PDA

View Full Version : How to Delete Virus from WinME Restore Folder?



20-09-2001, 02:41 PM
My neice received a email containing a exe. She did not know the person so deleted the message to the deleted folder and deleted from there later same day. A couple of days later while doing a virus scan she gets the message that 4 infections have been found in the WinME Restore Folder. The info from the scan show them as being one of the w32 virus's, all now have the cpy extension. She attempted to boot the computer through the NAV rescue disk set, message is the disks were invalid, reformat the disks and create new, same message when trying to boot, brand new disks, format, create and still invalid so that rules out booting into DOS and scanning the computer that way.
Any idea's? She was going to go back to a earlier date. Would that work or would a new restore date work. If she leaves alone and lets Windows take a new snapshot of the computer would that over write the virus? She has done a full system scan and it appears no where else on the system. She has emailed Nortons but is still waiting for a reply. Maybe someone here has a suggestion?
Cheers

20-09-2001, 03:30 PM
She has just solved it by herself, something about disabling the Restore Folder.

20-09-2001, 03:46 PM
The data store is protected for data integrity purposes, and the System Restore feature is the only method you can use to obtain access to the data store. Because of this, the antivirus program is unable to remove the virus from the file or files in the data store. The files in the data store are inactive and can be used only by the System Restore feature.

To completely and immediately remove the infected file or files in the data store, disable and re-enable the System Restore feature.

WARNING : Using the following steps will completely remove all restore points from the data store. When you enable the System Restore feature again, the System Restore feature will create a new restore point and then resume monitoring your computer.

1. Click Start , point to Settings , and then click Control Panel.

2. Double-click System , and then click the Performance tab.

3. Click File System , and then click the Troubleshooting tab.

4. Click to select the Disable System Restore check box, click Apply , click to clear the Disable System Restore check box, click Apply , and then click OK .

5. Restart the computer when you are prompted to do so. When the computer restarts, the data store is purged and the System Restore feature begins monitoring the system again.

20-09-2001, 04:19 PM
Thanks for that. I will make a copy of it for future reference. About the same time that I posted the first post she stumbled onto something along the same as what you have just posted.
Thanks again