A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows ME » Software & Applications
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

reoccuring viruses



 
 
Thread Tools Display Modes
  #1  
Old January 28th 05, 02:21 PM
coyote
external usenet poster
 
Posts: n/a
Default reoccuring viruses

My anti-virus always finds the following viruses in two different restore
archives: troj_stilen.A and VBS_PSYME.B. It only is successful in removing
them by deleting the folder. However, when i run the antivirus again, the
viruses are still there. So everytime i run the antivirus it stops at that
point and asks to have the viruses deleted, so that the problem is never
really resolved. Anybody have any thoughts? THanks.
  #2  
Old January 28th 05, 03:49 PM
Mike M
external usenet poster
 
Posts: n/a
Default

There is little or no point in removing viruses or trojans from the
_RESTORE archive as they are totally harmless and in doing so you are
destroying the integrity of the archive. Once you have got your system
clear of malware reset system restore so as to clear the archive and
create a new clean reference checkpoint.

However if you are repeatedly detecting a virus or other malware in a
location other than the C:\_RESTORE folder then this would suggest that
you are not cleaning your system of the virus and that it is regenerating
itself. This behaviour is becoming increasingly prevalent especially with
some adware such as recent versions of the VX2 and CoolWebSearch parasite.

See MS KB 263455 - "Antivirus Tools Cannot Clean Infected Files in the
_Restore Folder" (http://support.microsoft.com?kbid=263455).
--
Mike Maltby



coyote wrote:

My anti-virus always finds the following viruses in two different
restore archives: troj_stilen.A and VBS_PSYME.B. It only is
successful in removing them by deleting the folder. However, when i
run the antivirus again, the viruses are still there. So everytime i
run the antivirus it stops at that point and asks to have the viruses
deleted, so that the problem is never really resolved. Anybody have
any thoughts? THanks.


  #3  
Old January 28th 05, 04:25 PM
oops!!
external usenet poster
 
Posts: n/a
Default


Mike Maltby thoroughly explains the reasons for your findings.

Please be aware that it is considered good practise to turn off system =
restore BEFORE cleaning your system of virus, spyware, malware and =
similar nasties.

This will avoid the "problems" you're facing, as well as seeing those =
nasties using that Windows feature to restore themselves!

Zee



"coyote" wrote in message =
...
My anti-virus always finds the following viruses in two different =

restore=20
archives: troj_stilen.A and VBS_PSYME.B. It only is successful in =

removing=20
them by deleting the folder. However, when i run the antivirus again, =

the=20
viruses are still there. So everytime i run the antivirus it stops at =

that=20
point and asks to have the viruses deleted, so that the problem is =

never=20
really resolved. Anybody have any thoughts? THanks.

  #4  
Old January 28th 05, 05:09 PM
Mike M
external usenet poster
 
Posts: n/a
Default

Zee,

Best practice is not to turn off system restore until AFTER the system is
clean (other than for the archive) and working correctly at which point
system restore should be reset so as to clear the archive and create a
good new reference point.

Disabling system restore prior to cleansing is never to be recommended.
Users run the risk whilst cleaning of damaging their system, perhaps
leaving it in an unusable state such as perhaps with a damaged winsock and
unable to access the net. In such cases system restore can be the life
line that saves the user and allows them to get back a usable system -
either by restoring to a checkpoint created before infection or at worst a
system that can connect to the net albeit still infected at which point
the necessary winsock repair tool (such as LSPfix) can be downloaded for
use after cleaning.
--
Mike Maltby MS-MVP



oops!! wrote:

Mike Maltby thoroughly explains the reasons for your findings.

Please be aware that it is considered good practise to turn off
system restore BEFORE cleaning your system of virus, spyware, malware
and similar nasties.

This will avoid the "problems" you're facing, as well as seeing those
nasties using that Windows feature to restore themselves!


  #5  
Old January 28th 05, 05:38 PM
oops!!
external usenet poster
 
Posts: n/a
Default


Mike,

I am sorry but common practise nowadays is turning off system restore =
before scanning and cleanup.

If you leave system restore on, many of the latest nasty intruders will =
immediately restore upon the first reboot.

This applies to WinME as well as to WinXP.

Regarding winsock corruption, it's also generally suggested to download =
the fixing tool before cleaning.

I always suggest this winsock fix by Option^Explicit (compatible with =
Win95, 98, Me, 2000 and XP):

http://downloads.subratam.org/WinsockFix.zip

Anyway, this has been working for me this way, and you will see it =
recommended in most, if not all, forums on the subject.

Cheers,

Zee




"Mike M" wrote in message =
...
Zee,
=20
Best practice is not to turn off system restore until AFTER the system =

is=20
clean (other than for the archive) and working correctly at which =

point=20
system restore should be reset so as to clear the archive and create a =


good new reference point.
=20
Disabling system restore prior to cleansing is never to be =

recommended.=20
Users run the risk whilst cleaning of damaging their system, perhaps=20
leaving it in an unusable state such as perhaps with a damaged winsock =

and=20
unable to access the net. In such cases system restore can be the =

life=20
line that saves the user and allows them to get back a usable system - =


either by restoring to a checkpoint created before infection or at =

worst a=20
system that can connect to the net albeit still infected at which =

point=20
the necessary winsock repair tool (such as LSPfix) can be downloaded =

for=20
use after cleaning.
--=20
Mike Maltby MS-MVP

=20
=20
oops!! wrote:
=20
Mike Maltby thoroughly explains the reasons for your findings.

Please be aware that it is considered good practise to turn off
system restore BEFORE cleaning your system of virus, spyware, =

malware
and similar nasties.

This will avoid the "problems" you're facing, as well as seeing =

those
nasties using that Windows feature to restore themselves!


  #6  
Old January 28th 05, 06:22 PM
Mike M
external usenet poster
 
Posts: n/a
Default

Common on practice is not BEST practice. This is a perfect example of
very bad advice and something not countenanced by anyone who has given the
subject any thought whatsoever.

I'm sorry but it is totally asinine to disable system restore until the
system is back up and running OK and to advise otherwise is simply bad if
not also stupid however well intentioned.

As for the LSPfix, I know perfectly well how to obtain this thanks (it was
me that mentioned it) but spare a thought to the individual who knows
nothing about winsock problems, LSPfix or where to get it and follows your
advice. They disable system restore, run their marvellous cleaning tool
and end up with a system unable to connect to the net. They're now
helpless and not even able to use their PC to ask for help. If however
they had not disabled system restore all they need to do is to roll their
system back, connect to the net and ask for advice.

So to conclude, disabling system restore prior to cleaning is nothing more
than VERY BAD ADVICE.
--
Mike Maltby MS-MVP



oops!! wrote:

Mike,

I am sorry but common practise nowadays is turning off system restore
before scanning and cleanup.

If you leave system restore on, many of the latest nasty intruders
will immediately restore upon the first reboot.

This applies to WinME as well as to WinXP.

Regarding winsock corruption, it's also generally suggested to
download the fixing tool before cleaning.

I always suggest this winsock fix by Option^Explicit (compatible with
Win95, 98, Me, 2000 and XP):

http://downloads.subratam.org/WinsockFix.zip

Anyway, this has been working for me this way, and you will see it
recommended in most, if not all, forums on the subject.


  #7  
Old January 28th 05, 06:55 PM
oops!!
external usenet poster
 
Posts: n/a
Default


Mike,

LOL

I'm sure your *wisdom* is proportional to your lack of education and =
good sense.

But, that's so typical of too many MVP's.

Enjoy your life, mate.

Zee



"Mike M" wrote in message =
...
Common on practice is not BEST practice. This is a perfect example of =


very bad advice and something not countenanced by anyone who has given =

the=20
subject any thought whatsoever.
=20
I'm sorry but it is totally asinine to disable system restore until =

the=20
system is back up and running OK and to advise otherwise is simply bad =

if=20
not also stupid however well intentioned.
=20
As for the LSPfix, I know perfectly well how to obtain this thanks (it =

was=20
me that mentioned it) but spare a thought to the individual who knows=20
nothing about winsock problems, LSPfix or where to get it and follows =

your=20
advice. They disable system restore, run their marvellous cleaning =

tool=20
and end up with a system unable to connect to the net. They're now=20
helpless and not even able to use their PC to ask for help. If =

however=20
they had not disabled system restore all they need to do is to roll =

their=20
system back, connect to the net and ask for advice.
=20
So to conclude, disabling system restore prior to cleaning is nothing =

more=20
than VERY BAD ADVICE.
--=20
Mike Maltby MS-MVP

=20
=20
oops!! wrote:
=20
Mike,

I am sorry but common practise nowadays is turning off system =

restore
before scanning and cleanup.

If you leave system restore on, many of the latest nasty intruders
will immediately restore upon the first reboot.

This applies to WinME as well as to WinXP.

Regarding winsock corruption, it's also generally suggested to
download the fixing tool before cleaning.

I always suggest this winsock fix by Option^Explicit (compatible =

with
Win95, 98, Me, 2000 and XP):

http://downloads.subratam.org/WinsockFix.zip

Anyway, this has been working for me this way, and you will see it
recommended in most, if not all, forums on the subject.


  #8  
Old January 28th 05, 07:13 PM
oops!!
external usenet poster
 
Posts: n/a
Default


Asinine...

One in sooooo.... many:
http://securityresponse.symantec.com...beagle.ba@mm.=
html
....
The following instructions pertain to all current and recent Symantec =
antivirus products, including the Symantec AntiVirus and Norton =
AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Restart the computer in Safe mode or VGA mode.
4. Run a full system scan and delete all the files detected as =
W32.Beagle.BA@mm.
5. Delete the value that was added to the registry.

For specific details on each of these steps, read the following =
instructions.
....

Stupid...

Jim Byrd..??

Defending Your Machine
http://defendingyourmachine.blogspot.com/
....
Disable Restore if you're on XP or ME (directions he =
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm), then boot =
to Safe mode or a Clean Boot as above (HowTo he =
http://service1.symantec.com/SUPPORT...1052409420406=
) Read tscreadme.txt carefully, then do a complete scan of your system =
and clean or delete anything it finds...

Hmm...

Shall I go on?

No, no need.

Cheers,

Zee





"Mike M" wrote in message =
...
Common on practice is not BEST practice. This is a perfect example of =


very bad advice and something not countenanced by anyone who has given =

the=20
subject any thought whatsoever.
=20
I'm sorry but it is totally asinine to disable system restore until =

the=20
system is back up and running OK and to advise otherwise is simply bad =

if=20
not also stupid however well intentioned.
=20
As for the LSPfix, I know perfectly well how to obtain this thanks (it =

was=20
me that mentioned it) but spare a thought to the individual who knows=20
nothing about winsock problems, LSPfix or where to get it and follows =

your=20
advice. They disable system restore, run their marvellous cleaning =

tool=20
and end up with a system unable to connect to the net. They're now=20
helpless and not even able to use their PC to ask for help. If =

however=20
they had not disabled system restore all they need to do is to roll =

their=20
system back, connect to the net and ask for advice.
=20
So to conclude, disabling system restore prior to cleaning is nothing =

more=20
than VERY BAD ADVICE.
--=20
Mike Maltby MS-MVP

=20
=20
oops!! wrote:
=20
Mike,

I am sorry but common practise nowadays is turning off system =

restore
before scanning and cleanup.

If you leave system restore on, many of the latest nasty intruders
will immediately restore upon the first reboot.

This applies to WinME as well as to WinXP.

Regarding winsock corruption, it's also generally suggested to
download the fixing tool before cleaning.

I always suggest this winsock fix by Option^Explicit (compatible =

with
Win95, 98, Me, 2000 and XP):

http://downloads.subratam.org/WinsockFix.zip

Anyway, this has been working for me this way, and you will see it
recommended in most, if not all, forums on the subject.


  #9  
Old January 28th 05, 07:27 PM
Mike M
external usenet poster
 
Posts: n/a
Default

If you think that Symantec know what they are talking about they might not
be the company that has done most to destroy users' systems in the last
ten years than any others. As for system restore Symantec are totally
clueless otherwise they would have fixed both NAV and LiveUpdate so that
they don't crap out when system restore is used.

So yes, stupid and clueless are a pretty good description of your
contribution to this thread. Sorry but if the truth hurts maybe it will
prompt you to think about your posts in future - something you clearly
haven't done to date.
--
Mike Maltby MS-MVP



oops!! wrote:

Asinine...

One in sooooo.... many:

...
The following instructions pertain to all current and recent Symantec
antivirus products, including the Symantec AntiVirus and Norton
AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Restart the computer in Safe mode or VGA mode.
4. Run a full system scan and delete all the files detected as
W32.Beagle.BA@mm.
5. Delete the value that was added to the registry.

For specific details on each of these steps, read the following
instructions.
...

Stupid...

Jim Byrd..??

Defending Your Machine
http://defendingyourmachine.blogspot.com/
...
Disable Restore if you're on XP or ME (directions he
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm), then
boot to Safe mode or a Clean Boot as above (HowTo he
http://service1.symantec.com/SUPPORT...01052409420406)
Read tscreadme.txt carefully, then do a complete scan of your system
and clean or delete anything it finds...

Hmm...

Shall I go on?

No, no need.

Cheers,

Zee





"Mike M" wrote in message
...
Common on practice is not BEST practice. This is a perfect example
of very bad advice and something not countenanced by anyone who has
given the subject any thought whatsoever.

I'm sorry but it is totally asinine to disable system restore until
the system is back up and running OK and to advise otherwise is
simply bad if not also stupid however well intentioned.

As for the LSPfix, I know perfectly well how to obtain this thanks
(it was me that mentioned it) but spare a thought to the individual
who knows nothing about winsock problems, LSPfix or where to get it
and follows your advice. They disable system restore, run their
marvellous cleaning tool and end up with a system unable to connect
to the net. They're now helpless and not even able to use their PC
to ask for help. If however they had not disabled system restore
all they need to do is to roll their system back, connect to the net
and ask for advice.

So to conclude, disabling system restore prior to cleaning is
nothing more than VERY BAD ADVICE.
--
Mike Maltby MS-MVP



oops!! wrote:

Mike,

I am sorry but common practise nowadays is turning off system
restore before scanning and cleanup.

If you leave system restore on, many of the latest nasty intruders
will immediately restore upon the first reboot.

This applies to WinME as well as to WinXP.

Regarding winsock corruption, it's also generally suggested to
download the fixing tool before cleaning.

I always suggest this winsock fix by Option^Explicit (compatible
with Win95, 98, Me, 2000 and XP):

http://downloads.subratam.org/WinsockFix.zip

Anyway, this has been working for me this way, and you will see it
recommended in most, if not all, forums on the subject.


  #10  
Old January 28th 05, 07:28 PM
Mike M
external usenet poster
 
Posts: n/a
Default

The lack of education and understanding is on your part. Sadly you appear
only too willing to share that lack of understanding and ignorance with
others. From your post you are clearly clueless about system restore and
what is good and bad practice.
--
Mike Maltby MS-MVP



oops!! wrote:

Mike,

LOL

I'm sure your *wisdom* is proportional to your lack of education and
good sense.

But, that's so typical of too many MVP's.

Enjoy your life, mate.


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sluggish performance... Jeff General 3 October 25th 04 08:52 PM
Stubborn Viruses Mikey General 20 October 6th 04 11:59 AM
Viruses and missing DLL'S Peter L. Clarke General 1 July 17th 04 01:59 PM
What do viruses target? Steve Internet 2 July 15th 04 12:17 AM
Wont start past Checking memory for viruses OK Susan Improving Performance 2 June 19th 04 06:57 AM


All times are GMT +1. The time now is 11:45 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.