Error - template LAYOUT-DATA-WRAPPER not found

A configuration error was detected in the CGI script; the LAYOUT-DATA-WRAPPER template could not be found.

Error - template STYLE-SHEET not found

A configuration error was detected in the CGI script; the STYLE-SHEET template could not be found.

Error - template SUB-TOP-BANNER not found

A configuration error was detected in the CGI script; the SUB-TOP-BANNER template could not be found.
Subject:
Re: Virus in "RESTORE" Folder
From:
A&C Thompson <[log in to unmask]>
Reply To:
PCSOFT - Personal Computer software discussion list <[log in to unmask]>
Date:
Sat, 31 Aug 2002 13:02:15 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (55 lines) 
----- Original Message -----
From: "Steve @ Steve's P.C.'s"
Subject: [PCSOFT] Virus in "RESTORE" Folder


Greetings Listers,
        I have aquired a virus locked in a CPY file located in the RESTORE folder. Grisoft's AVG
antivirus software see's it every time the machine is scanned and suggests putting it in the "Virus
Vault". When told to proceed, the response is that the file cannot be moved. My question is "is
there a proper procedure to move/delete this file"? Can I boot to DOS and delete the file?
         Any and all responses will be appreciated.

System Stats
M$ Windows Me
Althon 1.333 Hhz Processor
Epox Main Board w/sound, 256 Mb PC 133 memory, 45 Gb WD hd, 20Gb hd, 16x DVD, 20x10x40 CDR,
Evga NviDia 64 Mb video w/tv out, US Robotics 56 Kbps Modem, DirecWay Satellite Modem

Thanks in advance,
Stephen Hager
---------------

Steve,

This is typical behavior (nothing but Windows* can alter Restore files), so any AV program will run
into this problem. The good news is that the virus will do no harm while it's locked in the cab
file. Now, to remove it...

Restore works based on the FIFO method (first in first out). Contrary to what people seem to think,
Restore is only practical for saving 1 to 3 weeks worth of info, regardless of how much space it's
given. So the simple answer is to wait. Do not actually use Restore (to try to restore to an earlier
date) for about month, and eventually your AV program will stop reporting it ( because the cab file
containing it will get booted ).

However, if you don't mind losing the ability to restore back more than a day or two, you can try
the following, which is the only proper way to remove Restore's cab files...

First, right click 'my computer' and choose 'properties'. Select the 'performance' tab, then press
the 'file system' button. Next, if it isn't already selected, select the 'hard disk' tab, then look
for "System Restore disk space use:" and move the slider to minimum. Apply and ok your way out, then
reboot.

Although this is the proper way to remove the cab files Restore saves, it may not remove the cab
file in question (if it's too new), but it will push the infected cab file closer to the FIFO date,
and Windows will push it out sooner.

* Dos may be able to remove them, but that would create a nightmare for Windows and Restore - I
would strongly suggest you do not attempt that.

Al Thompson

                         PCSOFT's List Owner's:
                      Bob Wright<[log in to unmask]>
                       Drew Dunn<[log in to unmask]>

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG Secured by F-Secure Anti-Virus CataList Email List Search Powered by LISTSERV