If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
System infection questions
Hi,
While running avast4.7 Home edition, I have encountered infections in my Win ME system. Attempts as instructed by avast to desinfect these files have been unsuccessful. I don't know whether or not it is customary to use attachments when addressing problems to this NG - I'm however attaching two files: 1) Top page of thorough system scan results and 2) Bottom page of the same. I have two 2 basic questions. These a 1) What are the implications of *manually removing the files* shown on the attachments, which are either infected or can't be scanned?, i.e., c:_\Restore\Archive\FS306.CAB\A0024642.CPY c:_\Restore\Archive\FS399.CAB\A0030539.CPY\DirectX .cab 2) Is there a program/utility that could remove such files? If not, could I just "live" with such infected files in the shown files (attachments)? I have run Ad-Adware and Spybot S&D and these utilities don't show the infected files in either Safe or Real Mode.. I have also run avast 4.7 home edition in Safe Mode and get the same results as in real mode. Would appreciate a direction to desinfect the system from such files. Thanks, Ed |
#2
|
|||
|
|||
System infection questions
Ed Meza wrote:
Hi, While running avast4.7 Home edition, I have encountered infections in my Win ME system. Attempts as instructed by avast to desinfect these files have been unsuccessful. I don't know whether or not it is customary to use attachments when addressing problems to this NG - I'm however attaching two files: 1) Top page of thorough system scan results and 2) Bottom page of the same. I have two 2 basic questions. These a 1) What are the implications of *manually removing the files* shown on the attachments, which are either infected or can't be scanned?, i.e., c:_\Restore\Archive\FS306.CAB\A0024642.CPY c:_\Restore\Archive\FS399.CAB\A0030539.CPY\DirectX .cab 2) Is there a program/utility that could remove such files? If not, could I just "live" with such infected files in the shown files (attachments)? I have run Ad-Adware and Spybot S&D and these utilities don't show the infected files in either Safe or Real Mode.. I have also run avast 4.7 home edition in Safe Mode and get the same results as in real mode. Would appreciate a direction to desinfect the system from such files. Thanks, Ed Disable System Restore. Reboot. Run Avast again using the boot scan feature. Enable System Restore. Alias |
#3
|
|||
|
|||
System infection questions
Rather than trying to delete these files, something you won't be able to do
as they are part of the system restore archive, reset system restore once you know everything else is running as it should. This will flush the archive including the infected files it contains. Mike M "Ed Meza" wrote: Hi, While running avast4.7 Home edition, I have encountered infections in my Win ME system. Attempts as instructed by avast to desinfect these files have been unsuccessful. I don't know whether or not it is customary to use attachments when addressing problems to this NG - I'm however attaching two files: 1) Top page of thorough system scan results and 2) Bottom page of the same. I have two 2 basic questions. These a 1) What are the implications of *manually removing the files* shown on the attachments, which are either infected or can't be scanned?, i.e., c:_\Restore\Archive\FS306.CAB\A0024642.CPY c:_\Restore\Archive\FS399.CAB\A0030539.CPY\DirectX .cab 2) Is there a program/utility that could remove such files? If not, could I just "live" with such infected files in the shown files (attachments)? I have run Ad-Adware and Spybot S&D and these utilities don't show the infected files in either Safe or Real Mode.. I have also run avast 4.7 home edition in Safe Mode and get the same results as in real mode. Would appreciate a direction to desinfect the system from such files. Thanks, |
#4
|
|||
|
|||
System infection questions
Hi Alias and Mike,
I would like to know whether I understood your directions correctly. Mike, you said to reset system restore. I hope you meant set system restore to an earlier point. I did, to 9/18/2006. I ran avast under Safe Mode (extremely long process) and nothing got flushed from the archive, specifically not the infected files. Alias, you asked me to Disable System Restore - do you mean Disable as disabling the Archive files in the Avast program? I did this - Naturally, if the Archive is disabled the infected files will not show in the results. They only show when Archive is enabled. Secondly, I can not run Avast using the boot scan feature, since these *letters are not in bold* in the interface program. Thus I was instructed by avast to run a thorough scan in Safe Mode, which again with my dial-up Win Me system took about 5 hours to complete. Not worth it in my opinion. Results: Infected files are still there. I am ready to switch to grisoft's AV but will wait for your answers. Please correct me if I misunderstood your prior instructions. Thanks, Ed "Mike M" wrote in message ... Rather than trying to delete these files, something you won't be able to do as they are part of the system restore archive, reset system restore once you know everything else is running as it should. This will flush the archive including the infected files it contains. Mike M "Ed Meza" wrote: Hi, While running avast4.7 Home edition, I have encountered infections in my Win ME system. Attempts as instructed by avast to desinfect these files have been unsuccessful. I don't know whether or not it is customary to use attachments when addressing problems to this NG - I'm however attaching two files: 1) Top page of thorough system scan results and 2) Bottom page of the same. I have two 2 basic questions. These a 1) What are the implications of *manually removing the files* shown on the attachments, which are either infected or can't be scanned?, i.e., c:_\Restore\Archive\FS306.CAB\A0024642.CPY c:_\Restore\Archive\FS399.CAB\A0030539.CPY\DirectX .cab 2) Is there a program/utility that could remove such files? If not, could I just "live" with such infected files in the shown files (attachments)? I have run Ad-Adware and Spybot S&D and these utilities don't show the infected files in either Safe or Real Mode.. I have also run avast 4.7 home edition in Safe Mode and get the same results as in real mode. Would appreciate a direction to desinfect the system from such files. Thanks, |
#5
|
|||
|
|||
System infection questions
Mike, you said to reset system restore. I hope you meant set system
restore to an earlier point. I did, to 9/18/2006. No I did not. I meant reset, that is turn off and restart, flush, clear. The object being to clear the archive not return your system to a previous time which would have still left infected files in the archive and possibly also reinfected your PC. I'm sorry but returning to 18 September is the very last thing you should have done as this will mean you have potentially lost many changes you made to your system (but not your data) since then. System Restore should IMO never be used to roll back more than a few days, perhaps one or two weeks at most. I am ready to switch to grisoft's AV but will wait for your answers. Your problem has nothing to do with your AV application but to some extent is due to not understanding the operation of system restore and Win Me's state manager. Have a look through Help & Support and check it out. All that has happened is that your system became compromised, perhaps no more than an infected file was received as an attachment via e-mail, and this was most likely caught by your AV. The infected file however was archived by SR when it was deleted. Hence both Alias and myself telling you to clear the archive. -- Mike Maltby Ed Meza wrote: Hi Alias and Mike, I would like to know whether I understood your directions correctly. Mike, you said to reset system restore. I hope you meant set system restore to an earlier point. I did, to 9/18/2006. I ran avast under Safe Mode (extremely long process) and nothing got flushed from the archive, specifically not the infected files. Alias, you asked me to Disable System Restore - do you mean Disable as disabling the Archive files in the Avast program? I did this - Naturally, if the Archive is disabled the infected files will not show in the results. They only show when Archive is enabled. Secondly, I can not run Avast using the boot scan feature, since these *letters are not in bold* in the interface program. Thus I was instructed by avast to run a thorough scan in Safe Mode, which again with my dial-up Win Me system took about 5 hours to complete. Not worth it in my opinion. Results: Infected files are still there. I am ready to switch to grisoft's AV but will wait for your answers. Please correct me if I misunderstood your prior instructions. |
#6
|
|||
|
|||
System infection questions
Thank you for enlightening me on my mistakes. Your points and constructive
criticism are well taken and have been noted. Fortunately, there had only been one change made to my system, which I recovered. I have checked out Help & Support as you suggested. I'll give it a try again. You may close this thread. Thanks again. Ed "Mike M" wrote in message ... Mike, you said to reset system restore. I hope you meant set system restore to an earlier point. I did, to 9/18/2006. No I did not. I meant reset, that is turn off and restart, flush, clear. The object being to clear the archive not return your system to a previous time which would have still left infected files in the archive and possibly also reinfected your PC. I'm sorry but returning to 18 September is the very last thing you should have done as this will mean you have potentially lost many changes you made to your system (but not your data) since then. System Restore should IMO never be used to roll back more than a few days, perhaps one or two weeks at most. I am ready to switch to grisoft's AV but will wait for your answers. Your problem has nothing to do with your AV application but to some extent is due to not understanding the operation of system restore and Win Me's state manager. Have a look through Help & Support and check it out. All that has happened is that your system became compromised, perhaps no more than an infected file was received as an attachment via e-mail, and this was most likely caught by your AV. The infected file however was archived by SR when it was deleted. Hence both Alias and myself telling you to clear the archive. -- Mike Maltby Ed Meza wrote: Hi Alias and Mike, I would like to know whether I understood your directions correctly. Mike, you said to reset system restore. I hope you meant set system restore to an earlier point. I did, to 9/18/2006. I ran avast under Safe Mode (extremely long process) and nothing got flushed from the archive, specifically not the infected files. Alias, you asked me to Disable System Restore - do you mean Disable as disabling the Archive files in the Avast program? I did this - Naturally, if the Archive is disabled the infected files will not show in the results. They only show when Archive is enabled. Secondly, I can not run Avast using the boot scan feature, since these *letters are not in bold* in the interface program. Thus I was instructed by avast to run a thorough scan in Safe Mode, which again with my dial-up Win Me system took about 5 hours to complete. Not worth it in my opinion. Results: Infected files are still there. I am ready to switch to grisoft's AV but will wait for your answers. Please correct me if I misunderstood your prior instructions. |
#7
|
|||
|
|||
System infection questions
Allow me to just add this: most of the AV companies give bad advice on this
matter. If you follow their instructions to the letter, you will flush system restore *before* a full scan with their product. This is foolhardy and is only satisfactorily explained either as the same attitude of the ISP/OEM helpdesk, that is that its better to have you up you-know-where without a paddle, than for them to have to explain a slightly more-involved proceedure, or, as a consequence of anti-Win ME bigotry found all over the Windows world, that basically amounts to a lot of Win 98 aficionados in a sulk about Microsoft having had the temerity to develop it further! Too often to ignore, if you run an anti-malware program you find that you can't, for example, access the internet afterwards. So those with at least half a brain don't flush the restore archive first, since it such situations it would have been a cinch to recover from! That's why system restore is there. Without it probably the majority having lost internet access are screwed. So, you do like Mike advised. Once you know the system is working, then flush system restore. After all, it can't do anything from in there! Shane Shane Ed Meza wrote: Thank you for enlightening me on my mistakes. Your points and constructive criticism are well taken and have been noted. Fortunately, there had only been one change made to my system, which I recovered. I have checked out Help & Support as you suggested. I'll give it a try again. You may close this thread. Thanks again. Ed "Mike M" wrote in message ... Mike, you said to reset system restore. I hope you meant set system restore to an earlier point. I did, to 9/18/2006. No I did not. I meant reset, that is turn off and restart, flush, clear. The object being to clear the archive not return your system to a previous time which would have still left infected files in the archive and possibly also reinfected your PC. I'm sorry but returning to 18 September is the very last thing you should have done as this will mean you have potentially lost many changes you made to your system (but not your data) since then. System Restore should IMO never be used to roll back more than a few days, perhaps one or two weeks at most. I am ready to switch to grisoft's AV but will wait for your answers. Your problem has nothing to do with your AV application but to some extent is due to not understanding the operation of system restore and Win Me's state manager. Have a look through Help & Support and check it out. All that has happened is that your system became compromised, perhaps no more than an infected file was received as an attachment via e-mail, and this was most likely caught by your AV. The infected file however was archived by SR when it was deleted. Hence both Alias and myself telling you to clear the archive. -- Mike Maltby Ed Meza wrote: Hi Alias and Mike, I would like to know whether I understood your directions correctly. Mike, you said to reset system restore. I hope you meant set system restore to an earlier point. I did, to 9/18/2006. I ran avast under Safe Mode (extremely long process) and nothing got flushed from the archive, specifically not the infected files. Alias, you asked me to Disable System Restore - do you mean Disable as disabling the Archive files in the Avast program? I did this - Naturally, if the Archive is disabled the infected files will not show in the results. They only show when Archive is enabled. Secondly, I can not run Avast using the boot scan feature, since these *letters are not in bold* in the interface program. Thus I was instructed by avast to run a thorough scan in Safe Mode, which again with my dial-up Win Me system took about 5 hours to complete. Not worth it in my opinion. Results: Infected files are still there. I am ready to switch to grisoft's AV but will wait for your answers. Please correct me if I misunderstood your prior instructions. |
#9
|
|||
|
|||
System infection questions
Indeed Mike,
As I said 'you do like Mike advised'. I do see how one who knows little about it having taken this to heart, could in future see Symantec's (or most other AV company's) advice and think it is the same procedure, while it is a natural, quite understandable mistake to trust these type of companies. I don't think it can be said too often that you cannot trust them! I'd like to get stuck into insulting them - like elaborate on what I left out earlier - but don't have the time. Perhaps you could just pretend I have anyway? I trust you implicitly to think the right words and, why not, the right deeds as well! Shane Mike M wrote: Shane/Ed, Hence my comment "reset system restore once you know everything else is running as it should" which as you say runs 100% counter to Symantec's faulty and brain dead advice to disable SR before starting cleansing. Advice that can only have been written by someone missing most if not all of what should be between their ears and clearly without a clue. Allow me to just add this: most of the AV companies give bad advice on this matter. If you follow their instructions to the letter, you will flush system restore *before* a full scan with their product. This is foolhardy and is only satisfactorily explained either as the same attitude of the ISP/OEM helpdesk, that is that its better to have you up you-know-where without a paddle, than for them to have to explain a slightly more-involved proceedure, or, as a consequence of anti-Win ME bigotry found all over the Windows world, that basically amounts to a lot of Win 98 aficionados in a sulk about Microsoft having had the temerity to develop it further! Too often to ignore, if you run an anti-malware program you find that you can't, for example, access the internet afterwards. So those with at least half a brain don't flush the restore archive first, since it such situations it would have been a cinch to recover from! That's why system restore is there. Without it probably the majority having lost internet access are screwed. So, you do like Mike advised. Once you know the system is working, then flush system restore. After all, it can't do anything from in there! Shane Shane Ed Meza wrote: Thank you for enlightening me on my mistakes. Your points and constructive criticism are well taken and have been noted. Fortunately, there had only been one change made to my system, which I recovered. I have checked out Help & Support as you suggested. I'll give it a try again. You may close this thread. Thanks again. Ed "Mike M" wrote in message ... Mike, you said to reset system restore. I hope you meant set system restore to an earlier point. I did, to 9/18/2006. No I did not. I meant reset, that is turn off and restart, flush, clear. The object being to clear the archive not return your system to a previous time which would have still left infected files in the archive and possibly also reinfected your PC. I'm sorry but returning to 18 September is the very last thing you should have done as this will mean you have potentially lost many changes you made to your system (but not your data) since then. System Restore should IMO never be used to roll back more than a few days, perhaps one or two weeks at most. I am ready to switch to grisoft's AV but will wait for your answers. Your problem has nothing to do with your AV application but to some extent is due to not understanding the operation of system restore and Win Me's state manager. Have a look through Help & Support and check it out. All that has happened is that your system became compromised, perhaps no more than an infected file was received as an attachment via e-mail, and this was most likely caught by your AV. The infected file however was archived by SR when it was deleted. Hence both Alias and myself telling you to clear the archive. -- Mike Maltby Ed Meza wrote: Hi Alias and Mike, I would like to know whether I understood your directions correctly. Mike, you said to reset system restore. I hope you meant set system restore to an earlier point. I did, to 9/18/2006. I ran avast under Safe Mode (extremely long process) and nothing got flushed from the archive, specifically not the infected files. Alias, you asked me to Disable System Restore - do you mean Disable as disabling the Archive files in the Avast program? I did this - Naturally, if the Archive is disabled the infected files will not show in the results. They only show when Archive is enabled. Secondly, I can not run Avast using the boot scan feature, since these *letters are not in bold* in the interface program. Thus I was instructed by avast to run a thorough scan in Safe Mode, which again with my dial-up Win Me system took about 5 hours to complete. Not worth it in my opinion. Results: Infected files are still there. I am ready to switch to grisoft's AV but will wait for your answers. Please correct me if I misunderstood your prior instructions. |
#10
|
|||
|
|||
System infection questions
Hi Shane,
Sorry I missed your comment "like Mike advised". I've still got two PCs here in bits (this is one of them) and am not really paying anything the attention it deserves. My apologies. As for my pretending to have read what you have to say about Symantec, done! Likewise you will have to do the same for myself as most of what I have to say wouldn't get past any NG censors. g -- Mike M Shane wrote: Indeed Mike, As I said 'you do like Mike advised'. I do see how one who knows little about it having taken this to heart, could in future see Symantec's (or most other AV company's) advice and think it is the same procedure, while it is a natural, quite understandable mistake to trust these type of companies. I don't think it can be said too often that you cannot trust them! I'd like to get stuck into insulting them - like elaborate on what I left out earlier - but don't have the time. Perhaps you could just pretend I have anyway? I trust you implicitly to think the right words and, why not, the right deeds as well! |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Dual Boot Win 98 system with xp | Gavin | General | 6 | December 2nd 05 10:20 PM |
Can't Perform System Restore from System Tools | Steve Z. | General | 6 | June 3rd 05 10:59 AM |
Shenan Stanley vies for longest Master Post title! | PA Bear | General | 5 | May 21st 05 05:27 PM |
Slooooow boot BootLogAnalyzer | KB | General | 9 | April 8th 05 01:05 AM |
Very slow | PAT (pAUL) | General | 14 | November 4th 04 04:24 AM |