Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus in _Restore/archive


  • Please log in to reply
1 reply to this topic

#1 carnivalofsorts

carnivalofsorts

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 13 February 2005 - 09:24 AM

Hi everyone,

Im running a small home network between 3 pc's.
one is used for gaming only, one is used for surfing the net etc and the other is mainly used for storage space and backing up stuff....
My laptop runs the virus checks accross the network and the most recent addition to it, the pc used for back up, is infected with backdoor and trojan viruses.
They've been found in the folder " _RESTORE " in archive files, with the extension .CAB and in these are a number of files with the extension .CPY.
Its the coy files that are infected, however i've found that i cant delete these, only extract them.
How can i go about ridding myself of the viruses ??
Is it possible to replace these files from another PC running the same platform ??
Im running XP Home on all PC's btw....
Any help would be gratefully appreciated.
If there really was a god, then why is my ass the perfect height for kicking ???

BC AdBot (Login to Remove)

 


#2 pip22

pip22

  • Banned
  • 341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 PM

Posted 13 February 2005 - 10:56 AM

As you probably guessed, the files in the '_RESTORE' folder are only used by the 'System Restore' utility to create and make restore points. Nothing except System Restore has access to them while System Restore is turned on, which is why they can't be cleaned or deleted.

The simple answer, and this should be done ALWAYS whenever you have suffered either a virus or other malware infection, is to DISABLE System Restore (this automatically deletes all the restore points and hence all the files in the _RESTORE folder. Then you can optionally turn system restore back on again. Windows will work fine without it, but you may want the extra peace of mind it gives you ---though it doesn't always work --- and you MUST remember to turn it off and on again as soon as you've recovered from a malware or virus infection or browser-hijack.

TO TURN SYSTEM RESTORE OFF:
1.Start -- Control Panel (switch to 'Classic View)

2. Open 'System' icon

3. Click 'System Restore' tab.

4.Click the tick-box 'Turn off system restore on all drives'

5. Click 'OK' .

TO TURN IT BACK ON:

AS above, click in the tick-box to REMOVE the tick, then click 'OK'.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users