Trojan Horse help please

[kurt wismer]

Harold The Rock wrote:
[correcting malformed usenet article]

[snip]

close, but...

under xp "system volume information" is where the system restore
folders are kept, and their contents are protected by the operating
system... there is no way to access them directly, the only way to get
a virus out of there is to purge your restore points...

I disagree as I run XP and sometimes AVG reports a virus in the system
restore directory. I manually delete the infected file. It has never
affected the system restore and XP has continued to function OK. It
catches up with the restore points.

then there is something very unorthodox about your setup... perhaps
you're using a fat32 partition and therefore are without the file
system permissions present in ntfs? perhaps by "manually delete" you
mean booting to some os that ignores access rights and deleting the
file(s)...

i can't even get a directory listing of system volume information while
using the default administrative account, never mind delete the
contents...

 

[Harold The Rock]

Sorry but all the partitions are NTFS and the only OS installed is XP.
If you are an administrator you can change the permissions for the
system restore folder. This will allow you to delete any infected
files that are being reported. The permissions can be reverted once
the offending file is removed.

 

[kurt wismer]

Harold The Rock wrote:
[correcting malformed usenet article]

Sorry but all the partitions are NTFS and the only OS installed is XP.
If you are an administrator you can change the permissions for the
system restore folder. This will allow you to delete any infected
files that are being reported. The permissions can be reverted once
the offending file is removed.

ok, you're right about that... you can get access to the system volume
information folder if you go through the hassle of changing the
permissions on the folder - however, most folks aren't familiar enough
with file system permissions to figure that out... most can't even find
the folder, and if they manage that the "access denied" message when
they click on it is going to confuse them...

further, interactive accounts really should not have access to that
folder - to have any assurance as to the integrity of a restore point,
the user (or 3rd party agents acting at the user's request) should not
be able to touch those files or folders... sure the user *could* revert
the permission changes but we both know that isn't likely to happen...

and frankly, i don't think the the virus restore folders are all
they're cracked up to be anyways...

 

[the secrets of a hacker]

go to sarc.com and punch the viruses into the virus enclyopedia. it will
tell you how to get rid of them.
the secrets of a hacker