[Dshield] Virus in my restore point

Tom Geairn tgeairn at newviewconsulting.com
Wed Dec 10 14:51:20 GMT 2003

Right Click "My Computer" on your start menu, Select Properties.  Click
the "System Restore" tab.  Select the "Turn off System Restore on all
drives" checkbox.  Click "Ok", Click "Yes" on the warning that comes up.
After the delete is done, reboot and run a full AV scan.  When that's
done, feel free to turn System Restore back on.  I recommend that you
adjust the Settings (same tab) and reduce the number of restore points.

-Tom Geairn
NewView Consulting, LLC

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
Behalf Of Keith Bergen
Sent: Wednesday, December 10, 2003 7:59 AM
To: list at dshield.org
Subject: [Dshield] Virus in my restore point

Hello All,

I have an annoying problem on my Win XP Pro box. One of the 
files in one of the restore points is claimed to have a virus 
in it. PC Cillin finds this virus each time, but cannot 
remove it. Every day, PC Cillin reports that it is there, and 
you have to hit okay.

The virus is Troj_Fyle.B, but never got installed on my 
system. The executable, however, got into a restore point 
before my scan could delete it. The Run key is not installed 
in the registry either.

As you probably know, XP will automatically create these 
restore points for you. I would like to find and remove that 
restore point (thus removing the file). Does anybody know of 
how to manage the restore points, and delete these restore 

"Life is like an analogy"

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list