Backdoor Virus question

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Yesterday, I downloaded a file with the backdoor virus. McAfee caught it during the download. It came in as a .scr extension. I was able to delete it under "Administrators" login after resetting the "-r" option which was placed on the file. I did a restore and thought everything was fine.

Today during startup, McAfee said that an infected file (which it could not delete again) was saved under
C:\System Volume Information\_restore{ alot of characters} I tried again to go into Administrator login and delete. Windows XP would not let me reset the system or hidden attributes on this directory. I would not let me the files in the directory even though the -r option was not set. I did everything under the cmd prompt and had no luck.

How can I get in the restore directory and get that file out!

R. Sowell
 
Hello there.

If you turn off the system restore feature that should delete all of the
restore points on the PC. Then run a full antiviral scan. Once that is
showing all clear you can turn on system restore again.

Hope this helps!

Chris

R. Sowell said:
Yesterday, I downloaded a file with the backdoor virus. McAfee caught it
Click to expand...
during the download. It came in as a .scr extension. I was able to delete it
under "Administrators" login after resetting the "-r" option which was
placed on the file. I did a restore and thought everything was fine.
Today during startup, McAfee said that an infected file (which it could
Click to expand...
not delete again) was saved under
C:\System Volume Information\_restore{ alot of characters} I tried
Click to expand...
again to go into Administrator login and delete. Windows XP would not let
me reset the system or hidden attributes on this directory. I would not let
me the files in the directory even though the -r option was not set. I did
everything under the cmd prompt and had no luck.
 
R. Sowell said:
Yesterday, I downloaded a file with the backdoor virus. McAfee
caught it during the download. It came in as a .scr extension. I was
able to delete it under "Administrators" login after resetting the
"-r" option which was placed on the file. I did a restore and
thought everything was fine.

Today during startup, McAfee said that an infected file (which it
could not delete again) was saved under
C:\System Volume Information\_restore{ alot of characters} I tried
again to go into Administrator login and delete. Windows XP would
not let me reset the system or hidden attributes on this directory. I
would not let me the files in the directory even though the -r option
was not set. I did everything under the cmd prompt and had no luck.

How can I get in the restore directory and get that file out!

R. Sowell
Click to expand...

The System Volume Information folder contains the check points for the
System Restore utility. A restore check point was created at some point and
the virus file was included in the check point. The best way to get rid of
the current SR check point files is to turn SR off and then back on again.

Open Control Panel/System/System Restore Tab. Palce a check mark in the
"Turn off System Restore on all drives" option. Apply/OK. Reboot the
computer and then go back and remove that check mark to turn system restore
back on.

--
Ronnie Vernon
Microsoft MVP-Windows Shell/User

Please reply to the newsgroup so all may benefit.
http://www.dts-l.org
http://www.mvps.org
 
Back
Top