Angus_0l(321)
Fri Jul 30 00:07:02 CDT 2004
You can manually remove the virus "named files" in system restore by using a startup floppy disk , selecting minimal DOS boot, and changing into the c:\_restore directory. Filenames will be truncated to 8.3 format so watch your typing.
--
Angus01
"Mike M" wrote:
> There is no need to be concerned about any virus or trojan in the _RESTORE
> archive as they are harmless there and can only cause problems if you later
> choose to restore to a checkpoint created AFTER infection and BEFORE you
> cleaned your system. Something I'm sure you won't be doing after reading this
> post. Any worms, trojans and viruses in the _restore archive will
> automatically be discarded in time as newer data is archived and older files
> discarded The problem with disabling system restore is that it flushes the
> _restore archive and whilst that removes any virus remnants it also removes
> any good usable checkpoints you might have and you never know when you might
> want to use that lifebelt. If you do want to clear this folder I wouldn't
> advise doing so until _after_ you have thoroughly cleaned your system and got
> it working again just in case you need to use system restore. Once your
> system is clean and fully functional you can clear the folder.
>
> Moving on to how to clear the archive. There are two approaches to resolving
> your problem:
> Firstly try reducing the space allocated to the System Restore archive as this
> could flush out these unwanted files. Do this using the slider found at
> System | Performance | File System | Hard Disk and reduce the allocated space
> until you flush out the unwanted files.
>
> If that fails, reset System Restore:
> System | Performance | File System | Troubleshooting and check "Disable
> System Restore", Apply and IMMEDIATELY reboot. This will flush you restore
> folder and erase all checkpoints, then,
> System | Performance | File System | Troubleshooting and uncheck "Disable
> System Restore", Apply and again IMMEDIATELY reboot. This should now
> automatically create a new checkpoint immediately following the restart.
> Finally adjust the space allocated to the restore folder,
> System | Performance | File System | Hard Disk and adjust the restore slider
> to your preferred setting. A figure of 200MB is normally more than adequate
> for day to day use allowing perhaps a week of checkpoints to be available
> although increasing this to perhaps 400-500MB for a few days during periods of
> large installs such Microsoft Office is advisable.
>
> See also MS KB 263455 - "Antivirus Tools Cannot Clean Infected Files in the
> _Restore Folder" (
http://support.microsoft.com?kbid=263455).
> --
> Mike Maltby MS-MVP
> mcmaltby@hotmail.com
>
>
> njc <anonymous@discussions.microsoft.com> wrote:
>
> > I ran my antivirus software AVG and it had listed 8 trojan
> > horse type viruses that it said could not be removed.
> > FileC:\_RESTORE\TEMP\A0004051.CPY Trojan horse PSW.Bispy.A
> > " 4052.CPY " Downloader.Bho.A
> > " 4053.CPY " " .Apropro.D
> > " 4054.CPY " " .Apropro.L
> > " 4055.CPY " " .Apropro.J
> > " 4056.CPY " " .Apropro.M
> > " 4057.CPY " " .Dyfica.2.W
> > " 4058.CPY " " .Dyfica.2.Z
> >
> > I am not having any luck trying to figure out how to
> > remove these from my computer. Any suggestions?
> > I appreciate your expertise!
>
>