Re: Virus in system restore

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: Alias <aka@[notme]maskedandanonymous.org>
• Date: Thu, 09 Feb 2006 14:15:36 +0100

---

Eric Baines wrote:

How do I remove a file infected by a virus from within the system restore directory?

I recieved an email the other day that was a .zip file. I downloaded it to my PC and virus scanned it using Sophos. It said that it had scanned 3 items and they were OK. So I unzipped the file. It unzipped 5 files and immediately told me that one of the files was a .exe that was infected with a virus. I immediately deleted all the files, without running any of them and cleared my wastebasket. It can't have been on my disk for more than a minute. I thought I had sorted the problem.

The next day, the scheduled disk scan kicked in, and said I had a copy of this virus in the directory that stores my restore points. I tried to go to the directory, but even though I am an administrator on that PC, it wouldn't let me go into the directory.

I was unsure what to do, but was determined to get rid of this thing. Therefore, I switched off system restore, so it deleted all the files in the directory. I scanned the directory and it said it was OK. I then switched system restore back on, and when it had done that, I scanned the whole disk, and it said I was OK.

But system restore is there for precisely this sort of situation - where your PC is damaged and you want to go back to an undamaged state.

What should I have done, that would have got rid of this file, without getting rid of all my restore points?

Cheers

Eric

You should have used your AV program to delete it and you should have done it in Safe Mode.

Alias

Use the Reply to Sender feature of your news reader program to email me.
Utiliza Responder al Remitente para mandarme un mail.
.

---

• Follow-Ups:
  • Re: Virus in system restore
    • From: Steve N.

• Prev by Date: Re: Is smallest file size 512 or 4096 bytes
• Next by Date: Re: Where can I find out when I last installed Windows?
• Previous by thread: Re: Start up problem novice requires help
• Next by thread: Re: Virus in system restore
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: bugbear.worm ... > I have a virus program "Vet" ... > I need to know haow to get rid of this ... infected files are being found in your 'System Restore' ... (microsoft.public.windowsxp.security_admin) Re: Virus in system restore ... then you may find that your virus checker can only see the infected items ... my PC and virus scanned it using Sophos. ... I was unsure what to do, but was determined to get rid of this thing. ... system restore back on, and when it had done that, I scanned the whole ... (microsoft.public.windowsxp.general) Re: System Volume Information ... The System Volume Information folder holds the files for System Restore. ... You can get rid of the virus by performing the following, although all existing checkpoints will be deleted: ... Changing anything there may make System Restore unusable at a later date. ... (microsoft.public.windowsxp.newusers) Re: Help: Disappearing Disk Space - is this a virus? ... Sam said ... ... it said the disk had used approx 55GB with 19GB left. ... > After doing various virus and malware scans I ... I've now switched off system restore and the problem has gone ... (alt.comp.anti-virus) Re: c:windowssystem32 etdc.exe ... Netdc.exe is related to a virus. ... to remove it from relatives machine and I could not get rid of it. ... > before this started happening but System Restore couldn't do it. ... > Other than my getting the error message, ... (microsoft.public.windowsxp.general)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > WinXP  > microsoft.public.windowsxp.general  > 2006-02