«

My virus scanner (AVG) keeps finding a virus in a bunch of files of the
format C:\_RESTORE\TEMP\A0253128.CPY that it cannot move to vault. I also
cannot delete the files, even in safe mode. What gives?

zxcv wrote:
> My virus scanner (AVG) keeps finding a virus in a bunch of files of
> the format C:\_RESTORE\TEMP\A0253128.CPY that it cannot move to
> vault. I also cannot delete the files, even in safe mode. What
> gives?

Try disabling System Restore:

For Windows ME:
http://support.microsoft.com/default...b;en-us;264887

For Windows XP (Home or Pro):
http://www.microsoft.com/technet/com.../faqsrwxp.mspx

If you are using a different version of Windows, System Restore is not
available.

zxcv wrote:
> "The Prophecy" <> wrote in message
> news:_WCjc.36295$NG2.3227@edtnps84...
>> zxcv wrote:
>>> My virus scanner (AVG) keeps finding a virus in a bunch of files of
>>> the format C:\_RESTORE\TEMP\A0253128.CPY that it cannot move to
>>> vault. I also cannot delete the files, even in safe mode. What
>>> gives?
>>
>> Try disabling System Restore:
>>
>> For Windows ME:
>> http://support.microsoft.com/default...b;en-us;264887
>>
>> For Windows XP (Home or Pro):
>> http://www.microsoft.com/technet/com.../faqsrwxp.mspx
>>
>> If you are using a different version of Windows, System Restore is
>> not available.
>>
>>
>
> Bingo. Thanks.

You're welcome.

"The Prophecy" <> wrote in message
news:_WCjc.36295$NG2.3227@edtnps84...
> zxcv wrote:
> > My virus scanner (AVG) keeps finding a virus in a bunch of files of
> > the format C:\_RESTORE\TEMP\A0253128.CPY that it cannot move to
> > vault. I also cannot delete the files, even in safe mode. What
> > gives?
>
> Try disabling System Restore:
>
> For Windows ME:
> http://support.microsoft.com/default...b;en-us;264887
>
> For Windows XP (Home or Pro):
> http://www.microsoft.com/technet/com.../faqsrwxp.mspx
>
> If you are using a different version of Windows, System Restore is not
> available.
>
>

Bingo. Thanks.

zxcv wrote:
>
> My virus scanner (AVG) keeps finding a virus in a bunch of files of the
> format C:\_RESTORE\TEMP\A0253128.CPY that it cannot move to vault. I also
> cannot delete the files, even in safe mode. What gives?

Anti-virus cant deal with MS proprietary _restore files. Disable restore
and delete the restore files if the pc doesnt do it automagically. Then
run your anti-virus.


--
http://www.bootdisk.com/

"Plato" <|@|.|> wrote in message
news:408f3d2c$0$96429$...
> zxcv wrote:
> >
> > My virus scanner (AVG) keeps finding a virus in a bunch of files of the
> > format C:\_RESTORE\TEMP\A0253128.CPY that it cannot move to vault. I
also
> > cannot delete the files, even in safe mode. What gives?
>
> Anti-virus cant deal with MS proprietary _restore files. Disable restore
> and delete the restore files if the pc doesnt do it automagically. Then
> run your anti-virus.

I don't think it's a problem with being proprietary. Rather it's because
those files are *protected* system files, and windows will not allow an
outside program to manipulate them. At least that's what I understand it to
be.

Thor wrote:
>
> > Anti-virus cant deal with MS proprietary _restore files. Disable restore
> > and delete the restore files if the pc doesnt do it automagically. Then
> > run your anti-virus.
>
> I don't think it's a problem with being proprietary. Rather it's because
> those files are *protected* system files, and windows will not allow an
> outside program to manipulate them. At least that's what I understand it to
> be.

OK, lets assume, for example, that we have a perfectly friendly fat32
system with Me installed, which has _restore files. Of course one can
boot to dos with a bootdisk and then run F-Prot for dos. My recollection
is that F-Prot can ID a nasty in a _restore, but cant deal with it.
Since windows is not running, it cant be protected by windows right? ie
all files are fair game in dos unless its a proprietary form of
compression or other.

"Plato" <|@|.|> wrote in message
news:4090737c$0$1731$...
> Thor wrote:
> >
> > > Anti-virus cant deal with MS proprietary _restore files. Disable
restore
> > > and delete the restore files if the pc doesnt do it automagically.
Then
> > > run your anti-virus.
> >
> > I don't think it's a problem with being proprietary. Rather it's because
> > those files are *protected* system files, and windows will not allow an
> > outside program to manipulate them. At least that's what I understand it
to
> > be.
>
> OK, lets assume, for example, that we have a perfectly friendly fat32
> system with Me installed, which has _restore files. Of course one can
> boot to dos with a bootdisk and then run F-Prot for dos. My recollection
> is that F-Prot can ID a nasty in a _restore, but cant deal with it.
> Since windows is not running, it cant be protected by windows right? ie
> all files are fair game in dos unless its a proprietary form of
> compression or other.

Well, it may be that AV software can't remove the infected file from the
archive without screwing it up. And it can't very well just delete the file,
because they are tied to index files that would also screw up the restore
process. Seems to me that if they are using a proprietary or otherwise
unidentifiable type of compression, then the AV ware wouldn't be able to
scan, detect, and identify virus infected files within it. If the AV ware
can read and discern the files within, then it should be able to delete
those files, or deal with them. But to remove the infection in those files
would probably also require removal of some legitemate uninfected files that
are linked to the infected ones in the archive, (for example taking out the
whole restore point) and they just don't take that extra agressive step.
Pure speculation, of course, but I can't see how being too proprietary can
be the main issue when the reading the files within it are obviously well
within the AV-ware's capabilities.

Thor wrote:
>
> would probably also require removal of some legitemate uninfected files that
> are linked to the infected ones in the archive, (for example taking out the
> whole restore point) and they just don't take that extra agressive step.

Thats not how f-prot works tho. It always cleans ie it doesn't delete
any files except for files that are 100% virus. Most viruses attach
themselves to the end of a file. What f-prot does to clean it is snip
off the virus and a few bits off the end of the legit file. If a virus
was embedded withing a file, then it has to some sort of compression or
whatever that put some files together so f-prot cant clean it. As you
say, yeah, if the virus was withing a restore point and you took it out,
yeah, you'd take out the whole restore point I agree.