virus problem

Discussion in 'Computer Information' started by zxcv, Apr 28, 2004.

  1. zxcv

    zxcv Guest

    My virus scanner (AVG) keeps finding a virus in a bunch of files of the
    format C:\_RESTORE\TEMP\A0253128.CPY that it cannot move to vault. I also
    cannot delete the files, even in safe mode. What gives?
     
    zxcv, Apr 28, 2004
    #1
    1. Advertising

  2. zxcv

    The Prophecy Guest

    zxcv wrote:
    > My virus scanner (AVG) keeps finding a virus in a bunch of files of
    > the format C:\_RESTORE\TEMP\A0253128.CPY that it cannot move to
    > vault. I also cannot delete the files, even in safe mode. What
    > gives?


    Try disabling System Restore:

    For Windows ME:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;264887

    For Windows XP (Home or Pro):
    http://www.microsoft.com/technet/community/newsgroups/faqsrwxp.mspx

    If you are using a different version of Windows, System Restore is not
    available.
     
    The Prophecy, Apr 28, 2004
    #2
    1. Advertising

  3. zxcv

    The Prophecy Guest

    zxcv wrote:
    > "The Prophecy" <> wrote in message
    > news:_WCjc.36295$NG2.3227@edtnps84...
    >> zxcv wrote:
    >>> My virus scanner (AVG) keeps finding a virus in a bunch of files of
    >>> the format C:\_RESTORE\TEMP\A0253128.CPY that it cannot move to
    >>> vault. I also cannot delete the files, even in safe mode. What
    >>> gives?

    >>
    >> Try disabling System Restore:
    >>
    >> For Windows ME:
    >> http://support.microsoft.com/default.aspx?scid=kb;en-us;264887
    >>
    >> For Windows XP (Home or Pro):
    >> http://www.microsoft.com/technet/community/newsgroups/faqsrwxp.mspx
    >>
    >> If you are using a different version of Windows, System Restore is
    >> not available.
    >>
    >>

    >
    > Bingo. Thanks.


    You're welcome.
     
    The Prophecy, Apr 28, 2004
    #3
  4. zxcv

    zxcv Guest

    "The Prophecy" <> wrote in message
    news:_WCjc.36295$NG2.3227@edtnps84...
    > zxcv wrote:
    > > My virus scanner (AVG) keeps finding a virus in a bunch of files of
    > > the format C:\_RESTORE\TEMP\A0253128.CPY that it cannot move to
    > > vault. I also cannot delete the files, even in safe mode. What
    > > gives?

    >
    > Try disabling System Restore:
    >
    > For Windows ME:
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;264887
    >
    > For Windows XP (Home or Pro):
    > http://www.microsoft.com/technet/community/newsgroups/faqsrwxp.mspx
    >
    > If you are using a different version of Windows, System Restore is not
    > available.
    >
    >


    Bingo. Thanks.
     
    zxcv, Apr 28, 2004
    #4
  5. zxcv

    Plato Guest

    zxcv wrote:
    >
    > My virus scanner (AVG) keeps finding a virus in a bunch of files of the
    > format C:\_RESTORE\TEMP\A0253128.CPY that it cannot move to vault. I also
    > cannot delete the files, even in safe mode. What gives?


    Anti-virus cant deal with MS proprietary _restore files. Disable restore
    and delete the restore files if the pc doesnt do it automagically. Then
    run your anti-virus.


    --
    http://www.bootdisk.com/
     
    Plato, Apr 28, 2004
    #5
  6. zxcv

    Thor Guest

    "Plato" <|@|.|> wrote in message
    news:408f3d2c$0$96429$...
    > zxcv wrote:
    > >
    > > My virus scanner (AVG) keeps finding a virus in a bunch of files of the
    > > format C:\_RESTORE\TEMP\A0253128.CPY that it cannot move to vault. I

    also
    > > cannot delete the files, even in safe mode. What gives?

    >
    > Anti-virus cant deal with MS proprietary _restore files. Disable restore
    > and delete the restore files if the pc doesnt do it automagically. Then
    > run your anti-virus.


    I don't think it's a problem with being proprietary. Rather it's because
    those files are *protected* system files, and windows will not allow an
    outside program to manipulate them. At least that's what I understand it to
    be.
     
    Thor, Apr 28, 2004
    #6
  7. zxcv

    Plato Guest

    Thor wrote:
    >
    > > Anti-virus cant deal with MS proprietary _restore files. Disable restore
    > > and delete the restore files if the pc doesnt do it automagically. Then
    > > run your anti-virus.

    >
    > I don't think it's a problem with being proprietary. Rather it's because
    > those files are *protected* system files, and windows will not allow an
    > outside program to manipulate them. At least that's what I understand it to
    > be.


    OK, lets assume, for example, that we have a perfectly friendly fat32
    system with Me installed, which has _restore files. Of course one can
    boot to dos with a bootdisk and then run F-Prot for dos. My recollection
    is that F-Prot can ID a nasty in a _restore, but cant deal with it.
    Since windows is not running, it cant be protected by windows right? ie
    all files are fair game in dos unless its a proprietary form of
    compression or other.
     
    Plato, Apr 29, 2004
    #7
  8. zxcv

    Thor Guest

    "Plato" <|@|.|> wrote in message
    news:4090737c$0$1731$...
    > Thor wrote:
    > >
    > > > Anti-virus cant deal with MS proprietary _restore files. Disable

    restore
    > > > and delete the restore files if the pc doesnt do it automagically.

    Then
    > > > run your anti-virus.

    > >
    > > I don't think it's a problem with being proprietary. Rather it's because
    > > those files are *protected* system files, and windows will not allow an
    > > outside program to manipulate them. At least that's what I understand it

    to
    > > be.

    >
    > OK, lets assume, for example, that we have a perfectly friendly fat32
    > system with Me installed, which has _restore files. Of course one can
    > boot to dos with a bootdisk and then run F-Prot for dos. My recollection
    > is that F-Prot can ID a nasty in a _restore, but cant deal with it.
    > Since windows is not running, it cant be protected by windows right? ie
    > all files are fair game in dos unless its a proprietary form of
    > compression or other.


    Well, it may be that AV software can't remove the infected file from the
    archive without screwing it up. And it can't very well just delete the file,
    because they are tied to index files that would also screw up the restore
    process. Seems to me that if they are using a proprietary or otherwise
    unidentifiable type of compression, then the AV ware wouldn't be able to
    scan, detect, and identify virus infected files within it. If the AV ware
    can read and discern the files within, then it should be able to delete
    those files, or deal with them. But to remove the infection in those files
    would probably also require removal of some legitemate uninfected files that
    are linked to the infected ones in the archive, (for example taking out the
    whole restore point) and they just don't take that extra agressive step.
    Pure speculation, of course, but I can't see how being too proprietary can
    be the main issue when the reading the files within it are obviously well
    within the AV-ware's capabilities.
     
    Thor, Apr 29, 2004
    #8
  9. zxcv

    Plato Guest

    Thor wrote:
    >
    > would probably also require removal of some legitemate uninfected files that
    > are linked to the infected ones in the archive, (for example taking out the
    > whole restore point) and they just don't take that extra agressive step.


    Thats not how f-prot works tho. It always cleans ie it doesn't delete
    any files except for files that are 100% virus. Most viruses attach
    themselves to the end of a file. What f-prot does to clean it is snip
    off the virus and a few bits off the end of the legit file. If a virus
    was embedded withing a file, then it has to some sort of compression or
    whatever that put some files together so f-prot cant clean it. As you
    say, yeah, if the virus was withing a restore point and you took it out,
    yeah, you'd take out the whole restore point I agree.
     
    Plato, Apr 29, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    566
    DaveW
    Sep 22, 2003
  2. DS

    Virus in virus?

    DS, Feb 8, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    508
  3. Dangermouse

    virus or not virus

    Dangermouse, Oct 12, 2005, in forum: Computer Support
    Replies:
    5
    Views:
    540
    ellis_jay
    Oct 13, 2005
  4. Peter Maurice Cram

    Norton virus protection shutsdown - virus?

    Peter Maurice Cram, Sep 11, 2004, in forum: Computer Information
    Replies:
    2
    Views:
    626
    WebWalker
    Sep 12, 2004
  5. brenda

    Virus Virus

    brenda, Oct 15, 2007, in forum: Computer Support
    Replies:
    11
    Views:
    976
    Desk Rabbit
    Oct 16, 2007
Loading...

Share This Page