If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Restore \temp infected file
Can anyone help me? I ran my AVG scan, I have an infected
file called BKDR Ruledor.d in C:\ restore\temp\A0011243/cpy. AVG says it can't be cleaned or removed....I ran Trend and it said it can't be cleaned or deleted because its in use. What can i do to get rid of it? What is a backdoor virus, how did it get in my computer? |
#2
|
|||
|
|||
Restore \temp infected file
There is no need to be concerned about any virus or trojan in the _RESTORE
archive as they are harmless there and can only cause problems if you later choose to restore to a checkpoint created AFTER infection and BEFORE you cleaned your system. Something I'm sure you won't be doing after reading this post. Any worms, trojans and viruses in the _restore archive will automatically be discarded in time as newer data is archived and older files discarded The problem with disabling system restore is that it flushes the _restore archive and whilst that removes any virus remnants it also removes any good usable checkpoints you might have and you never know when you might want to use that lifebelt. If you do want to clear this folder I wouldn't advise doing so until _after_ you have thoroughly cleaned your system and got it working again just in case you need to use system restore. Once your system is clean and fully functional you can clear the folder. Moving on yo how to clear the archive. There are two approaches to resolving your problem: Firstly try reducing the space allocated to the System Restore archive as this could flush out these unwanted files. Do this using the slider found at System | Performance | File System | Hard Disk and reduce the allocated space until you flush out the unwanted files. If that fails, reset System Resto System | Performance | File System | Troubleshooting and check "Disable System Restore", Apply and IMMEDIATELY reboot. This will flush you restore folder and erase all checkpoints, then, System | Performance | File System | Troubleshooting and uncheck "Disable System Restore", Apply and again IMMEDIATELY reboot. This should now automatically create a new checkpoint immediately following the restart. Finally adjust the space allocated to the restore folder, System | Performance | File System | Hard Disk and adjust the restore slider to your preferred setting. A figure of 200MB is normally more than adequate for day to day use allowing perhaps a week of checkpoints to be available although increasing this to perhaps 400-500MB for a few days during periods of large installs such Microsoft Office is advisable. See also MS KB 263455 - "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder" (http://support.microsoft.com?kbid=263455). -- Mike Maltby MS-MVP Mary wrote: Can anyone help me? I ran my AVG scan, I have an infected file called BKDR Ruledor.d in C:\ restore\temp\A0011243/cpy. AVG says it can't be cleaned or removed....I ran Trend and it said it can't be cleaned or deleted because its in use. What can i do to get rid of it? What is a backdoor virus, how did it get in my computer? |
#3
|
|||
|
|||
Restore \temp infected file
What you are saying makes complete sense when you think
about how system restore works. Someone should rap the knuckles of the people that wrote the article on running the stinger for virus removal from archives. They tell you to disable your system restore. Real bad advice. -----Original Message----- There is no need to be concerned about any virus or trojan in the _RESTORE archive as they are harmless there and can only cause problems if you later choose to restore to a checkpoint created AFTER infection and BEFORE you cleaned your system. Something I'm sure you won't be doing after reading this post. Any worms, trojans and viruses in the _restore archive will automatically be discarded in time as newer data is archived and older files discarded The problem with disabling system restore is that it flushes the _restore archive and whilst that removes any virus remnants it also removes any good usable checkpoints you might have and you never know when you might want to use that lifebelt. If you do want to clear this folder I wouldn't advise doing so until _after_ you have thoroughly cleaned your system and got it working again just in case you need to use system restore. Once your system is clean and fully functional you can clear the folder. Moving on yo how to clear the archive. There are two approaches to resolving your problem: Firstly try reducing the space allocated to the System Restore archive as this could flush out these unwanted files. Do this using the slider found at System | Performance | File System | Hard Disk and reduce the allocated space until you flush out the unwanted files. If that fails, reset System Resto System | Performance | File System | Troubleshooting and check "Disable System Restore", Apply and IMMEDIATELY reboot. This will flush you restore folder and erase all checkpoints, then, System | Performance | File System | Troubleshooting and uncheck "Disable System Restore", Apply and again IMMEDIATELY reboot. This should now automatically create a new checkpoint immediately following the restart. Finally adjust the space allocated to the restore folder, System | Performance | File System | Hard Disk and adjust the restore slider to your preferred setting. A figure of 200MB is normally more than adequate for day to day use allowing perhaps a week of checkpoints to be available although increasing this to perhaps 400-500MB for a few days during periods of large installs such Microsoft Office is advisable. See also MS KB 263455 - "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder" (http://support.microsoft.com? kbid=263455). -- Mike Maltby MS-MVP Mary wrote: Can anyone help me? I ran my AVG scan, I have an infected file called BKDR Ruledor.d in C:\ restore\temp\A0011243/cpy. AVG says it can't be cleaned or removed....I ran Trend and it said it can't be cleaned or deleted because its in use. What can i do to get rid of it? What is a backdoor virus, how did it get in my computer? . |
#4
|
|||
|
|||
Restore \temp infected file
Thanks Linda.
Unfortunately there are many that feel the first thing they should do when infected is to remove their lifeboat, parachute and any other recovery tools they might have and then start cleaning their system. IMO a more logical and far safer approach is to repair the system first and only when that is fully functional as intended start worrying about any holes in the lifeboats and parachutes and at that time, and not before, think about fixing those problems by clearing the restore archive. Regards, -- Mike Maltby MS-MVP Linda wrote: What you are saying makes complete sense when you think about how system restore works. Someone should rap the knuckles of the people that wrote the article on running the stinger for virus removal from archives. They tell you to disable your system restore. Real bad advice. |
#5
|
|||
|
|||
Restore \temp infected file
Thank you , Mike, I did what you suggested, ran another
scan, and the nasty little guy is gone.:-) -----Original Message----- There is no need to be concerned about any virus or trojan in the _RESTORE archive as they are harmless there and can only cause problems if you later choose to restore to a checkpoint created AFTER infection and BEFORE you cleaned your system. Something I'm sure you won't be doing after reading this post. Any worms, trojans and viruses in the _restore archive will automatically be discarded in time as newer data is archived and older files discarded The problem with disabling system restore is that it flushes the _restore archive and whilst that removes any virus remnants it also removes any good usable checkpoints you might have and you never know when you might want to use that lifebelt. If you do want to clear this folder I wouldn't advise doing so until _after_ you have thoroughly cleaned your system and got it working again just in case you need to use system restore. Once your system is clean and fully functional you can clear the folder. Moving on yo how to clear the archive. There are two approaches to resolving your problem: Firstly try reducing the space allocated to the System Restore archive as this could flush out these unwanted files. Do this using the slider found at System | Performance | File System | Hard Disk and reduce the allocated space until you flush out the unwanted files. If that fails, reset System Resto System | Performance | File System | Troubleshooting and check "Disable System Restore", Apply and IMMEDIATELY reboot. This will flush you restore folder and erase all checkpoints, then, System | Performance | File System | Troubleshooting and uncheck "Disable System Restore", Apply and again IMMEDIATELY reboot. This should now automatically create a new checkpoint immediately following the restart. Finally adjust the space allocated to the restore folder, System | Performance | File System | Hard Disk and adjust the restore slider to your preferred setting. A figure of 200MB is normally more than adequate for day to day use allowing perhaps a week of checkpoints to be available although increasing this to perhaps 400-500MB for a few days during periods of large installs such Microsoft Office is advisable. See also MS KB 263455 - "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder" (http://support.microsoft.com? kbid=263455). -- Mike Maltby MS-MVP Mary wrote: Can anyone help me? I ran my AVG scan, I have an infected file called BKDR Ruledor.d in C:\ restore\temp\A0011243/cpy. AVG says it can't be cleaned or removed....I ran Trend and it said it can't be cleaned or deleted because its in use. What can i do to get rid of it? What is a backdoor virus, how did it get in my computer? . |
#6
|
|||
|
|||
Restore \temp infected file
Thanks for the feedback Mary,
Glad to read your PC now comes up all clean. -- Mike Maltby MS-MVP Mary wrote: Thank you , Mike, I did what you suggested, ran another scan, and the nasty little guy is gone.:-) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Please help! Display settings !! | Mitzi | Monitors & Displays | 12 | July 11th 04 05:19 AM |
Windows Temp file | Czarnee | Improving Performance | 4 | July 1st 04 06:04 PM |
How to restore SYSTEM.INI file | laverne | Software & Applications | 2 | June 27th 04 03:26 AM |
Win98SE - problem with USB printer | HBYardSale | Software & Applications | 2 | June 20th 04 06:27 PM |
Winlogon.exe file infected | Dave | General | 2 | June 9th 04 08:58 PM |