help me please

I have a unique problem. I have an hp computer with a restore partition on the main drive. It has become infected with 3 viruses. So everytime i restore my computer, the viruses come back. How do I get rid of these viruses without damaging my only source of backup? two infections are located in the system restore volume information, and if i delete them system restore never works. ARG!!!1 >:(

:slight_smile: Hi Ryan :

  We need to know the SPECIFIC Name of your antiVIRUS program ?

  In addition, have you used this Forum's "SEARCH" feature ? I think your
  question has been asked several times before with appropiate Responses.

Avast of course…lol. If you need to know the virus name it is Win32 Adware-gen

Which program do you use for backup?
If it is a partition image, I see no other way than restoring the partition, cleaning it, deleting the system restore points, enable system restore again, make a new partition backup…

It’s a standard HP restore partition, it holds a complete copy of my operating system and all programs that come with it. It’s accessible through the bios.

What is the name of the detected file on the D: (?) partition? Its entirely possible that the infection is one of the pre-installed programs like WeatherBug that come with HP/Compaq and Dell computers.

The detections in System Restore are not a big problem, but lets deal with the other first.

Win32:Adware-Gen. [Adw] That’s the only virus I have. It is infecting some system restore files on the partition and some other files. And it loves to come back. Fun.

Does avast! give you these file names?

eg D:\recovery\minibug.exe

Does avast detect that partition? (I’m not sure how avast behave with hidden partitions).
Anyway, you’ll be able to unhide that partition and scan it, sending to Chest the infected files. Then, hiding it again.
Try http://partitionlogic.org.uk/ 8)

If something from an outside source has infected the recovery partition it should be removed, but if its simply an adware program that came preinstalled it might be better to leave it alone. A file name might help decide which action is best.

Hmmm… Why? Are you affraid to avoid restoring of the partition if you manage it?

Avast just recognizes it as drive D ands scans it with no problems. The files that are infected are A0013978.exe, A0013979.exe, CompaqPresario_Spring…, and HPPavillion_Spring06.exe These are all infected with Win:32Adware-gen. [Adw] I put everything I found in the chest already.

My concern was, if this was part of an broader installation or archive file that is normal to the computer, the ability to recover other programs might be removed with the adware. If the adware is of the more benign type that comes pre-installed on HPs its better, imo, to leave it rather than risk damaging anything. If it is this type it would normally only reinstall to C: if requested by the user anyway.

Searching those 2 file names, however, implies there was more going on than just pre-installed junk programs.

@ ryan - Are you sure those 2 files were found in the D: drive, or were they in System Restore? The recovery partition and System Resore are different things.

They are in something called system volume information/_restore then a bunch of numbers. I have 4 on the D drive and 1 on C.

The other alternative is to make a drive image of your system using something like Acronis and then you would not need the restore partition

I’m one that doesn’t like these restore partitions because they effectively set your system back to as it was when you bought it.

If that was some time ago then you could have a lot of windows updates to do not to mention if it came pre-installed with trial software that you had got rid of you would have to do all that again.

Drive Imaging software (as essexboy mentions) is a real life saver, I do a weekly full image of my primary drive partitions and save them on my secondary hard drive, you can also save to an external drive or burn to DVD, etc. I have had to use my backup in anger a number of times and restoring my complete disk image took under 15 minutes, it had been well worth the money. I’m using the last version of Drive Image version 7.1 before Symantec bought out PowerQuest, the makers of Drive Image and another of my favourite programs Partition Magic.

If this is the case, I’d rather get clean the drive D: either, as it seems just to ‘restore’ a partition back to the original place.

One of the very few programs I’ve bought. In my opinion, the most reliable and better than Norton Ghost (for instance).

I use that restore thing alot, because I like to have everything perfect. Plus I mess around with my OS alot and constantly screw it up lol. Themes, programs, ususally themes(vista transformation pack anyone?) make a very sad/angry face. i am just wondering can I just delete these malwares? I dont have the 50 for acronis.

Can you post the filenames and paths where the viruses were found?

There are freeware options for backup. Just Googling you’ll find…

A0003359.exe C:\System Volume Information_restore[bunch of numbers]
A0013978.exe D:\System Volume Information_restore[bunch of numbers]
A0013979.exe D:\System Volume Information_restore[more numbers]
CompaqPresario_Spring06.exe D:\I386\Apps\APP17392\src
HPPavillion_Spring06.exe D:\I386\Apps\APP17392\src

All Infected with Win32:Adware-gen. [Adw]