Archived from groups: microsoft.public.windowsxp.general (
More info?)
Thanks for the explanation and multiple options. I greatly appreciate it.
--
tmehl
"David H. Lipman" wrote:
> From: "tmehl" <tmehl@discussions.microsoft.com>
>
> | The virus W32.SillyP2P has made a home in my System Volume Information
> | folder. The anti-virus program (Norton) stops it when it tries to come out,
> | but can't kill or delete it because access is denied. Windows won't allow me
> | to gain access and I don't remember enough DOS commands even if I could get
> | to it that way. Any ideas?
>
> There are anti virus News Groups specifically for this type of discussion.
>
> microsoft.public.security.virus
> alt.comp.virus
> alt.comp.anti-virus
>
> What you describe is a virus found in c:\System Volume Information\_restore folder which is
> the WinXP System Restore Cache.
> To remove it, dump the cache, reboot the computer, then re-enable the cache. The suggested
> size of the cache is ~600MB.
>
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
>
> To make sure the rest of the system is clean, you can use the following tool which provides
> scanners for; McAfee, Trend Micro and Sophos.
>
>
> Download MULTI_AV.EXE from the URL --
>
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
>
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
> (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
> simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
> remove
> viruses, Trojans and various other malware.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in Normal Mode. This
> way all the components can be downloaded from each AV vendor’s web site.
> The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files or you can
> download the files and perform a scan in Normal Mode. Once you have downloaded the files
> needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> file.
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> * * * Please report back your results * * *
>
>
> --
> Dave
>
http://www.claymania.com/removal-trojan-adware.html
>
http://www.ik-cs.com/got-a-virus.htm
>
>
>