Re: Want advice on Virus Removal

From: Ron Martell (ron_at_onlinehelp.bc.ca)
Date: 06/18/04 

Date: Fri, 18 Jun 2004 21:35:41 GMT

"wdsnews" <wdsnews.0440@oregoncity.com> wrote:

>I've tried several anti-virus programs in an attempt to remove viruses from
>my customers' computers. Norton, TrendMicro, PestPatrol, Stinger,
>PC-cillon, all seem unable to remove the viruses they detect. I've seen
>many customers lately, with many different infections. Even Safemode does
>not allow them to be removed.
>
>All of the antivirus programs detect different new pests. They tell me what
>the infection is. They tell me what files are infected. But neither they
>nor I can delete the files. I can find the files on the harddrive. I can
>find entries in the registry. But they won't delete.
>
>I've tried shutting down running processes, but many of the suspect
>processes are considered "critical" by the OS and won't shutdown. I've
>spent most of my time in Safemode, but the files remain locked.
>
>Usually we decide to wait for an antivirus update that can handle the virus
>and sometimes that works. But in two cases we decided to format and
>re-install, which seems like a totally unacceptable solution considering the
>patch situation.
>
>So... now this expert, that I call myself, with over 20 years experience,
>feels like a total novice. I would feel very thankful to everyone who can
>give some advice. Thank you so much.
>

What are some of the specific viruses that are doing this?

And where are these viruses located?

If these viruses are located in the
\System Volume Information\_Restore folder then they are encapsulated
and cannot possibly do anything unless System Restore is used to set
the computer back to a prior date.

To clean up the _Restore folder us Disk Cleanup in the Accessories -
System Tools menu. Go to the More Options tab and click on the Clean
up button in the System Restore (bottom) section. That will eliminate
all but the most recent System Restore point and at least most of the
infected files in the _Restore folder should be gone. If not then use
System Restore to create a new restore point and then use Disk Cleanup
again.

Good luck

Ron Martell Duncan B.C. Canada 

-- 
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca
"The reason computer chips are so small is computers don't eat much."