Deleting an evil file?

Praxis · Post by **Praxis** » 2004-06-16 10:18pm

Apparently, I've got a virus. (Appears no amounts of precautions are enough)

On the Windows PC that is, on the Windows partition. At the moment I've booted the computer in Linux. The virus is apparently self replicating. No matter how many times I have AVG kill it, it pops up again, VIRUS DETECTED!

It's in C:\System Volume Information\_restore{goobleygah}\something (where goobleygah is a bunch of numbers and letters).

I figured, who needs the restore files, and tried to delete it.

No folder was there in Explorer.

I open dos (Start- Run - CMD), and type cd .. until I get to C:\>. There, I type dir, and System Volume Information DOES NOT SHOW UP. So I type,

cd "system volume information"

and get, "Access Denied". WHAT? No one blocks access to files on my hard drive! So I typed,

del "System Volume Information"

and get, "does not exist". I try the same thing with del /F, for force delete- does not exist.

I boot in Linux, open the NTFS partition, and sure enough I can enter the System Volume Information folder, and look around inside, but since it's read only from Linux, I can't delete anything.

How can I burn this #@!@# virus?

Vohu Manah · Post by **Vohu Manah** » 2004-06-16 10:38pm

Start > All Programs > Accessories > System Tools > System Restore

Find the option to delete system restores, and delete them all (or the infected date if you know it). It exists, because I have had to use it on a couple of XP machines (just don't remember the command).

EDIT: This is needed because because the directory you named is where XP stores System Restores, and virus scanners will fail to eliminate virus that have somehow managed to get backed up.

The system restore feature can be disabled (it is enabled by default), also deleting the system restores on your system. However, I suggest just googling for the answer as to how (tired of typing).

Praxis · Post by **Praxis** » 2004-06-16 11:51pm

Thanks! I'll do it when I get tired of Linux or need to boot in Windows for some reason

Praxis · Post by **Praxis** » 2004-06-17 10:01pm

I couldn't find an option to delete system restores. However, when I disabled automatic backing up of system restores, it warned me doing so would make the computer delete all the old restores. I said yes, disabled it, and reenabled it. Should this have fixed it?

Crayz9000 · Post by **Crayz9000** » 2004-06-18 01:30am

LEAVE SYSTEM RESTORE OFF.

Permanently.

And then re-run AVG and it will be able to remove the virus. And DON"T TURN SYSTEM RESTORE BACK ON.

Vohu Manah · Post by **Vohu Manah** » 2004-06-18 07:20am

System Restore is a very useful feature, and has saved me from having to completely wipe XP boxes for errors that should never occur (or that were brought on by my own stupidity). The choice is yours (personally, I'd leave it enabled).

Sharp-kun · Post by **Sharp-kun** » 2004-06-18 08:18am

Vohu Manah wrote:System Restore is a very useful feature, and has saved me from having to completely wipe XP boxes for errors that should never occur (or that were brought on by my own stupidity). The choice is yours (personally, I'd leave it enabled).

Just keep it turned off and create restore points manually when you know your PC is fine.

Vendetta · Post by **Vendetta** » 2004-06-18 01:37pm

If you turn system restore off you can't make any restore points and it deletes all existing ones.

If you want it on manual only, leave it on but tell it not to track any drives, then you'd have to create your own restore points.