(Msg. 1) Posted: Sat Jun 06, 2009 7:51 am
Post subject: viruses keep showing up after system restore Archived from groups: alt>comp>virus (more info?)
Over the years, I've had viruses that show up apparently after system
restore. A recent scan revealed these:
C:\System Volume
Information\_restore{BC294E00-C246-4272-AA5C-0EB3F19F3F95}\RP84\A0015418.exeTrojan-Downloader.Win32.Small.akxpQuarantined6/6/2009
12:43:49 AM
C:\System Volume
Information\_restore{BC294E00-C246-4272-AA5C-0EB3F19F3F95}\RP96\A0016009.cmdTrojan.BAT.Agent.pkQuarantined6/6/2009
12:44:23 AM
I don't know why these seem to show up only after system restore, but I have
tried removing them over the years and ended up completely disabling system
restore. I was really surprised they showed up once again.
Two quick questions: 1) Are they a threat and, if so, 2) how can I truly get
rid of them without having to do a total reinstallation of Win XP w/SP3?
(Msg. 2) Posted: Sat Jun 06, 2009 8:15 am
Post subject: Re: viruses keep showing up after system restore [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
| Over the years, I've had viruses that show up apparently after system
| restore. A recent scan revealed these:
| C:\System Volume
| Information\_restore{BC294E00-C246-4272-AA5C-0EB3F19F3F95}\RP84\A0015418.exeTrojan-
| Downloader.Win32.Small.akxpQuarantined6/6/2009
12::43:49 AM
| C:\System Volume
| Information\_restore{BC294E00-C246-4272-AA5C-0EB3F19F3F95}\RP96\A0016009.cmdTrojan.BAT.
| Agent.pkQuarantined6/6/2009
12::44:23 AM
| I don't know why these seem to show up only after system restore, but I have
| tried removing them over the years and ended up completely disabling system
| restore. I was really surprised they showed up once again.
| Two quick questions: 1) Are they a threat and, if so, 2) how can I truly get
| rid of them without having to do a total reinstallation of Win XP w/SP3?
| Thank you,
| Jason
First neither of the reported items are viruses. They are trojans.
You said... "...had viruses that show up apparently after system restore."
Well you have malware (not viruses) in the System Restore cache; C:\System Volume
Information\_restore
so naturally if you restored the PC to a break point that was infected, the PC is
re-infected.
To get rid of them, you must thouroughly make sure the running OS is claned of malware.
Then dump the System Restore cache and then reboot.
Then re-create the System Restore cache and add a break point.
(Msg. 3) Posted: Sat Jun 06, 2009 10:33 am
Post subject: Re: viruses keep showing up after system restore [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Jason Mozilla wrote:
> Over the years, I've had viruses that show up apparently after system
> restore. I don't know why these seem to show up only after system restore, but I have
> tried removing them over the years and ended up completely disabling system
> restore. I was really surprised they showed up once again.
You are restoring infected files, that's why. After disinfecting a
host, you do NOT use System Restore since those copies of files can be
infected. You purge the System Restore file cache (turn it off and back
on); see http://support.microsoft.com/kb/310405. Infected files get
included in backups. System Restore is a limited backup scheme.
(Msg. 4) Posted: Tue Jun 16, 2009 12:40 am
Post subject: Re: viruses keep showing up after system restore [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
You need to do a wipe and reinstall. There is no way to get rid of them
otherwise.
Also ensure the user does not have local admin privs...
--
"Jason Mozilla" <mozilla57.DeleteThis@yahooo.net> wrote in message
news:h0dl7p$nmq$1@news.eternal-september.org...
> Over the years, I've had viruses that show up apparently after system
> restore. A recent scan revealed these:
>
> C:\System Volume
> Information\_restore{BC294E00-C246-4272-AA5C-0EB3F19F3F95}\RP84\A0015418.exeTrojan-Downloader.Win32.Small.akxpQuarantined6/6/2009
> 12:43:49 AM
>
> C:\System Volume
> Information\_restore{BC294E00-C246-4272-AA5C-0EB3F19F3F95}\RP96\A0016009.cmdTrojan.BAT.Agent.pkQuarantined6/6/2009
> 12:44:23 AM
>
> I don't know why these seem to show up only after system restore, but I
> have tried removing them over the years and ended up completely disabling
> system restore. I was really surprised they showed up once again.
>
> Two quick questions: 1) Are they a threat and, if so, 2) how can I truly
> get rid of them without having to do a total reinstallation of Win XP
> w/SP3?
>
> Thank you,
> Jason
>
(Msg. 5) Posted: Tue Jun 16, 2009 9:07 am
Post subject: Re: viruses keep showing up after system restore [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
"Jason Mozilla" <mozilla57.TakeThisOut@yahooo.net> wrote in message
news:h0dl7p$nmq$1@news.eternal-september.org...
> Over the years, I've had viruses that show up apparently after system
> restore. A recent scan revealed these:
>
> C:\System Volume
> Information\_restore{BC294E00-C246-4272-AA5C-0EB3F19F3F95}\RP84\A0015418.exeTrojan-Downloader.Win32.Small.akxpQuarantined6/6/2009
> 12:43:49 AM
>
> C:\System Volume
> Information\_restore{BC294E00-C246-4272-AA5C-0EB3F19F3F95}\RP96\A0016009.cmdTrojan.BAT.Agent.pkQuarantined6/6/2009
> 12:44:23 AM
>
> I don't know why these seem to show up only after system restore, but
> I have tried removing them over the years and ended up completely
> disabling system restore. I was really surprised they showed up once
> again.
>
> Two quick questions: 1) Are they a threat and, if so, 2) how can I
> truly get rid of them without having to do a total reinstallation of
> Win XP w/SP3?
These (not viruses) are detected within your system restore folder, so
they are *not* a threat unless you restore them and execute them. If you
are satisfied that your system is otherwise clean and properly
functioning (i.e. you don't need those restore points) you can flush
them to remove them so that you don't get alerts or detections. After
flushing them, you can start creating new (clean) restore points.
You may be experiencing the effect of your OS archiving malware for
restoration purposes because you or your AV has made changes to them.
The restore process doesn't know that you will *never* want to restore
"deleted" malware items.
(Msg. 6) Posted: Tue Jun 16, 2009 10:02 am
Post subject: Re: viruses keep showing up after system restore [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Greg Cisko wrote:
> You need to do a wipe and reinstall. There is no way to get rid of
> them otherwise. Also ensure the user does not have local admin
> privs...
Please. That is not necessary at all. You need to do some studying
before providing advice to others.
And consider not top-posting over an untrimmed full-quote. Thanks for
your consideration.
(Msg. 7) Posted: Thu Jun 25, 2009 11:13 pm
Post subject: Re: viruses keep showing up after system restore [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
"Beauregard T. Shagnasty" <a.nony.mous RemoveThis @example.invalid> wrote in message
news:h188l9$mbh$1@news.eternal-september.org...
> Greg Cisko wrote:
>
>> You need to do a wipe and reinstall. There is no way to get rid of
>> them otherwise. Also ensure the user does not have local admin
>> privs...
>
> Please. That is not necessary at all. You need to do some studying
> before providing advice to others.
So who are you exactly? Peter Norton???
If you included the original text I would know what you are referring
to. In many cases a wipe and reinstall is the only way.
> And consider not top-posting over an untrimmed full-quote. Thanks for
> your consideration.
(Msg. 8) Posted: Fri Jun 26, 2009 7:11 am
Post subject: Re: viruses keep showing up after system restore [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Greg Cisko wrote:
> "Beauregard T. Shagnasty" wrote:
>> Greg Cisko wrote:
>>> You need to do a wipe and reinstall. There is no way to get rid of
>>> them otherwise. Also ensure the user does not have local admin
>>> privs...
>>
>> Please. That is not necessary at all. You need to do some studying
>> before providing advice to others.
>
> So who are you exactly? Peter Norton???
No, but he is my cousin.
> If you included the original text I would know what you are referring
> to. In many cases a wipe and reinstall is the only way.
In some cases, it is. However, it is hardly the first step.
>> And consider not top-posting over an untrimmed full-quote. Thanks for
>> your consideration.
>
> Hey thank you mr anonymous...
All times are: Eastern Time (US & Canada) (change) Goto page 1, 2
Page 1 of 2
You can post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Home
Forums
Home
FAQ
Profile
Private Messages
Log in
Security