|
Posted by Max Wachtel on December 15, 2005, 8:24 am
If you were Registered and logged in, you could reply and use other advanced thread options
this jewel:
> Catamount wrote:
> > David H. Lipman wrote:
> > >
> > > > Ok, so I got this machine that HAD a virus. I am not sure
> > > > which one as I only found parts of a virus that seem to be
> > > > parts of several virus'. One of my users did something right
> > > > and noticed something strange and disconnected from the
> > > > Internet right away. So anyway, I have this re.exe that
> > > > Symantec Corp Edition keeps finding as a "Hacktool.HideWindow"
> > > > in the system volume information folder and leaves it alone.
> > > > Why does it leave it alone? Who knows, its set to delete such
> > > > things. I do know that the folder is set so only the system
> > > > can access it, but I can change that. I am concerned however
> > > > that this might break something if I go into that folder and
> > > > mess with it. Anyone know if its safe for me to go in and
> > > > just delete it?
> > >
> > > You are using WinXP -- Right ?
> > >
> > > Hacktool.HideWindow --
> > > http://securityresponse.symantec.com/avcenter/venc/data/hacktool.h
> > > idewindow.html
> > >
> > > Under the folder System Volume Information is _restore
> > > c:\System Volume Information\_restore
> > >
> > > This is the WinXP System Restore cache. Malware can't be removed
> > > from this location as it is protected by the OS. If you don't
> > > want to get re-infected by restoring it, you need to flush the
> > > System Restore cache by disabling System Restore, rebooting the
> > > PC and then re-enabling the System Restore. It would be a good
> > > idea to create a new restore point after the System Restore
> > > cache has been re-enabled.
> > >
> > > http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/200111191
> > > 2274039?OpenDocument&src=sec_doc_nam
> > >
> >
> > Thats what I thought and so I turned off system restore, but didn't
> > re-enable. I will re-enable it and see if that clears it up. I
> > will let you know. Thanks David!
>
> Nope. Still there. Any other suggestions?
******************Reply Separator*************************
when you turned off system restore did you reboot?
max
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
Keeping Windows Clean: http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help: http://home.neo.rr.com/manna4u/tools.html
Specific Fixes: http://home.neo.rr.com/manna4u/fixes.html
Forums for HiJackThis Logs:
http://home.neo.rr.com/manna4u/forums_for_hijackthis_logs.html
To reply by e-mail change nomail.afraid.org to gmail.com
nomail.afraid.org is setup specifically for use in USENET
feel free to use it yourself. Registered Linux User #393236
| 
XML site map