[Dshield] Virus in my restore point

Paul Marsh pmarsh at nmefdn.org
Wed Dec 10 14:38:10 GMT 2003


Symantec has a nice little walk through
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/200111191227403
9?OpenDocument&src=sec_doc_nam

To completely remove all items in the systems restore point you'll need
to delete the _Restore folder in your root.  Reboot the system and then
enable restore point to get a clean point back.

-----Original Message-----
From: Keith Bergen [mailto:keith at keithbergen.com] 
Sent: Wednesday, December 10, 2003 08:59 AM
To: list at dshield.org
Subject: [Dshield] Virus in my restore point


Hello All,

I have an annoying problem on my Win XP Pro box. One of the 
files in one of the restore points is claimed to have a virus 
in it. PC Cillin finds this virus each time, but cannot 
remove it. Every day, PC Cillin reports that it is there, and 
you have to hit okay.

The virus is Troj_Fyle.B, but never got installed on my 
system. The executable, however, got into a restore point 
before my scan could delete it. The Run key is not installed 
in the registry either.

As you probably know, XP will automatically create these 
restore points for you. I would like to find and remove that 
restore point (thus removing the file). Does anybody know of 
how to manage the restore points, and delete these restore 
points?

Thanks,
Keith.
"Life is like an analogy"

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list