Results 1 to 4 of 4
  1. #1
    Star Lounger
    Join Date
    Apr 2001
    Location
    Muscat, Oman
    Posts
    85
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Badtrans.B recovery in Windows ME

    I and many others here were victims of the I-worm Badtrans.B scourge. <img src=/S/bummer.gif border=0 alt=bummer width=15 height=15> Fortunately most email servers have picked it up and stripped out the offending attachments which were sent to thousands of others.

    I was able to get an update of AVG antivirus to detect it and on all the machines at work with WIndows 98 I have managed to clean them up. However at home I have WIndows ME. and 5 copies of the worm were detected - 3 in windowssytem directory which were quarantined and 2 in the _restoretemp directory which can not be quarantined, moved, cleaned. or deleted. Re running the AVG tells me I still have 5 viruses on the hard drive but all 5 are now in the _restoretemp directory. Infected files are all A001*.CPY in the above directory.

    I know that I can delete these files by doing a cold minimum boot to DOS, possibly changing the file attributes to unhide them. What I would like to know is - is it safe to delete these files? I understand that these are used for a system restore if required but mine is disabled (by AVG?) anyway.
    Sorry this is a wordy post but any help would be gratefully received.
    Cheers Brian

  2. #2
    3 Star Lounger
    Join Date
    Jun 2001
    Location
    Lewiston, Maine, USA
    Posts
    293
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Badtrans.B recovery in Windows ME

    You can remove these files in real time without having to reboot to DOS. Simple Right Click on the My Computer Icon -> select the Performance tab -> click on File System -> and finally select Troubleshooting Tab - under that tab checkmark the last selection 'Disable System Restore'. Click on Ok, Ok,OK. and Reboot.
    Your _restore directory will be gone and you do not need to re-uncheck that field (unless you need/want to have the system restore reactivated.
    Bob

  3. #3
    Star Lounger
    Join Date
    Apr 2001
    Location
    Muscat, Oman
    Posts
    85
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Badtrans.B recovery in Windows ME

    Thanks for your reply.

    My understanding was that all AV progs disabled the System Restore feature and sure enough it was already disabled on my system. Even so, the _RESTORE folder and its myriad of files is still on the drive and there is no way to delete anything from this folder in real time (ACCESS DENIED message). However, if you re-boot to DOS (not from a DOS session) you can delete the files.

    Anyway I took the plunge and deleted the offending files and so far everything is OK

    Brian

  4. #4
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Brantford, Ontario, Canada
    Posts
    2,391
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Badtrans.B recovery in Windows ME

    I had the same problem, but was unable to delete these files in ME, Safe mode, or with a boot diskette.

    I got around it by booting to my Linux partition, mounting my WinME partition, and deleting the files from there.

    Good old Microsoft..... when it doesn't work, use another OS.
    Christopher Baldrey

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •