McAfee VirusScan unable to delete detected virus files

[msss]

I have run a full scan of my pc, and VirusScan finds 3 virus files. But
when I click on "clean", "delete" or "quarantine", each time McAfee
tells me that it's not possible.

If I look at the file names, they are incredibly long, with endless
parts like 0000101c.EML/00001169.EML/... etc etc.

If I go to the directory where the files appear to be, I can not find
the files that McAfee detects.

The three virus files detected are:
W32/Netsky.p@MM!zip
W32/Netsky.x@MM
W32/Bagle@MM!pwdzip

I checked them on the McAfee site and all say "now risk" and I looked
for the files that these virus supposedly create, and couldn't find
any.

I'm on XP, fully updated, and my VirusScan is also fully updated.
Arg!! What to do??!!

 

[NormanM]

I have run a full scan of my pc, and VirusScan finds 3 virus files. But
when I click on "clean", "delete" or "quarantine", each time McAfee
tells me that it's not possible.

If I look at the file names, they are incredibly long, with endless
parts like 0000101c.EML/00001169.EML/... etc etc.

If I go to the directory where the files appear to be, I can not find
the files that McAfee detects.

Which directory is that? If it is the System Restore location, those files
are:

A.) Untouchable by your anti virus programmer.
B.) Not a present threat.

The three virus files detected are:
W32/Netsky.p@MM!zip
W32/Netsky.x@MM
W32/Bagle@MM!pwdzip

I checked them on the McAfee site and all say "now risk" and I looked
for the files that these virus supposedly create, and couldn't find
any.

I'm on XP, fully updated, and my VirusScan is also fully updated.
Arg!! What to do??!!

If the infected files are in the System Restore folder, you should flush
them from the folder. The only way that I know to do that is by temporarily
disabling System Restore. This results in deletion of the contents of the
directory. Do note that, when you re-enable System Restore all of your
restore points will be gone. The problem with not doing this is that running
restore to a point where the virus is located will restore the virus along
with everything else.

 

[msss]

Thanks for your reply!
But no, they are not in the system restore folder. They are in one of
the folders where my e-mail messages are stored.

 

[David H. Lipman]

No, they are not folders. When a file is found in an archive file (CAB, ZIP, RAR, etc.) or
is in a an email message store or encapsulated in an email message disk file, it will appear
as a directory.

For example the following looks like a directory \Series.zip\SERIES.ZIP but is showing a
file within an archive
D:\temp\IE6\Temporary Internet Files\Content.IE5\FZ4HCZOS\Series.zip\SERIES.ZIP
BackDoor-AZV.gen (ED)

Similar to the following email store file
D:\temp\IE6\Temporary Internet
Files\Content.IE5\WCZFECUD\Latest%20Network%20Patch[1].eml\LATEST%20NETWORK%20PATCH[1].EML
W32/Swen@MM

So if it appears as if it is an endless loop, you need to find the original EML file and
delete it or the actual email message and delete the whole email message.

--
Dave




| Thanks for your reply!
| But no, they are not in the system restore folder. They are in one of
| the folders where my e-mail messages are stored.
|

 

[msss]

No, they are not folders. When a file is found in an archive file
(CAB, ZIP, RAR, etc.) or
is in a an email message store or encapsulated in an email message disk
file, it will appear
as a directory.

So if it appears as if it is an endless loop, you need to find the

original EML file and
delete it or the actual email message and delete the whole email
message.

ah-hah! ok, thanks for the explanation - this must be what's happening.
The strange this is that:
- usually, McAfee has no trouble deleting the virus files out of my
e-mails
- I have gone through that entire mail folder and eliminated all
attached files

So I have no way of knowing where those files are - it's as if they are
"hiding" somehow. VirusScan says for their status that "The disk is
write-protected. The file cannot be deleted/cleaned"

Arg this *never* happened before - and I have not touched my settings
either in my e-mail client nor in VirusScan.
Ack a 4th one just showed up! :-(

 

[msss]

So if it appears as if it is an endless loop, you need to find the
original EML file and
delete it or the actual email message and delete the whole email
message.

But how to know what message or what file it's in ???