Re: Backdoor.Ircbot.AV infection

From: melvin (anonymous_at_discussions.microsoft.com)
Date: 11/24/03 

Date: Mon, 24 Nov 2003 09:54:50 -0800

Hello David;
Thanks for the quick response. I followed your
instructions up to and including "Create a New System
Restore Point". This went OK. When I ran the AV package,
it reported no virus infection found. However, when I look
in the Test Results, of the AVG package, and click on one
of the files that is highlighted in red and click Detail
Info, it still states I have an infected file. Please let
me know what my my next step should be, if any. Thanks in
advance. I really appreciate the help.
melvin
------------------------------------
>-----Original Message-----
>Please read the following URL:
>http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.ht
m
>
>The objective:
>------------------
>- Turn off the System Restore function
>- Reboot the PC
>- Using your AV package, perform a full scan of all files
on the platform and clean/delete
> infectors found
>- Turn on the System Restore function
>- Reboot the PC
>- Create a new System Restore point.
>
>If you have problems, it can be done manually....
>
>Use the WinME floppy boot disk and boot from drive "A:"
>When you get to a DOS prompt enter the following command
>
>attrib -r -s -h c:\_RESTORE
>rename c:\_RESTORE c:\RESTORE.old
>
>Reboot the PC.
>
>In Windows delete the folder; c:\RESTORE.old
>
>Please report back your results.
>
>Dave
>
>
>"melvin" <anonymous@discussions.microsoft.com> wrote in
message
>news:02ce01c3b224$0fe8d5f0$a301280a@phx.gbl...
>| Hello;
>| AVG Antivirus informed me that my machine was infected
>| with the subject virus. I suspect it got into my machine
>| because I had not updated the virus file. I am running
>| Windows ME so I did a System Restore to an earlier date
>| which seems to got rid of it. When I look in the Test
>| Results in AVG, it states I have infected files named:
>| C:\_Restore\Temp\A0149115 and A0149116. Was it an OK
>| procedure to use System Restore? Should I delete the
>| infected files or just leave them alone? As far as I can
>| determine my machine runs OK. Thanks for you help in
>| advance.
>
>
>.
>

Relevant Pages

  • Re: AVG Anti-Virus for XP - Phantom Virus?
    ... The virus in question as per the original post is only present in the ... System Restore data. ... When the update was received the antivirus would have been able to ... infection, and the frequency and timing of AVG's update releases ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Safe mode with System Restore off
    ... If SR is turned off/on then the AV program can check to see it the virus has ... MS-MVP Windows - Shell/User ... | Disabling System Restore ... | have cleaned the infected files from all the other locations. ...
    (microsoft.public.windowsxp.general)
  • Re: $899
    ... I just don't know how they get them but they do, and shitty virus scanners like Macaffee do nothing to stop the carnage. ... they're not as targeted due to the lower potential of infection. ... That's another funny thing about this particular person's computer, after they had clicked on the "online virus scanner" and infected themselves with enough malware, IE became inoperable, so they started using firefox until of course it also became unusable. ... It will need an XP reinstall not a system restore, the malware will have wormed it's self into the system restore facility in XP. ...
    (alt.2600)
  • Re: Receiving Spybot worm message
    ... "Richard" wrote in ... > virus scan that cleaned and deleted two infected files; ... you clean the virus aand then doa system Restore, ... You need to trun off System Restore. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Disabling System Restore Points after a successful restore.
    ... System Restore and malware removal - what is best practice? ... Therefore, if you are fairly certain that you have a virus, you ... after all infection cleanup is completed. ...
    (microsoft.public.windowsxp.perform_maintain)