RE: About System Restore Infection

From: MAP (MAP_at_discussions.microsoft.com)
Date: 06/30/04

• Next message: Scott: "Re: Recovery Encrypted file"
• Previous message: Carey Frisch [MVP]: "Re: Visuial Studio"
• In reply to: Ruab: "About System Restore Infection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 30 Jun 2004 06:26:01 -0700

"Ruab" wrote:

> Hello Microsoft Community,
>
> I am using WinXP Pro, Last week my PC got infected by Win32.MSBlaster worms's version's .a,.b,.f,.d&.worm. I removed it using Norton Antivirus, But my system got infected again & again, My intranet was disabled, when it worked my Norton AntiVirus given me warnings about 28 times that my system has been infected, I scanned & in total it found more thant 33 viruses, When I read the articals on net It said it edits "hosts" file in System32 folder, & adds more servers containing. So I reinstalled Win but system was still infected, & after reading articals I got to conclusion that this was because of System restore folder. Then I had to format whole disk. After doing all stuff, I installed each & every update on MS update site. & as recomended by Symantec I turned of my system resotre. Regarding to this problem I have some questions also--
>
> 1>Is my PC now finally safe ( I hav NAV & i update it in every 3 days)
> 2> I know that patches contains DCOM RPC vulnerability patches but does It contain any code which will not allow Viruses to edit hosts file in system32 folder.
> 3> Does any patch allow viruses to clean viruses in System Restore folder.
> 4>What exactly inbuilt firewall do to protect PC from Viruses, because like firewalls like zone alarm it does not ask that "Do you want to grant A particular software Internet access"
>
> I really hope that MS will soon resolve the issues,
>
> Thanks.

 This small program recently help me track down a parasite and remove it from regenerating
www.winpatrol.com
yes other tools would remove it but it would just reinstall itself,it also has an option to warn you if your HOSTS file has been changed so you know about it in real time.
The system restore files are "protected" files and as of today no anti-virus software can remove viruses from there.
The XP firewall does nothing to stop viruses

• Next message: Scott: "Re: Recovery Encrypted file"
• Previous message: Carey Frisch [MVP]: "Re: Visuial Studio"
• In reply to: Ruab: "About System Restore Infection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Want advice on Virus Removal ... all seem unable to remove the viruses they detect. ... >many customers lately, with many different infections. ... To clean up the _Restore folder us Disk Cleanup in the Accessories - ... up button in the System Restore section. ... (microsoft.public.windowsxp.perform_maintain) Re: E-Mail Viruses ... The unfortunate reality and one of the most major side effects of viruses is ... the virus that infected User A will send itself to User B ... The final question I have is why you had to do system restore. ... (microsoft.public.security.virus) Re: Help!!! Cannot remove viruses from Uncles Computer!!! ... Download SYSCLEAN.COM and place it in that directory. ... Re-enable System Restore and re-apply any System Restore preferences, ... | I use AVG 7.0 and when I scan my Uncle Mario's ... | computer with BOTH Ad-aware SE Personal and AVG I remove about 17-30 viruses ... (microsoft.public.windowsxp.security_admin) Re: Help! Slow comp. Tried everything ... I've tried to defragment, get rid of viruses, and try a ... system restore, but none of that works either. ... (microsoft.public.windowsxp.help_and_support) Re: Cant re-enable system restore. ... I know there are not any spyware or viruses on ... > Hi Dave, ... > and when you try to enable it, (turn it back on via the System Restore ... (microsoft.public.windowsxp.general)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint