Re: bugbear.worm

From: AnnaLee (acasteneda@hotmail.com)
Date: 12/09/02 

From: "AnnaLee" <acasteneda@hotmail.com>
Date: Mon, 9 Dec 2002 16:37:26 -0500

"AlanP" <info@portfairygolf.com.au> wrote in message
news:025f01c29d21$82a26e80$8af82ecf@TK2MSFTNGXA03...
> I am getting a message:
> C:/System Volume Information\_restore {B4615533-10EO-4722-
> AF58-80408E3293E6}\RP205\Aoo32979.exe is
> Win32.Bugbear.worm
> I have a virus program "Vet"
> I need to know haow to get rid of this
>

"AlanP" <info@portfairygolf.com.au> wrote in message
news:025f01c29d21$82a26e80$8af82ecf@TK2MSFTNGXA03...
> I am getting a message:
> C:/System Volume Information\_restore {B4615533-10EO-4722-
> AF58-80408E3293E6}\RP205\Aoo32979.exe is
> Win32.Bugbear.worm
> I have a virus program "Vet"
> I need to know haow to get rid of this
>
Hello Alan,
I had the same problem as you; I had the Bugbear (and a program called
"Rabbit") in my C/system/restore. I posted this problem to
microsoft.public.windowsxp.general some time back. I thought the replies to
my post might assist you because it is going to take further steps to remove
the "tainted" files in C/system/restore. You will have to disable system
restore for a short time to get rid of all the bad files. Oh, and by the
way, this is for Windows XP. Below are two posts which assisted me in
getting rid of the virus.

Good luck,
ALC

Try this...

I believe you have 'System Restore' enabled and the
infected files are being found in your 'System Restore'
archives which are read-only. To allow your virus
scanning software to delete them you have to disable the
System Restore function temporarily. I believe you are
running Windows XP, judging from your comments. After
the virus scanning software deletes the files, you can re-
enable the System Restore.

1. Right click the My Computer icon on the Desktop and
click on Properties.
2. Click on the System Restore tab.
3. Put a check mark next to 'Turn off System Restore on
All Drives'.
4. Click the 'OK' button.
5. You will be prompted to restart the computer. Click
Yes.

the location of the file is in
> the System Restore backup folders. To purge the SR folders
> do the following and any resident virus will also be
> purged:
>
> 1) Right-click My Computer on Descktop and select
> Properties.
> 2) Select the System Restore tab.
> 3) Disable System Restore and Apply changes.
> 4) Most of the files should now be deleted. (If not re-
> boot the machine)
> 5) Re-enable System Restore by following the first 2 steps
> above.
>

Relevant Pages

  • Re: Virus in system restore
    ... It unzipped 5 files and immediately told me that one of the files was a .exe that was infected with a virus. ... The next day, the scheduled disk scan kicked in, and said I had a copy of this virus in the directory that stores my restore points. ... I then switched system restore back on, and when it had done that, I scanned the whole disk, and it said I was OK. ... What should I have done, that would have got rid of this file, without getting rid of all my restore points? ...
    (microsoft.public.windowsxp.general)
  • Re: Virus in system restore
    ... then you may find that your virus checker can only see the infected items ... my PC and virus scanned it using Sophos. ... I was unsure what to do, but was determined to get rid of this thing. ... system restore back on, and when it had done that, I scanned the whole ...
    (microsoft.public.windowsxp.general)
  • Re: System Volume Information
    ... The System Volume Information folder holds the files for System Restore. ... You can get rid of the virus by performing the following, although all existing checkpoints will be deleted: ... Changing anything there may make System Restore unusable at a later date. ...
    (microsoft.public.windowsxp.newusers)
  • Re: reboot not working?
    ... > my friend got a virus on his computer. ... > virus program to get rid of it and i think it worked but ... > something about memory and then starts dumping it?and ... to get rid of it? ...
    (microsoft.public.windowsxp.general)
  • Re: c:windowssystem32 etdc.exe
    ... Netdc.exe is related to a virus. ... to remove it from relatives machine and I could not get rid of it. ... > before this started happening but System Restore couldn't do it. ... > Other than my getting the error message, ...
    (microsoft.public.windowsxp.general)