I have just downloaded Avast and done its first run. During this run it found the virus Mydoom in a zipfile in _restore/archive and is titled FS1203.
I know my computer isn’t infected and that the virus is just in the file. However, when I tried to delete it Avast gave me the message Error during deletion. This happened when I tried any other of the options as well.
I have tried deleting the file manually but get the message Access denied.
I’ve even tried restarting my computer without success.
How can I get rid of this?
Any help gratefully received.
You need to turn off System Restore and check the disk again.
How to turn off System Restore:
Right-click on My Computer/Properties/System Restore tab
Here you need to select:
Turn off System Restore
This will delete the virus. Check the system again,so you’ll be sure that virus is gone.
I have windows Me and there doesn’t seem to have a system restore tab.
Mine read from left to right, General, Device manager, Hardware profiles and Performance.
Does ME have it in a different place, per
Uf i automatically thought that you have WinXP as you mentioned System Restore. Hm its a bit diffirent with WinMe…
Are you able to use Avast! Boot-Time Scan in WinMe ?
No, it wasn’t system restore the folder is _restore. Note the underline before the name.
No I don’t seem to be able to use boot-time scan as it’s greyed out.
_restore folder is used by System Restore
Since you have WinMe this means that you have FAT32 filesystem too. Boot the system with Win9x boot floppy (if you don’t have it,than you can make it in Add/Remove Programs panel),navigate to the infected file and delete it.
I hope you know how to use command-line DOS.
If not,let me know and i’ll try to help you.
Sorry to be such a pain but, I’m afraid I don’t.
I’m a silver surfer who’s come to all this rather late. ;D
If you wouldn’t mind walking me through the dos bit?
Ok,make a boot floppy (Add/Remove Programs,you’ll find option to make bootable floppy there),than you have to set boot sequence in BIOS to something like this (you can get to BIOS by holding DEL key at boot time):
FLOPPY
IDE
CD-ROM
(This is usually under Advanced Settings or something similar)
Than insert bootable floppy into drive and start the machine.
You’ll get multiple options after some time and select:
Run without CD-ROM support (something like this,i haven’t used these floppies for years coz im on NTFS).
Ok now you have black screen with white letters on it
In the line where a line is flashing you should have [b]C:[/b].
If you have [b]A:[/b] than just type C: and press [ENTER].
Now type in dir restore or if it doesn’t work,try dir _restore and press [ENTER].
Type dir temp and press [ENTER].
Now its time to dele some nasty files…
Type in del . and press [ENTER].
WARNING
Make sure your path in front of del command looks like: [b]C:_restore\temp[/b]!!! Its very important so you won’t delete good data!
You’ll be prompted to confirm deletion. Select Y as YES.
It might take a long time to delete all temp files.
After its done,restart the machine and set the boot sequence back to default and take out that boot floppy.
Start Windows normally…
Hey guys don’t do extra work when it’s not needed!
Just turn off system restore - as described e.g. here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239?Open&src=&docid=2001111912274039&nsf=tsgeninfo.nsf&view=pfdocs&dtype=&prod=&ver=&osv=&osv_lvl=
That should nuke the files.
After that, you can re-enable it if you want.
Cheers,
Vlk
Hehe i always do around my pocket ;D But it works hehe.
You might learn something from my post,but i recommend to use Vlks advice. Less work,same effect
PS: You can manipulate System Restore easier in WinXP ;D
Thanks to everyone who took their time to answer. I’ve done it now and it’s all clear.
This really is a great group. ;D