is also much easier if you simply ghost that drive from time to time.
It also comes down to your surfing habits. I dont make it a habit to open every email, or download and try lots of stuff. And I have stayed away from virtually every file sharing service. I use a couple from time to time and even than I try to watch what I am downloading. Mp3's-- not to often. I own over 800 CD's and have a decent entertainment budget so I dont do a lot of downloading of mp3's. software, sometimes.
I may not have the most exciting online life but for the most part it is enjoyable to me.
Yeah one day I may get a virus on one of my machines and change my mind but for now, Why fix it if it aint broke?
TheHeretic
My Opinion on ME's Sys Restore.
It never worked..
I had WIn ME and tried the system restore and it didn't do shit.
IMHO SYStem restore is a bad marketing scheme from M$.
I think its just a resource hog!
Besides that I hate ME with a passion. It has the worst memory LEAK I have ever seen.
I had to reboot my machine everyday!
Enough Said.
I think the best thing you can do for your friend is Get Win 2k or better.
"Z"
"I think the best thing you can do for your friend is Get Win 2k or better."
I agree. I tried.
But they are "fearful" PC users. The above would be even more of an unknown to them then their current system.
Scott
Posting Permissions
Reply With Quote
Bookmarks