Stubborn Viruses

I have 11 viruses tucked away in C:\_restore\temp. The
folder is greyed out and it won't let me delete the
infected files in it.

My AVG anti virus shows the files but it can't remove
them from the drive. How can I zap 'em?

Thanks.

There is no need to be concerned about any virus or trojan in the _RESTORE
archive as they are harmless there and can only cause problems if you
later choose to restore to a checkpoint created AFTER infection and BEFORE
you cleaned your system. Any worms, trojans and viruses in the _restore
archive will automatically be discarded in time as newer data is archived
and older files discarded. The problem with disabling system restore is
that it flushes the _restore archive and whilst that removes any virus
remnants it also removes any good usable checkpoints you might have.
Therefore only clear the archive if you are happy with the current state
of your system and are having no problems that might be solved by using
system restore.

Moving on to how to clear the archive. There are two approaches to
resolving your problem:
Firstly try reducing the space allocated to the System Restore archive as
this could flush out these unwanted files. Do this using the slider found
at System | Performance | File System | Hard Disk and reduce the allocated
space until you flush out the unwanted files.

If that fails, reset System Resto
System | Performance | File System | Troubleshooting and check "Disable
System Restore", Apply and IMMEDIATELY reboot. This will flush you
restore folder and erase all checkpoints, then,
System | Performance | File System | Troubleshooting and uncheck "Disable
System Restore", Apply and again IMMEDIATELY reboot. This should now
automatically create a new checkpoint immediately following the restart.
Finally adjust the space allocated to the restore folder, System |
Performance | File System | Hard Disk and adjust the restore slider to
your preferred setting.
A figure of 200MB is normally more than adequate for day to day use
allowing perhaps a week of checkpoints to be available although increasing
this to perhaps 400-500MB for a few days during periods of large installs
such Microsoft Office is advisable.

See also MS KB 263455 - "Antivirus Tools Cannot Clean Infected Files in
the _Restore Folder" (http://support.microsoft.com?kbid=263455).
--
Mike Maltby MS-MVP Shell/User



Mikey wrote:

I have 11 viruses tucked away in C:\_restore\temp. The
folder is greyed out and it won't let me delete the
infected files in it.

My AVG anti virus shows the files but it can't remove
them from the drive. How can I zap 'em?

Thanks.

Have a look at this courtesy of MikeM.
Joan

There really is no need to be concerned about any virus in the _RESTORE
archive as they are harmless there and can only cause problems if you
later
choose to restore to a checkpoint created AFTER infection and BEFORE you
cleaned your system. Something I doubt you will be doing. Any worms,
trojans
and viruses in the _restore archive will automatically be discarded in due
course as newer data is archived and the older files discarded The
problem
with disabling system restore is that it flushes the _restore archive and
whilst that removes any virus remnants it also removes any good usable
checkpoints you might have and you never know when you might want to use
that
lifebelt.

If you really are worried about this, then there are two approaches to
resolving your problem:
Firstly try reducing the space allocated to the System Restore archive as
this
could flush out these unwanted files. Do this using the slider found at
System | Performance | File System | Hard Disk and reduce the allocated
space
until you flush out the unwanted files.

If that fails, reset System Resto
System | Performance | File System | Troubleshooting and check "Disable
System Restore", Apply and IMMEDIATELY reboot. This will flush you
restore
folder and erase all checkpoints, then,
System | Performance | File System | Troubleshooting and uncheck "Disable
System Restore", Apply and again IMMEDIATELY reboot. This should now
automatically create a new checkpoint immediately following the restart.
Finally adjust the space allocated to the restore folder,
System | Performance | File System | Hard Disk and adjust the restore
slider
to your preferred setting. A figure of 200MB is normally more than
adequate
for day to day use allowing perhaps a week of checkpoints to be available
although increasing this to perhaps 400-500MB for a few days during
periods
of
large installs such Microsoft Office is advisable.

See also MS KB 263455 - "Antivirus Tools Cannot Clean Infected Files in
the
_Restore Folder" (http://support.microsoft.com?kbid=263455).
--
Mike Maltby MS-MVP



Mikey wrote:
I have 11 viruses tucked away in C:\_restore\temp. The
folder is greyed out and it won't let me delete the
infected files in it.

My AVG anti virus shows the files but it can't remove
them from the drive. How can I zap 'em?

Thanks.

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt186.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm
3) Reboot your PC into Safe Mode
4) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
5) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
6) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point
9) Please report back your results

Dave






"Mikey" wrote in message
...
| I have 11 viruses tucked away in C:\_restore\temp. The
| folder is greyed out and it won't let me delete the
| infected files in it.
|
| My AVG anti virus shows the files but it can't remove
| them from the drive. How can I zap 'em?
|
| Thanks.

That's funny because Mike replied *before* you did ;-)

Dave


"Joan Archer" wrote in message
...
| Have a look at this courtesy of MikeM.
| Joan
snip

lol Yes that's because his post wasn't showing on here when I sent my
reply.
Joan

David H. Lipman wrote:
That's funny because Mike replied *before* you did ;-)

Dave

What's even more funny is that you didn't notice that the problem the OP
quoted was that he couldn't remove viruses from the _Restore archive - not
that he couldn't remove viruses from anywhere else. Your instructions are
therefore irrelevant at best, and misleading at worst.

--
Noel Paton (MS-MVP 2002-2005, Windows)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"David H. Lipman" wrote in message
...
1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt186.zip

Extract the contents of the ZIP file and place the contents in the same
directory as
sysclean.com.

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm
3) Reboot your PC into Safe Mode
4) Using both the Trend Sysclean utility and Adaware, perform a Full
Scan of your
platform and clean/delete any infectors/parasites found.
5) Restart your PC and perform a "final" Full Scan of your platform
using both the
Trend Sysclean utility and Adaware
6) If you are using WinME or WinXP,Re-enable System Restore and
re-apply any
System Restore preferences, (e.g. HD space to use suggested 400
~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point
9) Please report back your results

Dave






"Mikey" wrote in message
...
| I have 11 viruses tucked away in C:\_restore\temp. The
| folder is greyed out and it won't let me delete the
| infected files in it.
|
| My AVG anti virus shows the files but it can't remove
| them from the drive. How can I zap 'em?
|
| Thanks.

Good Morning, Mr. Paton.......

David is giving the standard a.c.v. *disable your system restore*
advice.....which I would not follow at all. I can't believe he wrote this
after all the hooha with that other idiot!! (VBG)

Night.....Heather

"Noel Paton" wrote in message
...
What's even more funny is that you didn't notice that the problem the OP
quoted was that he couldn't remove viruses from the _Restore archive - not
that he couldn't remove viruses from anywhere else. Your instructions are
therefore irrelevant at best, and misleading at worst.

--
Noel Paton (MS-MVP 2002-2005, Windows)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"David H. Lipman" wrote in message

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm

Noel:

Since the instructions indicate disabling the System Restore and the OP indicated he was
infected (at the very least in the past), not only is my response apropos but it is geared
towards the possibility of finding infectors and parasites that AVG did not/could not find.

My instructions were neither irrelevant nor misleading. Upon completion of the indicated
instructions the worse case scenario would be no infectors or parasites being found. The
positive side would be additional infectors or parasites being found that the OP did not
know existed.

Dave




"Noel Paton" wrote in message
...
| What's even more funny is that you didn't notice that the problem the OP
| quoted was that he couldn't remove viruses from the _Restore archive - not
| that he couldn't remove viruses from anywhere else. Your instructions are
| therefore irrelevant at best, and misleading at worst.
|
| --
| Noel Paton (MS-MVP 2002-2005, Windows)
|
| Nil Carborundum Illegitemi
| http://www.btinternet.com/~winnoel/millsrpch.htm
| http://tinyurl.com/6oztj
|
| Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
|
| "David H. Lipman" wrote in message
| ...
| 1) Download the following three items...
|
| Trend Sysclean Package
| http://www.trendmicro.com/download/dcs.asp
|
| Latest Trend signature files.
| http://www.trendmicro.com/download/pattern.asp
|
| Adaware SE
| http://www.lavasoftusa.com/
|
| Create a directory.
| On drive "C:\"
| (e.g., "c:\New Folder")
| or the desktop
| (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
|
| Download sysclean.com and place it in that directory.
| Dowload the signature files (pattern files) by obtaining the ZIP file.
| For example; lpt186.zip
|
| Extract the contents of the ZIP file and place the contents in the same
| directory as
| sysclean.com.
|
| 2) If you are using WinME or WinXP, disable System Restore
| http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm
| 3) Reboot your PC into Safe Mode
| 4) Using both the Trend Sysclean utility and Adaware, perform a Full
| Scan of your
| platform and clean/delete any infectors/parasites found.
| 5) Restart your PC and perform a "final" Full Scan of your platform
| using both the
| Trend Sysclean utility and Adaware
| 6) If you are using WinME or WinXP,Re-enable System Restore and
| re-apply any
| System Restore preferences, (e.g. HD space to use suggested 400
| ~ 600MB),
| 7) Reboot your PC.
| 8) If you are using WinME or WinXP, create a new Restore point
| 9) Please report back your results
|
| Dave
|
|
|
|
|
|
| "Mikey" wrote in message
| ...
| | I have 11 viruses tucked away in C:\_restore\temp. The
| | folder is greyed out and it won't let me delete the
| | infected files in it.
| |
| | My AVG anti virus shows the files but it can't remove
| | them from the drive. How can I zap 'em?
| |
| | Thanks.
|
|
|
|

And I'll repeat it in the future Heather.

Dave




"Heather" wrote in message
...
| Good Morning, Mr. Paton.......
|
| David is giving the standard a.c.v. *disable your system restore*
| advice.....which I would not follow at all. I can't believe he wrote this
| after all the hooha with that other idiot!! (VBG)
|
| Night.....Heather
|
| "Noel Paton" wrote in message
| ...
| What's even more funny is that you didn't notice that the problem the OP
| quoted was that he couldn't remove viruses from the _Restore archive - not
| that he couldn't remove viruses from anywhere else. Your instructions are
| therefore irrelevant at best, and misleading at worst.
|
| --
| Noel Paton (MS-MVP 2002-2005, Windows)
|
| Nil Carborundum Illegitemi
| http://www.btinternet.com/~winnoel/millsrpch.htm
| http://tinyurl.com/6oztj
|
| Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
|
| "David H. Lipman" wrote in message
|
| 2) If you are using WinME or WinXP, disable System Restore
| http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm
|
|