Re: Gaining access to hidden files to remove virus

From: Ben Harris (vrisha@cybermesa.com)
Date: 06/17/02


From: "Ben Harris" <vrisha@cybermesa.com>
Date: Sun, 16 Jun 2002 21:53:41 -0700


Thanks for the suggestion. I thought of a surprisingly
simple approach to the problem, and it worked!

I simply opened System Restore (Start | Programs |
Accessories | System Tools | System Restore) and created a
NEW restore point for today's date. This had the effect of
replacing the files in C:\_RESTORE\TEMP with the clean
files now on the hard drive, effectively eliminating the
virus-infected temporary files in the Restore folder.

I ran a complete virus scan afterward, and the system
checked out as totally clean.

I recommend this simple procedure to anyone with a similar
problem. Thanks again for the assistance!

>-----Original Message-----
>i am just guessing here, but maybe its worth a try...
>boot using a win95/98 startup disk.in pure dos mode,
navigate to the
>directory where the virus is and delete the infected
files.
>this should work(logically at least).
>let me know if it did.
>rupam
>
>--
>
>Beauty Is In The Eyes Of The Beer Holder.
>www.kamarupa.com
>
>
>"Ben Harris" <vrisha@cybermesa.com> wrote in message
>news:f2a601c214f8$0b59bab0$39ef2ecf@TKMSFTNGXA08...
>: Please help with the following problem which Microsft
will
>: not help with because my operating system came with the
>: computer:
>:
>: Two (2) viruses are lodged in three (3) files in
>: C:\_RESTORE\TEMP folder in Windows ME (detected by AVG
>: virus program by Grisoft).
>:
>: The infected files are hidden. When I go into properties
>: for that folder and attempt to change the attribute
>: (undo "hidden"), I am denied access to make that change.
>:
>: Even when I disable the Restore utility in ME, I still
am
>: not allowed access to these files, so I cannot remove
>: them. The virus program also is unable to remove them.
>:
>: Question: How can I gain access to these files to remove
>: the viruses? If I were to perform a "restore" function,
>: would I then infect the computer with these hidden
>: viruses? How can I get around Microsoft's control
>: obsession to gain access to the infected folder and get
>: rid of these viruses?
>:
>: Thanks in advance for any help you can offer.
>
>
>.
>



Relevant Pages

  • Re: System Volume Information
    ... How to Gain Access to the System Volume Information Folder ... But the way to fix your problem is to create a restore point and then use ... > Dell Dimension 4550, WinXP Home SP2 ...
    (microsoft.public.windowsxp.general)
  • Re: system volume information
    ... Uncheck Hide Protected Operating System Files. ... How to Gain Access to the System Volume Information Folder ... But the way to fix your problem is to create a restore point and then use ...
    (microsoft.public.windowsxp.general)
  • RE: Can I use VSSs System Volume Information to restore files on new HDD
    ... VSS's System Volume Information to restore files on new HDD. ... There is a System Volume Information folder on every partition on your ... For more information about how to gain access to the folder, ... PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were ...
    (microsoft.public.windows.server.sbs)
  • Re: How can I delete System Volume Information on non important drives...please help!!
    ... Having a good backup strategy is essential to protecting ones data. ... System Restore as the name implies, is a tool to replace system type files and the registry when they become damaged or corrupted, and will not effect user data. ... When infected file exist within restore points they are dormant and will not infect the system unless the system is restored using the infected restore point. ... In combination with a good backup strategy System Restore is an excellent tool. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Conficker A virus reinfecting patched machines
    ... So in a nutshell having the patch in does nothing to prevent a machine ... Also Quilly mentioned disabling system restore which I did do, ... virus should not actually be able to infect the machine and should ... installed that the virus could no longer infect the patched machine. ...
    (alt.comp.anti-virus)