StarDestroyer.Net BBS

Get your fill of sci-fi, science, and mockery of stupid ideas
http://stardestroyer.dyndns-home.com/

Deleting an evil file?

http://stardestroyer.dyndns-home.com/viewtopic.php?f=24&t=47437

Page 1 of 1

Deleting an evil file?

Posted: 2004-06-16 10:18pm
by Praxis
Apparently, I've got a virus. (Appears no amounts of precautions are enough)

On the Windows PC that is, on the Windows partition. At the moment I've booted the computer in Linux. The virus is apparently self replicating. No matter how many times I have AVG kill it, it pops up again, VIRUS DETECTED!

It's in C:\System Volume Information\_restore{goobleygah}\something (where goobleygah is a bunch of numbers and letters).

I figured, who needs the restore files, and tried to delete it.

No folder was there in Explorer.

I open dos (Start- Run - CMD), and type cd .. until I get to C:\>. There, I type dir, and System Volume Information DOES NOT SHOW UP. So I type,

cd "system volume information"

and get, "Access Denied". WHAT? No one blocks access to files on my hard drive! So I typed,

del "System Volume Information"

and get, "does not exist". I try the same thing with del /F, for force delete- does not exist.

I boot in Linux, open the NTFS partition, and sure enough I can enter the System Volume Information folder, and look around inside, but since it's read only from Linux, I can't delete anything.

How can I burn this #@!@# virus?

Posted: 2004-06-16 10:38pm
by Vohu Manah
Start > All Programs > Accessories > System Tools > System Restore

Find the option to delete system restores, and delete them all (or the infected date if you know it). It exists, because I have had to use it on a couple of XP machines (just don't remember the command).

EDIT: This is needed because because the directory you named is where XP stores System Restores, and virus scanners will fail to eliminate virus that have somehow managed to get backed up.

The system restore feature can be disabled (it is enabled by default), also deleting the system restores on your system. However, I suggest just googling for the answer as to how (tired of typing).

Posted: 2004-06-16 11:51pm
by Praxis
Thanks! I'll do it when I get tired of Linux or need to boot in Windows for some reason :)

Posted: 2004-06-17 10:01pm
by Praxis
I couldn't find an option to delete system restores. However, when I disabled automatic backing up of system restores, it warned me doing so would make the computer delete all the old restores. I said yes, disabled it, and reenabled it. Should this have fixed it?

Posted: 2004-06-18 01:30am
by Crayz9000
LEAVE SYSTEM RESTORE OFF.

Permanently.

And then re-run AVG and it will be able to remove the virus. And DON"T TURN SYSTEM RESTORE BACK ON.

Posted: 2004-06-18 07:20am
by Vohu Manah
System Restore is a very useful feature, and has saved me from having to completely wipe XP boxes for errors that should never occur (or that were brought on by my own stupidity). The choice is yours (personally, I'd leave it enabled).

Posted: 2004-06-18 08:18am
by Sharp-kun
Vohu Manah wrote:System Restore is a very useful feature, and has saved me from having to completely wipe XP boxes for errors that should never occur (or that were brought on by my own stupidity). The choice is yours (personally, I'd leave it enabled).
Just keep it turned off and create restore points manually when you know your PC is fine.

Posted: 2004-06-18 01:37pm
by Vendetta
If you turn system restore off you can't make any restore points and it deletes all existing ones.

If you want it on manual only, leave it on but tell it not to track any drives, then you'd have to create your own restore points.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited