Bill
Thu Nov 13 15:47:35 CST 2003
Here is what I did as a followup:
I went into the "system restore" area in accessories-
system tools area and tried to create a restore point.
The computer told me it could not do so and to reboot the
computer. I did so and then the system restore feature
worked fine. I check the _RESTORE \TEMP folder and it
went down to 12,000+ files from 48,000+. I checked
the "file system| Troubleshooting folder and found that
the "Disable System Restore " had been unchecked by the
computer and the slide moved to the left edge of the slide
as for as how much the folder will hold. Don't know why,
but the virus infected files were gone when I did another
virus search with AVG.
Don't understand why, but all the bad files have left the
box.
Now if I can get someone to tell me how to get rid of all
the OEM-INF files--32,000 of them, I will be a happy
camper. Also found a "recycle" file that appears to be
loaded. Don't know what they are. Any thoughts?
Thanks, Bill
>-----Original Message-----
>Bill:
>
>Maybe it can be done manually....
>
>Use the WinME floppy boot disk and boot from drive "A:"
>
>When you get to a DOS prompt enter the following command
>
>
>attrib -r -s -h c:\_RESTORE
>deltree c:\_restore
>
>Reboot the PC.
>
>Please report back your results.
>
>Dave
>
>
>
>
>"Bill Hudson" <tbhudson@peakpeak.com> wrote in message
>news:000101c3aa10$ff07dd50$a501280a@phx.gbl...
>| I did as you suggested and here is what I found.
>| First: The "Disable System Restore" was already
checked.
>| I unchecked it, hit apply and then checked it again and
>| hit apply , exited and rebooted.
>| Second: Went in again to "troubleshooting" and unchecked
>| the "Disable System Restore". hit apply and rebooted.
>| Third: after the reboot, went backinto Troubleshooting
and
>| found the "Disable System Restore" was checked again.
The
>| machine will not allow me to have it unchecked. Plus, I
>| went to the slider and tried to slide it after
unchecking
>| the Disable button. It would not move.
>| Went back to the _RESTORE\TEMP file and found all the
>| files still there. Nothing has been flushed from the
>| system.
>| Don't know what to do next. I would really like to get
>| rid of these files as it slows down the virus checking
and
>| are basically useless.
>| Thanks, Bill
>| >-----Original Message-----
>| >There really is no need to be concerned about any virus
>| in the _RESTORE
>| >archive as they are harmless there and can only cause
>| problems if you later
>| >choose to restore to a checkpoint created AFTER
infection
>| and BEFORE you
>| >cleaned your system. Something I doubt you will be
>| doing. Any worms, trojans
>| >and viruses in the _restore archive will automatically
be
>| discarded in due
>| >course as newer data is archived and the older files
>| discarded The problem
>| >with disabling system restore is that it flushes the
>| _restore archive and
>| >whilst that removes any virus remnants it also removes
>| any good usable
>| >checkpoints you might have and you never know when you
>| might want to use that
>| >lifebelt.
>| >
>| >If you really are worried about this, then there are
two
>| approaches to
>| >resolving your problem:
>| >Firstly try reducing the space allocated to the System
>| Restore archive as this
>| >could flush out these unwanted files. Do this using
the
>| slider found at
>| >System | Performance | File System | Hard Disk and
reduce
>| the allocated space
>| >until you flush out the unwanted files.
>| >
>| >If that fails, reset System Restore:
>| >System | Performance | File System | Troubleshooting
and
>| check "Disable
>| >System Restore", Apply and IMMEDIATELY reboot. This
will
>| flush you restore
>| >folder and erase all checkpoints, then,
>| >System | Performance | File System | Troubleshooting
and
>| uncheck "Disable
>| >System Restore", Apply and again IMMEDIATELY reboot.
>| This should now
>| >automatically create a new checkpoint immediately
>| following the restart.
>| >Finally adjust the space allocated to the restore
folder,
>| >System | Performance | File System | Hard Disk and
adjust
>| the restore slider
>| >to your preferred setting. A figure of 200MB is
>| normally more than adequate
>| >for day to day use allowing perhaps a week of
checkpoints
>| to be available
>| >although increasing this to perhaps 400-500MB for a few
>| days during periods of
>| >large installs such Microsoft Office is advisable.
>| >
>| >See also MS KB 263455 - "Antivirus Tools Cannot Clean
>| Infected Files in the
>| >_Restore Folder" (
http://support.microsoft.com?
>| kbid=263455).
>| >--
>| >Mike Maltby MS-MVP
>| >mcmaltby@hotmail.com
>| >
>| >
>| >Bill <tbhudson@peakpeak.com> wrote:
>| >
>| >> I just downloaded the AVG antivirus program. The
search
>| >> turned up a folder known as "C:\RESTORE\TEMP" while
>| >> checking the computer. It contains over 48,000
files,
>| >> most with something in them. They include 181 files
>| >> containing a virus.
>| >>
>| >> Any idea what this folder is?
>| >>
>| >> I run Norton Anti-Virus and believe that all the
files I
>| >> have been deleteing from Emails and others are
lodged in
>| >> this folder. If I am correct, can I safely delete
all
>| >> these files?
>| >>
>| >> I also have a folder under WINDOWS\INF that has over
>| >> 32,000 files most with 0 bytes in them. Almost all
>| start
>| >> with oem, then a number then INF at the end. I was
told
>| >> to delete thm by another newsgroup and did so on
Monday-
>| -
>| >> 5,000 at a time. Today they are all back in the same
>| >> folder and won't let me delete them. It says,"Access
>| >> denied. The source file may be in use." Any
>| suggestions
>| >> what is going wrong?
>| >>
>| >> I'm not to tech literate, so please give good
>| instructions
>| >> on suggestion of how to fix these problems.
>| >>
>| >> Thanks, Bill
>| >
>| >
>| >.
>| >
>
>
>.
>