[Dshield] Virus in my restore point

WMAVT@aol.com WMAVT at aol.com
Wed Dec 10 18:02:54 GMT 2003


(Troy Billington),

In reference to your comment:

è Click Start > My Computer.
è Click Properties.
è Click the System Restore tab.
è Check Turn off System Restore.
è Click Apply > click OK.
è Restart the computer.
è Download the latest virus definitions.
è Verify that Your Anti-Virus is set to scan all files and
è all drives, and
è then scan the computer.
è After cleaning the infected files, repeat steps 1 through
è 6, except in step
è 4, uncheck Turn Off System Restore
è 


Hi,
    I have had this work most of the time, If it does not, Update Pccillin 
and Then Restore to "THAT" restore point and Let Pccillin kill it, That is as 
long as you will not lose anything you Need. If you do BACK Up just what you 
have saved after THAT restore point. 
This is just 1 of the reasons that I use "Roxios GoBack" and turn off M$ 
restore. The new GoBack will run on 98,ME.2000 and XP. It need NOT be registered 
as TOLD to me by 1 or Roxios Techs, so $29 can save as many computers as you 
have. There is a Big difference in how it works and What you can do AFTER you 
GoBack [restore] You do not have to Back anything up Because after it Runs a 
window opens with all files that have been deleted. It then gives you the ability 
to restore any of these files. If you are a system Admin and want all 
computers "Clean" every morning, you Can set it to Auto GoBack at anytime you want 
everyday of the week if needed. Way Cool!
                              Have Fun  Bill

========Original Message======== 
Subj:   RE: [Dshield] Virus in my restore point 
Date:   12/10/2003 9:11:30 AM Mountain Standard Time    
From:    DoShelp at DoShelp.com (Troy Billington)
Sender:    list-bounces at dshield.org
Reply-to: <A HREF="mailto:list at dshield.org">list at dshield.org</A> (General DShield Discussion List)
To:    list at dshield.org (General DShield Discussion List)
    
    


Click Start > My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply > click OK.
Restart the computer.
Download the latest virus definitions.
Verify that Your Anti-Virus is set to scan all files and all drives, and
then scan the computer.
After cleaning the infected files, repeat steps 1 through 6, except in step
4, uncheck Turn Off System Restore



-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Keith Bergen
Sent: Wednesday, December 10, 2003 8:59 AM
To: list at dshield.org
Subject: [Dshield] Virus in my restore point


Hello All,

I have an annoying problem on my Win XP Pro box. One of the
files in one of the restore points is claimed to have a virus
in it. PC Cillin finds this virus each time, but cannot
remove it. Every day, PC Cillin reports that it is there, and
you have to hit okay.

The virus is Troj_Fyle.B, but never got installed on my
system. The executable, however, got into a restore point
before my scan could delete it. The Run key is not installed
in the registry either.

As you probably know, XP will automatically create these
restore points for you. I would like to find and remove that
restore point (thus removing the file). Does anybody know of
how to manage the restore points, and delete these restore
points?

Thanks,
Keith.
"Life is like an analogy"

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: 
http://www.dshield.org/mailman/listinfo/list


----------------------- Headers --------------------------------
Return-Path: <list-bounces at dshield.org>
Received: from  rly-xi03.mx.aol.com (rly-xi03.mail.aol.com [172.20.116.8]) by 
air-xi03.mail.aol.com (v97.10) with ESMTP id MAILINXI33-4d13fd745812b5; Wed, 
10 Dec 2003 11:11:30 -0500
Received: from  mail1.giac.net (mail1.giac.net [65.173.218.103]) by 
rly-xi03.mx.aol.com (v97.10) with ESMTP id MAILRELAYINXI33-4d13fd745812b5; Wed, 10 Dec 
2003 11:10:47 -0500
Received: (qmail 12655 invoked from network); 10 Dec 2003 16:10:41 -0000
Received: from mail1.giac.net (HELO dshield.com) (65.173.218.103)
  by 0 with SMTP; 10 Dec 2003 16:10:41 -0000
Received: from maverick12.sans.org (localhost.localdomain [127.0.0.1])
    by dshield.com (8.11.6/8.11.6) with ESMTP id hBAG8Qk32477;
    Wed, 10 Dec 2003 16:08:26 GMT
Received: from mail1.giac.net (iceman1 [65.173.218.103])
    by dshield.com (8.11.6/8.11.6) with SMTP id hBAFf0k30557
    for <list at maverick12.sans.org>; Wed, 10 Dec 2003 15:41:00 GMT
Received: (qmail 30512 invoked from network); 10 Dec 2003 15:41:00 -0000
Received: from mail1.giac.net (HELO dshield.org) (65.173.218.103)
    by 0 with SMTP; 10 Dec 2003 15:41:00 -0000
Received: (qmail 30506 invoked from network); 10 Dec 2003 15:40:55 -0000
Received: from ms-smtp-01-smtplb.tampabay.rr.com (HELO
    ms-smtp-01.tampabay.rr.com) (65.32.5.131)
    by 0 with SMTP; 10 Dec 2003 15:40:55 -0000
Received: from doshelpdom (83.105.26.24.cfl.rr.com [24.26.105.83])
    by ms-smtp-01.tampabay.rr.com (8.12.10/8.12.7) with SMTP id
    hBAFeqTD009417
    for <list at dshield.org>; Wed, 10 Dec 2003 10:40:52 -0500 (EST)
From: "Troy Billington" <DoShelp at DoShelp.com>
To: "General DShield Discussion List" <list at dshield.org>
Subject: RE: [Dshield] Virus in my restore point
Date: Wed, 10 Dec 2003 10:34:21 -0500
Message-ID: <MKEGICHPCNMKBPFMGGCOIELACCAA.DoShelp at DoShelp.com>
MIME-Version: 1.0
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <200312101359.AZB68869 at ms6.verisignmail.com>
Importance: Normal
X-Virus-Scanned: Symantec AntiVirus Scan Engine
Old-X-Envelope-To: list at dshield.org
X-Seen-By: bob list
X-Envelope-To: UNKNOWN
X-Mailman-Approved-At: Wed, 10 Dec 2003 15:57:00 +0000
X-BeenThere: list at dshield.org
X-Mailman-Version: 2.1.3
Precedence: list
Reply-To: General DShield Discussion List <list at dshield.org>
List-Id: General DShield Discussion List <list.dshield.org>
List-Unsubscribe: <http://www.dshield.org/mailman/listinfo/list>,
    <mailto:list-request at dshield.org?subject=unsubscribe>
List-Archive: <http://www.dshield.org/pipermail/list>
List-Post: <mailto:list at dshield.org>
List-Help: <mailto:list-request at dshield.org?subject=help>
List-Subscribe: <http://www.dshield.org/mailman/listinfo/list>,
    <mailto:list-request at dshield.org?subject=subscribe>
Sender: list-bounces at dshield.org
Errors-To: list-bounces at dshield.org
X-AOL-IP: 65.173.218.103
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0







More information about the list mailing list