Re: Backdoor.Ircbot.AV infection

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 11/24/03

• Next message: jerry: "Re: strange ms-updates sent to me"
• Previous message: David H. Lipman: "Re: strange ms-updates sent to me"
• In reply to: melvin: "Backdoor.Ircbot.AV infection"
• Next in thread: melvin: "Re: Backdoor.Ircbot.AV infection"
• Reply: melvin: "Re: Backdoor.Ircbot.AV infection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 23 Nov 2003 19:56:45 -0500

Please read the following URL:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

The objective:
------------------
- Turn off the System Restore function
- Reboot the PC
- Using your AV package, perform a full scan of all files on the platform and clean/delete
       infectors found
- Turn on the System Restore function
- Reboot the PC
- Create a new System Restore point.

If you have problems, it can be done manually....

Use the WinME floppy boot disk and boot from drive "A:"
When you get to a DOS prompt enter the following command

attrib -r -s -h c:\_RESTORE
rename c:\_RESTORE c:\RESTORE.old

Reboot the PC.

In Windows delete the folder; c:\RESTORE.old

Please report back your results.

Dave

"melvin" <anonymous@discussions.microsoft.com> wrote in message
news:02ce01c3b224$0fe8d5f0$a301280a@phx.gbl...
| Hello;
| AVG Antivirus informed me that my machine was infected
| with the subject virus. I suspect it got into my machine
| because I had not updated the virus file. I am running
| Windows ME so I did a System Restore to an earlier date
| which seems to got rid of it. When I look in the Test
| Results in AVG, it states I have infected files named:
| C:\_Restore\Temp\A0149115 and A0149116. Was it an OK
| procedure to use System Restore? Should I delete the
| infected files or just leave them alone? As far as I can
| determine my machine runs OK. Thanks for you help in
| advance.

---

• Next message: jerry: "Re: strange ms-updates sent to me"
• Previous message: David H. Lipman: "Re: strange ms-updates sent to me"
• In reply to: melvin: "Backdoor.Ircbot.AV infection"
• Next in thread: melvin: "Re: Backdoor.Ircbot.AV infection"
• Reply: melvin: "Re: Backdoor.Ircbot.AV infection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: fs66.cab/generic dialer ... Turn off the System Restore function ... Reboot the PC ... The Cabs are archived files and I ... (microsoft.public.security.virus) Re: Viruses in C:RestoreTemp*.cpy files that are write protected ... Turn off the System Restore function ... Reboot the PC ... | My McAfee antivirus software has isolated multiple viruses ... (microsoft.public.security.virus) Re: Invalid Procedure Call or Argument ... annoyances), cleaned infection (with System Restore turned off?), still had ... Boot into Safe Mode and use MS Config to go into Diagnostic Mode. ... note what Services and Startups AVG ... Reboot normally, ... (microsoft.public.windowsxp.help_and_support) Re: RPC shutdown (not msblast) ... Reboot the infected PC into Safe Mode ... Re-enable System Restore and re-apply any System Restore preferences, ... | Her machine then went into a reboot cycle caused by the RPC process | termianting. ... (microsoft.public.windowsxp.general) Re: Atheists: Americas most distrusted minority ... number of machines and I can't remember the last time I had to reboot (other ... another machine because a known bug in one of the updates meant that I ... move it back and do a system restore. ... didn't occur to them that eSATA drives were, well, e, and so you can't ... (rec.arts.sf.tv.babylon5.moderated)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)