System infection questions

Hi,

While running avast4.7 Home edition, I have encountered infections in my Win
ME system.
Attempts as instructed by avast to desinfect these files have been
unsuccessful.

I don't know whether or not it is customary to use attachments when
addressing problems to this NG - I'm however attaching two files: 1) Top
page of thorough system scan results and 2) Bottom page of the same.

I have two 2 basic questions. These a
1) What are the implications of *manually removing the files* shown on the
attachments, which are either infected or can't be scanned?, i.e.,
c:_\Restore\Archive\FS306.CAB\A0024642.CPY
c:_\Restore\Archive\FS399.CAB\A0030539.CPY\DirectX .cab
2) Is there a program/utility that could remove such files? If not, could I
just "live" with such infected files in the shown files (attachments)?

I have run Ad-Adware and Spybot S&D and these utilities don't show the
infected files in either Safe or Real Mode..
I have also run avast 4.7 home edition in Safe Mode and get the same
results as in real mode.
Would appreciate a direction to desinfect the system from such files.
Thanks,
Ed

Ed Meza wrote:
Hi,

While running avast4.7 Home edition, I have encountered infections in my Win
ME system.
Attempts as instructed by avast to desinfect these files have been
unsuccessful.

I don't know whether or not it is customary to use attachments when
addressing problems to this NG - I'm however attaching two files: 1) Top
page of thorough system scan results and 2) Bottom page of the same.

I have two 2 basic questions. These a
1) What are the implications of *manually removing the files* shown on the
attachments, which are either infected or can't be scanned?, i.e.,
c:_\Restore\Archive\FS306.CAB\A0024642.CPY
c:_\Restore\Archive\FS399.CAB\A0030539.CPY\DirectX .cab
2) Is there a program/utility that could remove such files? If not, could I
just "live" with such infected files in the shown files (attachments)?

I have run Ad-Adware and Spybot S&D and these utilities don't show the
infected files in either Safe or Real Mode..
I have also run avast 4.7 home edition in Safe Mode and get the same
results as in real mode.
Would appreciate a direction to desinfect the system from such files.
Thanks,
Ed



Disable System Restore. Reboot. Run Avast again using the boot scan
feature. Enable System Restore.

Alias

Rather than trying to delete these files, something you won't be able to do
as they are part of the system restore archive, reset system restore once you
know everything else is running as it should. This will flush the archive
including the infected files it contains.

Mike M


"Ed Meza" wrote:

Hi,

While running avast4.7 Home edition, I have encountered infections in my Win
ME system.
Attempts as instructed by avast to desinfect these files have been
unsuccessful.

I don't know whether or not it is customary to use attachments when
addressing problems to this NG - I'm however attaching two files: 1) Top
page of thorough system scan results and 2) Bottom page of the same.

I have two 2 basic questions. These a
1) What are the implications of *manually removing the files* shown on the
attachments, which are either infected or can't be scanned?, i.e.,
c:_\Restore\Archive\FS306.CAB\A0024642.CPY
c:_\Restore\Archive\FS399.CAB\A0030539.CPY\DirectX .cab
2) Is there a program/utility that could remove such files? If not, could I
just "live" with such infected files in the shown files (attachments)?

I have run Ad-Adware and Spybot S&D and these utilities don't show the
infected files in either Safe or Real Mode..
I have also run avast 4.7 home edition in Safe Mode and get the same
results as in real mode.
Would appreciate a direction to desinfect the system from such files.
Thanks,

Hi Alias and Mike,

I would like to know whether I understood your directions correctly.
Mike, you said to reset system restore. I hope you meant set system restore
to an earlier point. I did, to 9/18/2006.
I ran avast under Safe Mode (extremely long process) and nothing got flushed
from the archive, specifically not the infected files.

Alias, you asked me to Disable System Restore - do you mean Disable as
disabling the Archive files in the Avast program? I did this - Naturally,
if the Archive is disabled the infected files will not show in the results.
They only show when Archive is enabled.
Secondly, I can not run Avast using the boot scan feature, since these
*letters are not in bold* in the interface program. Thus I was instructed
by avast to run a thorough scan in Safe Mode, which again with my dial-up
Win Me system took about 5 hours to complete. Not worth it in my opinion.
Results: Infected files are still there.

I am ready to switch to grisoft's AV but will wait for your answers.

Please correct me if I misunderstood your prior instructions.

Thanks,
Ed

"Mike M" wrote in message
...
Rather than trying to delete these files, something you won't be able to
do
as they are part of the system restore archive, reset system restore once
you
know everything else is running as it should. This will flush the archive
including the infected files it contains.

Mike M


"Ed Meza" wrote:

Hi,

While running avast4.7 Home edition, I have encountered infections in my
Win
ME system.
Attempts as instructed by avast to desinfect these files have been
unsuccessful.

I don't know whether or not it is customary to use attachments when
addressing problems to this NG - I'm however attaching two files: 1) Top
page of thorough system scan results and 2) Bottom page of the same.

I have two 2 basic questions. These a
1) What are the implications of *manually removing the files* shown on
the
attachments, which are either infected or can't be scanned?, i.e.,
c:_\Restore\Archive\FS306.CAB\A0024642.CPY
c:_\Restore\Archive\FS399.CAB\A0030539.CPY\DirectX .cab
2) Is there a program/utility that could remove such files? If not,
could I
just "live" with such infected files in the shown files (attachments)?

I have run Ad-Adware and Spybot S&D and these utilities don't show the
infected files in either Safe or Real Mode..
I have also run avast 4.7 home edition in Safe Mode and get the same
results as in real mode.
Would appreciate a direction to desinfect the system from such files.
Thanks,

Mike, you said to reset system restore. I hope you meant set system
restore to an earlier point. I did, to 9/18/2006.

No I did not. I meant reset, that is turn off and restart, flush, clear.
The object being to clear the archive not return your system to a previous
time which would have still left infected files in the archive and
possibly also reinfected your PC. I'm sorry but returning to 18 September
is the very last thing you should have done as this will mean you have
potentially lost many changes you made to your system (but not your data)
since then. System Restore should IMO never be used to roll back more
than a few days, perhaps one or two weeks at most.

I am ready to switch to grisoft's AV but will wait for your answers.

Your problem has nothing to do with your AV application but to some extent
is due to not understanding the operation of system restore and Win Me's
state manager. Have a look through Help & Support and check it out. All
that has happened is that your system became compromised, perhaps no more
than an infected file was received as an attachment via e-mail, and this
was most likely caught by your AV. The infected file however was archived
by SR when it was deleted. Hence both Alias and myself telling you to
clear the archive.
--
Mike Maltby




Ed Meza wrote:

Hi Alias and Mike,

I would like to know whether I understood your directions correctly.
Mike, you said to reset system restore. I hope you meant set system
restore to an earlier point. I did, to 9/18/2006.
I ran avast under Safe Mode (extremely long process) and nothing got
flushed from the archive, specifically not the infected files.

Alias, you asked me to Disable System Restore - do you mean Disable as
disabling the Archive files in the Avast program? I did this -
Naturally, if the Archive is disabled the infected files will not
show in the results. They only show when Archive is enabled.
Secondly, I can not run Avast using the boot scan feature, since these
*letters are not in bold* in the interface program. Thus I was
instructed by avast to run a thorough scan in Safe Mode, which again
with my dial-up Win Me system took about 5 hours to complete. Not
worth it in my opinion. Results: Infected files are still there.

I am ready to switch to grisoft's AV but will wait for your answers.

Please correct me if I misunderstood your prior instructions.

Thank you for enlightening me on my mistakes. Your points and constructive
criticism are well taken and have been noted. Fortunately, there had only
been one change made to my system, which I recovered.
I have checked out Help & Support as you suggested.
I'll give it a try again. You may close this thread.
Thanks again.
Ed

"Mike M" wrote in message
...
Mike, you said to reset system restore. I hope you meant set system
restore to an earlier point. I did, to 9/18/2006.

No I did not. I meant reset, that is turn off and restart, flush, clear.
The object being to clear the archive not return your system to a previous
time which would have still left infected files in the archive and
possibly also reinfected your PC. I'm sorry but returning to 18 September
is the very last thing you should have done as this will mean you have
potentially lost many changes you made to your system (but not your data)
since then. System Restore should IMO never be used to roll back more
than a few days, perhaps one or two weeks at most.

I am ready to switch to grisoft's AV but will wait for your answers.

Your problem has nothing to do with your AV application but to some extent
is due to not understanding the operation of system restore and Win Me's
state manager. Have a look through Help & Support and check it out. All
that has happened is that your system became compromised, perhaps no more
than an infected file was received as an attachment via e-mail, and this
was most likely caught by your AV. The infected file however was archived
by SR when it was deleted. Hence both Alias and myself telling you to
clear the archive.
--
Mike Maltby




Ed Meza wrote:

Hi Alias and Mike,

I would like to know whether I understood your directions correctly.
Mike, you said to reset system restore. I hope you meant set system
restore to an earlier point. I did, to 9/18/2006.
I ran avast under Safe Mode (extremely long process) and nothing got
flushed from the archive, specifically not the infected files.

Alias, you asked me to Disable System Restore - do you mean Disable as
disabling the Archive files in the Avast program? I did this -
Naturally, if the Archive is disabled the infected files will not
show in the results. They only show when Archive is enabled.
Secondly, I can not run Avast using the boot scan feature, since these
*letters are not in bold* in the interface program. Thus I was
instructed by avast to run a thorough scan in Safe Mode, which again
with my dial-up Win Me system took about 5 hours to complete. Not
worth it in my opinion. Results: Infected files are still there.

I am ready to switch to grisoft's AV but will wait for your answers.

Please correct me if I misunderstood your prior instructions.

Allow me to just add this: most of the AV companies give bad advice on this
matter. If you follow their instructions to the letter, you will flush
system restore *before* a full scan with their product. This is foolhardy
and is only satisfactorily explained either as the same attitude of the
ISP/OEM helpdesk, that is that its better to have you up you-know-where
without a paddle, than for them to have to explain a slightly more-involved
proceedure, or, as a consequence of anti-Win ME bigotry found all over the
Windows world, that basically amounts to a lot of Win 98 aficionados in a
sulk about Microsoft having had the temerity to develop it further!

Too often to ignore, if you run an anti-malware program you find that you
can't, for example, access the internet afterwards. So those with at least
half a brain don't flush the restore archive first, since it such situations
it would have been a cinch to recover from! That's why system restore is
there. Without it probably the majority having lost internet access are
screwed. So, you do like Mike advised. Once you know the system is working,
then flush system restore. After all, it can't do anything from in there!


Shane


Shane




Ed Meza wrote:
Thank you for enlightening me on my mistakes. Your points and
constructive criticism are well taken and have been noted.
Fortunately, there had only been one change made to my system, which
I recovered.
I have checked out Help & Support as you suggested.
I'll give it a try again. You may close this thread.
Thanks again.
Ed

"Mike M" wrote in message
...
Mike, you said to reset system restore. I hope you meant set system
restore to an earlier point. I did, to 9/18/2006.

No I did not. I meant reset, that is turn off and restart, flush,
clear. The object being to clear the archive not return your system
to a previous time which would have still left infected files in the
archive and possibly also reinfected your PC. I'm sorry but
returning to 18 September is the very last thing you should have
done as this will mean you have potentially lost many changes you
made to your system (but not your data) since then. System Restore
should IMO never be used to roll back more than a few days, perhaps
one or two weeks at most.

I am ready to switch to grisoft's AV but will wait for your answers.

Your problem has nothing to do with your AV application but to some
extent is due to not understanding the operation of system restore
and Win Me's state manager. Have a look through Help & Support and
check it out. All that has happened is that your system became
compromised, perhaps no more than an infected file was received as
an attachment via e-mail, and this was most likely caught by your
AV. The infected file however was archived by SR when it was
deleted. Hence both Alias and myself telling you to clear the
archive. --
Mike Maltby




Ed Meza wrote:

Hi Alias and Mike,

I would like to know whether I understood your directions correctly.
Mike, you said to reset system restore. I hope you meant set system
restore to an earlier point. I did, to 9/18/2006.
I ran avast under Safe Mode (extremely long process) and nothing got
flushed from the archive, specifically not the infected files.

Alias, you asked me to Disable System Restore - do you mean Disable
as disabling the Archive files in the Avast program? I did this -
Naturally, if the Archive is disabled the infected files will not
show in the results. They only show when Archive is enabled.
Secondly, I can not run Avast using the boot scan feature, since
these *letters are not in bold* in the interface program. Thus I
was instructed by avast to run a thorough scan in Safe Mode, which
again with my dial-up Win Me system took about 5 hours to complete.
Not worth it in my opinion. Results: Infected files are still
there.

I am ready to switch to grisoft's AV but will wait for your answers.

Please correct me if I misunderstood your prior instructions.

Shane/Ed,

Hence my comment "reset system restore once you know everything else is
running as it should" which as you say runs 100% counter to Symantec's
faulty and brain dead advice to disable SR before starting cleansing.
Advice that can only have been written by someone missing most if not all
of what should be between their ears and clearly without a clue.
--
Mike Maltby



Shane wrote:

Allow me to just add this: most of the AV companies give bad advice
on this matter. If you follow their instructions to the letter, you
will flush system restore *before* a full scan with their product.
This is foolhardy and is only satisfactorily explained either as the
same attitude of the ISP/OEM helpdesk, that is that its better to
have you up you-know-where without a paddle, than for them to have to
explain a slightly more-involved proceedure, or, as a consequence of
anti-Win ME bigotry found all over the Windows world, that basically
amounts to a lot of Win 98 aficionados in a sulk about Microsoft
having had the temerity to develop it further!
Too often to ignore, if you run an anti-malware program you find that
you can't, for example, access the internet afterwards. So those with
at least half a brain don't flush the restore archive first, since it
such situations it would have been a cinch to recover from! That's
why system restore is there. Without it probably the majority having
lost internet access are screwed. So, you do like Mike advised. Once
you know the system is working, then flush system restore. After all,
it can't do anything from in there!

Shane


Shane




Ed Meza wrote:
Thank you for enlightening me on my mistakes. Your points and
constructive criticism are well taken and have been noted.
Fortunately, there had only been one change made to my system, which
I recovered.
I have checked out Help & Support as you suggested.
I'll give it a try again. You may close this thread.
Thanks again.
Ed

"Mike M" wrote in message
...
Mike, you said to reset system restore. I hope you meant set
system restore to an earlier point. I did, to 9/18/2006.

No I did not. I meant reset, that is turn off and restart, flush,
clear. The object being to clear the archive not return your system
to a previous time which would have still left infected files in the
archive and possibly also reinfected your PC. I'm sorry but
returning to 18 September is the very last thing you should have
done as this will mean you have potentially lost many changes you
made to your system (but not your data) since then. System Restore
should IMO never be used to roll back more than a few days, perhaps
one or two weeks at most.

I am ready to switch to grisoft's AV but will wait for your
answers.

Your problem has nothing to do with your AV application but to some
extent is due to not understanding the operation of system restore
and Win Me's state manager. Have a look through Help & Support and
check it out. All that has happened is that your system became
compromised, perhaps no more than an infected file was received as
an attachment via e-mail, and this was most likely caught by your
AV. The infected file however was archived by SR when it was
deleted. Hence both Alias and myself telling you to clear the
archive. --
Mike Maltby




Ed Meza wrote:

Hi Alias and Mike,

I would like to know whether I understood your directions
correctly. Mike, you said to reset system restore. I hope you
meant set system restore to an earlier point. I did, to 9/18/2006.
I ran avast under Safe Mode (extremely long process) and nothing
got flushed from the archive, specifically not the infected files.

Alias, you asked me to Disable System Restore - do you mean Disable
as disabling the Archive files in the Avast program? I did this -
Naturally, if the Archive is disabled the infected files will not
show in the results. They only show when Archive is enabled.
Secondly, I can not run Avast using the boot scan feature, since
these *letters are not in bold* in the interface program. Thus I
was instructed by avast to run a thorough scan in Safe Mode, which
again with my dial-up Win Me system took about 5 hours to complete.
Not worth it in my opinion. Results: Infected files are still
there.

I am ready to switch to grisoft's AV but will wait for your
answers. Please correct me if I misunderstood your prior
instructions.

Indeed Mike,

As I said 'you do like Mike advised'. I do see how one who knows little
about it having taken this to heart, could in future see Symantec's (or most
other AV company's) advice and think it is the same procedure, while it is a
natural, quite understandable mistake to trust these type of companies. I
don't think it can be said too often that you cannot trust them!

I'd like to get stuck into insulting them - like elaborate on what I left
out earlier - but don't have the time. Perhaps you could just pretend I have
anyway? I trust you implicitly to think the right words and, why not, the
right deeds as well!

Shane



Mike M wrote:
Shane/Ed,

Hence my comment "reset system restore once you know everything else
is running as it should" which as you say runs 100% counter to
Symantec's faulty and brain dead advice to disable SR before starting
cleansing. Advice that can only have been written by someone missing
most if not all of what should be between their ears and clearly
without a clue.
Allow me to just add this: most of the AV companies give bad advice
on this matter. If you follow their instructions to the letter, you
will flush system restore *before* a full scan with their product.
This is foolhardy and is only satisfactorily explained either as the
same attitude of the ISP/OEM helpdesk, that is that its better to
have you up you-know-where without a paddle, than for them to have to
explain a slightly more-involved proceedure, or, as a consequence of
anti-Win ME bigotry found all over the Windows world, that basically
amounts to a lot of Win 98 aficionados in a sulk about Microsoft
having had the temerity to develop it further!
Too often to ignore, if you run an anti-malware program you find that
you can't, for example, access the internet afterwards. So those with
at least half a brain don't flush the restore archive first, since it
such situations it would have been a cinch to recover from! That's
why system restore is there. Without it probably the majority having
lost internet access are screwed. So, you do like Mike advised. Once
you know the system is working, then flush system restore. After all,
it can't do anything from in there!

Shane


Shane




Ed Meza wrote:
Thank you for enlightening me on my mistakes. Your points and
constructive criticism are well taken and have been noted.
Fortunately, there had only been one change made to my system, which
I recovered.
I have checked out Help & Support as you suggested.
I'll give it a try again. You may close this thread.
Thanks again.
Ed

"Mike M" wrote in message
...
Mike, you said to reset system restore. I hope you meant set
system restore to an earlier point. I did, to 9/18/2006.

No I did not. I meant reset, that is turn off and restart, flush,
clear. The object being to clear the archive not return your system
to a previous time which would have still left infected files in
the archive and possibly also reinfected your PC. I'm sorry but
returning to 18 September is the very last thing you should have
done as this will mean you have potentially lost many changes you
made to your system (but not your data) since then. System Restore
should IMO never be used to roll back more than a few days, perhaps
one or two weeks at most.

I am ready to switch to grisoft's AV but will wait for your
answers.

Your problem has nothing to do with your AV application but to some
extent is due to not understanding the operation of system restore
and Win Me's state manager. Have a look through Help & Support and
check it out. All that has happened is that your system became
compromised, perhaps no more than an infected file was received as
an attachment via e-mail, and this was most likely caught by your
AV. The infected file however was archived by SR when it was
deleted. Hence both Alias and myself telling you to clear the
archive. --
Mike Maltby




Ed Meza wrote:

Hi Alias and Mike,

I would like to know whether I understood your directions
correctly. Mike, you said to reset system restore. I hope you
meant set system restore to an earlier point. I did, to
9/18/2006. I ran avast under Safe Mode (extremely long process)
and nothing got flushed from the archive, specifically not the
infected files. Alias, you asked me to Disable System Restore - do you
mean
Disable as disabling the Archive files in the Avast program? I
did this - Naturally, if the Archive is disabled the infected
files will not show in the results. They only show when Archive
is enabled. Secondly, I can not run Avast using the boot scan
feature, since these *letters are not in bold* in the interface
program. Thus I was instructed by avast to run a thorough scan
in Safe Mode, which again with my dial-up Win Me system took
about 5 hours to complete. Not worth it in my opinion. Results:
Infected files are still there.

I am ready to switch to grisoft's AV but will wait for your
answers. Please correct me if I misunderstood your prior
instructions.

Hi Shane,

Sorry I missed your comment "like Mike advised". I've still got two PCs
here in bits (this is one of them) and am not really paying anything the
attention it deserves. My apologies. As for my pretending to have read
what you have to say about Symantec, done! Likewise you will have to do
the same for myself as most of what I have to say wouldn't get past any NG
censors. g
--
Mike M


Shane wrote:

Indeed Mike,

As I said 'you do like Mike advised'. I do see how one who knows
little about it having taken this to heart, could in future see
Symantec's (or most other AV company's) advice and think it is the
same procedure, while it is a natural, quite understandable mistake
to trust these type of companies. I don't think it can be said too
often that you cannot trust them!
I'd like to get stuck into insulting them - like elaborate on what I
left out earlier - but don't have the time. Perhaps you could just
pretend I have anyway? I trust you implicitly to think the right
words and, why not, the right deeds as well!