Thread: Restore \temp infected file
View Single Post
  #3  
Old June 17th 04, 06:47 PM
Linda
external usenet poster
  
Posts: n/a
Default Restore \temp infected file
What you are saying makes complete sense when you think
about how system restore works. Someone should rap the
knuckles of the people that wrote the article on running
the stinger for virus removal from archives. They tell you
to disable your system restore. Real bad advice.
-----Original Message-----
There is no need to be concerned about any virus or
trojan in the _RESTORE
archive as they are harmless there and can only cause
problems if you later
choose to restore to a checkpoint created AFTER infection
and BEFORE you
cleaned your system. Something I'm sure you won't be
doing after reading this
post. Any worms, trojans and viruses in the _restore
archive will
automatically be discarded in time as newer data is
archived and older files
discarded The problem with disabling system restore is
that it flushes the
_restore archive and whilst that removes any virus
remnants it also removes
any good usable checkpoints you might have and you never
know when you might
want to use that lifebelt. If you do want to clear this
folder I wouldn't
advise doing so until _after_ you have thoroughly cleaned
your system and got
it working again just in case you need to use system
restore. Once your
system is clean and fully functional you can clear the
folder.

Moving on yo how to clear the archive. There are two
approaches to resolving
your problem:
Firstly try reducing the space allocated to the System
Restore archive as this
could flush out these unwanted files. Do this using the
slider found at
System | Performance | File System | Hard Disk and reduce
the allocated space
until you flush out the unwanted files.

If that fails, reset System Resto
System | Performance | File System | Troubleshooting and
check "Disable
System Restore", Apply and IMMEDIATELY reboot. This will
flush you restore
folder and erase all checkpoints, then,
System | Performance | File System | Troubleshooting and
uncheck "Disable
System Restore", Apply and again IMMEDIATELY reboot.
This should now
automatically create a new checkpoint immediately
following the restart.
Finally adjust the space allocated to the restore folder,
System | Performance | File System | Hard Disk and adjust
the restore slider
to your preferred setting. A figure of 200MB is
normally more than adequate
for day to day use allowing perhaps a week of checkpoints
to be available
although increasing this to perhaps 400-500MB for a few
days during periods of
large installs such Microsoft Office is advisable.

See also MS KB 263455 - "Antivirus Tools Cannot Clean
Infected Files in the
_Restore Folder" (http://support.microsoft.com?
kbid=263455).
--
Mike Maltby MS-MVP



Mary wrote:

Can anyone help me? I ran my AVG scan, I have an
infected
file called BKDR Ruledor.d in C:\
restore\temp\A0011243/cpy. AVG says it can't be cleaned
or
removed....I ran Trend and it said it can't be cleaned
or
deleted because its in use. What can i do to get rid of
it?
What is a backdoor virus, how did it get in my
computer?


.