Virus

Vet Resident Protection
---------------------------
Vet File Monitor has found that C:\System Volume Information\_restore{3142E0F6-13C5-4452-8E86-A62A8B6CB5A3}\RP84\A0006353.exe is infected with Win32.WQK.C virus, but could not repair the file.

Find this message. have been re-installing Vet. done all the tricks but to no avail. Have even tried Bitdefender free Klezworm remover but this does not even locate it. What now?? frustrated to say the least

[JacK]

Quote:

quoting: dontknowitall link=board=24;threadid=4066;start=0#26809 date=1033985301]
Vet Resident Protection
---------------------------
Vet File Monitor has found that C:\System Volume Information\_restore{3142E0F6-13C5-4452-8E86-A62A8B6CB5A3}\RP84\A0006353.exe is infected with Win32.WQK.C virus, but could not repair the file.

Find this message. have been re-installing Vet. done all the tricks but to no avail. Have even tried Bitdefender free Klezworm remover but this does not even locate it. What now?? frustrated to say the least

Hi,

They are system protected files : no AV can access those files.

You must take the rights on those files (x:\System Volume Information)
Be sure you have UNticked before in File Options Mask protected files from system and use simple share and tick show hidden files.

Then you will be able to scan them with your AV or to suppress them manually.

Or simply unactive de System Restore service. All your restore points will be supressed. Reboot and reactive de service and make a new restore point after ckecking you are clean.

Rgds,

[Pieter_Arntz]

Dontknowitall,

Please check: http://service4.symantec.com/SUPPORT/nav.nsf/docid/2000092513515106 to find out how to clear your _RESTORE folder.

Regards,

Pieter
[EDIT] JacK beat me to it I won't delete this one since that link has proven to be very usefull[/EDIT]

[Primrose]

And I will brazenly post these links to do the same thing. I use them since they have screen shots of the process for those who do not even know this feature exits....and then here is some additional info if you just bought XP that may help some.

I will also include the ME page:








NAME: Disabling System Restore on Windows ME
ALIAS: Disabling Windows ME AutoRestore feature

http://www.europe.f-secure.com/v-descs/sfc_dis.shtml

________
NAME: Disabling System Restore on Windows XP
ALIAS: Disabling Windows XP AutoRestore feature


In Windows Millenium there was a new feature introduced called System Restore. The new Windows XP has this feature. It creates backup copies of the essential system files so they can be restored if they get corrupted. Sometimes this makes disinfection difficult as backup files can get infected and copied to System Restore folder by Windows. Then after disinfection Windows will copy the infected file back over the clean ones.

System Restore feature can be disabled using the following steps:

http://www.europe.f-secure.com/v-descs/sfc_dis1.shtml

________




System Restore Feature

XP contains a new feature called System Restore that restores the system to a previous configuration point. Should you restore your system to a point before you activated XP on your computer, the OS will forget that you activated it and you'll need to reactivate XP. If the system restore point is past the 30-day grace period that Microsoft allows for activation, you'll have to activate XP immediately. The only workaround to reactivating your system is to perform the following steps:
Start your Windows installation in Minimal Safe mode.
Move to the \%systemroot%\system32 folder.
Rename wpa.dbl to wpa.noact.
Rename wpa.bak to wpa.dbl.
Reboot your system as normal.
Note: The above procedure will work only if you've made no significant hardware changes.

[Pieter_Arntz]

Thnx for those Primrose

I agree, no better way to describe these things as with screenshots.

Regards,

Pieter

[Primrose]

Then after I post that..invariably people start getting into to an arguement about ACTIVATION and what it really means.



So I have to end up posting this...which I hope will also be a use to you.

Puzzled about Windows XP Activation!
http://www.dslreports.com/forum/rema...inme~mode=flat



XP Install FAQ
http://www.dslreports.com/faq/xpinstall


http://www.dslreports.com/forum/rema...inme~mode=flat



Sorry for the hijack..but it is all good info.

[wizard]

Quote:

quoting: dontknowitall link=board=24;threadid=4066;start=0#26809 date=1033985301]
Vet Resident Protection
---------------------------
Vet File Monitor has found that C:\System Volume Information\_restore{3142E0F6-13C5-4452-8E86-A62A8B6CB5A3}\RP84\A0006353.exe is infected with Win32.WQK.C virus, but could not repair the file.

Looks like a false positive. It happens quiet often that virus scanner wrongly detect files in the restore folder as infected. So if you have a change submit this file to the support of your antivirus software.

Reasons for false positives:
- only identified by one antivirus program
- only a file in restore folder is infected and not a file in the system
- in cases of "real" virus infections mostly more than one file is infected

wizard