Results 1 to 8 of 8
  1. #1
    2 Star Lounger
    Join Date
    Jun 2002
    Location
    Tampa, Florida, USA
    Posts
    110
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Virus in _Restore Files

    I recently did a clean install of WIN-XP (approx a week ago) and was with out virus protection while I rebuilt my system. I guess its my fault...rather than re-install my old Norton 2001 i elected to wait & went out & purchased Norton 2003. During that short period I got infected with W32.KlezH@mm, detected my NAV during my full system scan.

    There are 4 infected file in _RestoreArchive (A0120324.CPY & A0120316.CPY in FS637.CAB; A0081764.CPY in FS364.CAB; and A0068516.CPY in FS287.CAB).

    Both NAV 2003 & the W32.Klez Removal Tool were unsucessfull in repairing or removing.
    Doing more research I found out that by design antivirus tools can not clean infected files in the _Restore folder.
    My next option was to manually purge the Data Store my disabling system restore, rebooting, and then enable restore; however the four files still remain.

    Is there a way to get rid of these without reformating & starting from scratch?
    I also read somewhere that since the file are in _Restore that they can not harm anything unless I restore with that file, is this true??

  2. #2
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Virus in _Restore Files

    Bernie,
    It's true that a virus in a _Restore file will not be activated unless you use the restore function to open up this file. Since you have the virus in your old system and not in the new, I would do a fast delete of the _Restore file and not try to use it. Good Luck, <img src=/S/invisible.gif border=0 alt=invisible width=15 height=15>
    Bob
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  3. #3
    5 Star Lounger
    Join Date
    May 2002
    Location
    43.8N 81.0W, Ontario
    Posts
    815
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus in _Restore Files

    Hi Bernie

    The following is quoted from www.grisoft.com (AVG anti-virus software).

    Files placed in the _System volume information folder are source files for the system restore function that is available in Windows XP operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:
    1...Close all open programs. Then right-click My Computer on the Windows desktop
    2...Click on Properties
    3...Click on the System Restore tab
    4...Check Turn off System Restore on all drives

    I'm not sure how "turning off" System restore will delete the files, but so they say!

    Have a Great day!!!
    Ken
    <IMG SRC=http://www.wopr.com/w3tuserpics/KenK_sig.gif>

  4. #4
    2 Star Lounger
    Join Date
    Jun 2002
    Location
    Tampa, Florida, USA
    Posts
    110
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus in _Restore Files

    Bob:
    This may sound stupid but I'm a little confused. <img src=/S/bagged.gif border=0 alt=bagged width=22 height=22> You stated that the files mentioned are from the "OLD System"?? Is this not an XP direcetory???

  5. #5
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Virus in _Restore Files

    What I meant was that the _restore file was a system restore point of your system prior to doing the clean install ( when apparently "caught the virus") OLD meaning BCR (before clean reinstall) If your virus detect shows an infection in the _restore file, DON'T use it, Dump it !
    Bob
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  6. #6
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Virus in _Restore Files

    Turning off system restore WON'T delete the files, but will probably allow the user to delete them by conventional means. As I recall, the one or two times I've had to do it, I had to boot the system from a DOS floppy 'cause Windows still wouldn't let me delete files in those directories.

  7. #7
    2 Star Lounger
    Join Date
    Jun 2002
    Location
    Tampa, Florida, USA
    Posts
    110
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus in _Restore Files

    Bob, Big Al, and Ken:

    Thanks for the input. As Al stated the turning off & on of the Restore function did not take care of the problem. However, I dumped the files as Bob suggested by turning off restore, opened a DOS window & deleted the files manually using the DOS command. Rebooted, turned on Restore, and ran two virus scans to verify. A selective scan followed by a full system scan, both came back with NO Viruses found.
    <img src=/S/bananas.gif border=0 alt=bananas width=33 height=35>

    Hopefully everything is back to normal. <img src=/S/crossfingers.gif border=0 alt=crossfingers width=17 height=16>

  8. #8
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Virus in _Restore Files

    Bernie,
    Glad to hear it. Always feels good to get rid of a pesky problem like that. <img src=/S/crossfingers.gif border=0 alt=crossfingers width=17 height=16>
    Bob
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •