reoccuring viruses
My anti-virus always finds the following viruses in two different restore
archives: troj_stilen.A and VBS_PSYME.B. It only is successful in removing them by deleting the folder. However, when i run the antivirus again, the viruses are still there. So everytime i run the antivirus it stops at that point and asks to have the viruses deleted, so that the problem is never really resolved. Anybody have any thoughts? THanks. |
There is little or no point in removing viruses or trojans from the
_RESTORE archive as they are totally harmless and in doing so you are destroying the integrity of the archive. Once you have got your system clear of malware reset system restore so as to clear the archive and create a new clean reference checkpoint. However if you are repeatedly detecting a virus or other malware in a location other than the C:\_RESTORE folder then this would suggest that you are not cleaning your system of the virus and that it is regenerating itself. This behaviour is becoming increasingly prevalent especially with some adware such as recent versions of the VX2 and CoolWebSearch parasite. See MS KB 263455 - "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder" (http://support.microsoft.com?kbid=263455). -- Mike Maltby coyote wrote: My anti-virus always finds the following viruses in two different restore archives: troj_stilen.A and VBS_PSYME.B. It only is successful in removing them by deleting the folder. However, when i run the antivirus again, the viruses are still there. So everytime i run the antivirus it stops at that point and asks to have the viruses deleted, so that the problem is never really resolved. Anybody have any thoughts? THanks. |
Mike Maltby thoroughly explains the reasons for your findings. Please be aware that it is considered good practise to turn off system = restore BEFORE cleaning your system of virus, spyware, malware and = similar nasties. This will avoid the "problems" you're facing, as well as seeing those = nasties using that Windows feature to restore themselves! Zee "coyote" wrote in message = ... My anti-virus always finds the following viruses in two different = restore=20 archives: troj_stilen.A and VBS_PSYME.B. It only is successful in = removing=20 them by deleting the folder. However, when i run the antivirus again, = the=20 viruses are still there. So everytime i run the antivirus it stops at = that=20 point and asks to have the viruses deleted, so that the problem is = never=20 really resolved. Anybody have any thoughts? THanks. |
Zee,
Best practice is not to turn off system restore until AFTER the system is clean (other than for the archive) and working correctly at which point system restore should be reset so as to clear the archive and create a good new reference point. Disabling system restore prior to cleansing is never to be recommended. Users run the risk whilst cleaning of damaging their system, perhaps leaving it in an unusable state such as perhaps with a damaged winsock and unable to access the net. In such cases system restore can be the life line that saves the user and allows them to get back a usable system - either by restoring to a checkpoint created before infection or at worst a system that can connect to the net albeit still infected at which point the necessary winsock repair tool (such as LSPfix) can be downloaded for use after cleaning. -- Mike Maltby MS-MVP oops!! wrote: Mike Maltby thoroughly explains the reasons for your findings. Please be aware that it is considered good practise to turn off system restore BEFORE cleaning your system of virus, spyware, malware and similar nasties. This will avoid the "problems" you're facing, as well as seeing those nasties using that Windows feature to restore themselves! |
Mike, I am sorry but common practise nowadays is turning off system restore = before scanning and cleanup. If you leave system restore on, many of the latest nasty intruders will = immediately restore upon the first reboot. This applies to WinME as well as to WinXP. Regarding winsock corruption, it's also generally suggested to download = the fixing tool before cleaning. I always suggest this winsock fix by Option^Explicit (compatible with = Win95, 98, Me, 2000 and XP): http://downloads.subratam.org/WinsockFix.zip Anyway, this has been working for me this way, and you will see it = recommended in most, if not all, forums on the subject. Cheers, Zee "Mike M" wrote in message = ... Zee, =20 Best practice is not to turn off system restore until AFTER the system = is=20 clean (other than for the archive) and working correctly at which = point=20 system restore should be reset so as to clear the archive and create a = good new reference point. =20 Disabling system restore prior to cleansing is never to be = recommended.=20 Users run the risk whilst cleaning of damaging their system, perhaps=20 leaving it in an unusable state such as perhaps with a damaged winsock = and=20 unable to access the net. In such cases system restore can be the = life=20 line that saves the user and allows them to get back a usable system - = either by restoring to a checkpoint created before infection or at = worst a=20 system that can connect to the net albeit still infected at which = point=20 the necessary winsock repair tool (such as LSPfix) can be downloaded = for=20 use after cleaning. --=20 Mike Maltby MS-MVP =20 =20 oops!! wrote: =20 Mike Maltby thoroughly explains the reasons for your findings. Please be aware that it is considered good practise to turn off system restore BEFORE cleaning your system of virus, spyware, = malware and similar nasties. This will avoid the "problems" you're facing, as well as seeing = those nasties using that Windows feature to restore themselves! |
Common on practice is not BEST practice. This is a perfect example of
very bad advice and something not countenanced by anyone who has given the subject any thought whatsoever. I'm sorry but it is totally asinine to disable system restore until the system is back up and running OK and to advise otherwise is simply bad if not also stupid however well intentioned. As for the LSPfix, I know perfectly well how to obtain this thanks (it was me that mentioned it) but spare a thought to the individual who knows nothing about winsock problems, LSPfix or where to get it and follows your advice. They disable system restore, run their marvellous cleaning tool and end up with a system unable to connect to the net. They're now helpless and not even able to use their PC to ask for help. If however they had not disabled system restore all they need to do is to roll their system back, connect to the net and ask for advice. So to conclude, disabling system restore prior to cleaning is nothing more than VERY BAD ADVICE. -- Mike Maltby MS-MVP oops!! wrote: Mike, I am sorry but common practise nowadays is turning off system restore before scanning and cleanup. If you leave system restore on, many of the latest nasty intruders will immediately restore upon the first reboot. This applies to WinME as well as to WinXP. Regarding winsock corruption, it's also generally suggested to download the fixing tool before cleaning. I always suggest this winsock fix by Option^Explicit (compatible with Win95, 98, Me, 2000 and XP): http://downloads.subratam.org/WinsockFix.zip Anyway, this has been working for me this way, and you will see it recommended in most, if not all, forums on the subject. |
Mike, LOL I'm sure your *wisdom* is proportional to your lack of education and = good sense. But, that's so typical of too many MVP's. Enjoy your life, mate. Zee "Mike M" wrote in message = ... Common on practice is not BEST practice. This is a perfect example of = very bad advice and something not countenanced by anyone who has given = the=20 subject any thought whatsoever. =20 I'm sorry but it is totally asinine to disable system restore until = the=20 system is back up and running OK and to advise otherwise is simply bad = if=20 not also stupid however well intentioned. =20 As for the LSPfix, I know perfectly well how to obtain this thanks (it = was=20 me that mentioned it) but spare a thought to the individual who knows=20 nothing about winsock problems, LSPfix or where to get it and follows = your=20 advice. They disable system restore, run their marvellous cleaning = tool=20 and end up with a system unable to connect to the net. They're now=20 helpless and not even able to use their PC to ask for help. If = however=20 they had not disabled system restore all they need to do is to roll = their=20 system back, connect to the net and ask for advice. =20 So to conclude, disabling system restore prior to cleaning is nothing = more=20 than VERY BAD ADVICE. --=20 Mike Maltby MS-MVP =20 =20 oops!! wrote: =20 Mike, I am sorry but common practise nowadays is turning off system = restore before scanning and cleanup. If you leave system restore on, many of the latest nasty intruders will immediately restore upon the first reboot. This applies to WinME as well as to WinXP. Regarding winsock corruption, it's also generally suggested to download the fixing tool before cleaning. I always suggest this winsock fix by Option^Explicit (compatible = with Win95, 98, Me, 2000 and XP): http://downloads.subratam.org/WinsockFix.zip Anyway, this has been working for me this way, and you will see it recommended in most, if not all, forums on the subject. |
Asinine... One in sooooo.... many: http://securityresponse.symantec.com...beagle.ba@mm.= html .... The following instructions pertain to all current and recent Symantec = antivirus products, including the Symantec AntiVirus and Norton = AntiVirus product lines. 1. Disable System Restore (Windows Me/XP). 2. Update the virus definitions. 3. Restart the computer in Safe mode or VGA mode. 4. Run a full system scan and delete all the files detected as = W32.Beagle.BA@mm. 5. Delete the value that was added to the registry. For specific details on each of these steps, read the following = instructions. .... Stupid... Jim Byrd..?? Defending Your Machine http://defendingyourmachine.blogspot.com/ .... Disable Restore if you're on XP or ME (directions he = http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm), then boot = to Safe mode or a Clean Boot as above (HowTo he = http://service1.symantec.com/SUPPORT...1052409420406= ) Read tscreadme.txt carefully, then do a complete scan of your system = and clean or delete anything it finds... Hmm... Shall I go on? No, no need. Cheers, Zee "Mike M" wrote in message = ... Common on practice is not BEST practice. This is a perfect example of = very bad advice and something not countenanced by anyone who has given = the=20 subject any thought whatsoever. =20 I'm sorry but it is totally asinine to disable system restore until = the=20 system is back up and running OK and to advise otherwise is simply bad = if=20 not also stupid however well intentioned. =20 As for the LSPfix, I know perfectly well how to obtain this thanks (it = was=20 me that mentioned it) but spare a thought to the individual who knows=20 nothing about winsock problems, LSPfix or where to get it and follows = your=20 advice. They disable system restore, run their marvellous cleaning = tool=20 and end up with a system unable to connect to the net. They're now=20 helpless and not even able to use their PC to ask for help. If = however=20 they had not disabled system restore all they need to do is to roll = their=20 system back, connect to the net and ask for advice. =20 So to conclude, disabling system restore prior to cleaning is nothing = more=20 than VERY BAD ADVICE. --=20 Mike Maltby MS-MVP =20 =20 oops!! wrote: =20 Mike, I am sorry but common practise nowadays is turning off system = restore before scanning and cleanup. If you leave system restore on, many of the latest nasty intruders will immediately restore upon the first reboot. This applies to WinME as well as to WinXP. Regarding winsock corruption, it's also generally suggested to download the fixing tool before cleaning. I always suggest this winsock fix by Option^Explicit (compatible = with Win95, 98, Me, 2000 and XP): http://downloads.subratam.org/WinsockFix.zip Anyway, this has been working for me this way, and you will see it recommended in most, if not all, forums on the subject. |
The lack of education and understanding is on your part. Sadly you appear
only too willing to share that lack of understanding and ignorance with others. From your post you are clearly clueless about system restore and what is good and bad practice. -- Mike Maltby MS-MVP oops!! wrote: Mike, LOL I'm sure your *wisdom* is proportional to your lack of education and good sense. But, that's so typical of too many MVP's. Enjoy your life, mate. |
All times are GMT +1. The time now is 03:59 AM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Win98Banter.com