Virus

Discussion in 'other anti-virus software' started by dontknowitall, Oct 7, 2002.

Thread Status:
Not open for further replies.
  1. Vet Resident Protection
    ---------------------------
    Vet File Monitor has found that C:\System Volume Information\_restore{3142E0F6-13C5-4452-8E86-A62A8B6CB5A3}\RP84\A0006353.exe is infected with Win32.WQK.C virus, but could not repair the file.

    Find this message. have been re-installing Vet. done all the tricks but to no avail. Have even tried Bitdefender free Klezworm remover but this does not even locate it. What now?? frustrated to say the least
     
  2. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi,

    They are system protected files : no AV can access those files.

    You must take the rights on those files (x:\System Volume Information)
    Be sure you have UNticked before in File Options Mask protected files from system and use simple share and tick show hidden files.

    Then you will be able to scan them with your AV or to suppress them manually.

    Or simply unactive de System Restore service. All your restore points will be supressed. Reboot and reactive de service and make a new restore point after ckecking you are clean.

    Rgds,
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Dontknowitall,

    Please check: http://service4.symantec.com/SUPPORT/nav.nsf/docid/2000092513515106 to find out how to clear your _RESTORE folder.

    Regards,

    Pieter
    [EDIT] JacK beat me to it :) I won't delete this one since that link has proven to be very usefull[/EDIT]
     
  4. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    And I will brazenly post these links to do the same thing. I use them since they have screen shots of the process for those who do not even know this feature exits....and then here is some additional info if you just bought XP that may help some. ;)

    I will also include the ME page:








    NAME: Disabling System Restore on Windows ME
    ALIAS: Disabling Windows ME AutoRestore feature

    http://www.europe.f-secure.com/v-descs/sfc_dis.shtml

    ________
    NAME: Disabling System Restore on Windows XP
    ALIAS: Disabling Windows XP AutoRestore feature


    In Windows Millenium there was a new feature introduced called System Restore. The new Windows XP has this feature. It creates backup copies of the essential system files so they can be restored if they get corrupted. Sometimes this makes disinfection difficult as backup files can get infected and copied to System Restore folder by Windows. Then after disinfection Windows will copy the infected file back over the clean ones.

    System Restore feature can be disabled using the following steps:

    http://www.europe.f-secure.com/v-descs/sfc_dis1.shtml

    ________




    System Restore Feature

    XP contains a new feature called System Restore that restores the system to a previous configuration point. Should you restore your system to a point before you activated XP on your computer, the OS will forget that you activated it and you'll need to reactivate XP. If the system restore point is past the 30-day grace period that Microsoft allows for activation, you'll have to activate XP immediately. The only workaround to reactivating your system is to perform the following steps:
    Start your Windows installation in Minimal Safe mode.
    Move to the \%systemroot%\system32 folder.
    Rename wpa.dbl to wpa.noact.
    Rename wpa.bak to wpa.dbl.
    Reboot your system as normal.
    Note: The above procedure will work only if you've made no significant hardware changes.
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Thnx for those Primrose :)

    I agree, no better way to describe these things as with screenshots.

    Regards,

    Pieter
     
  6. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
  7. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Looks like a false positive. It happens quiet often that virus scanner wrongly detect files in the restore folder as infected. So if you have a change submit this file to the support of your antivirus software.

    Reasons for false positives:
    - only identified by one antivirus program
    - only a file in restore folder is infected and not a file in the system
    - in cases of "real" virus infections mostly more than one file is infected

    wizard
     
Loading...
Thread Status:
Not open for further replies.