win32malum virus

win32malum virus
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
win32malum virus needhelp 03-27-2007
Posted by =?Utf-8?B?bmVlZGhlbHA=?= on April 15, 2007, 8:24 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
THANKS TO ALL! I did the disk cleanup and that seems to have done the trick.
I can't thank all of you enough. This was the only site that I was able to
get any help. Thanks!!!!!!!!!!

"cquirke (MVP Windows shell/user)" wrote:

> On Fri, 30 Mar 2007 16:13:38 -0400, "David H. Lipman"
>
> >| Thanks! socks8b is deleted (though I couldn't find the backup in killbill so
> >| couldn't submit to virus total.
>
> >| But the virus isn't gone!!!! It has now infected a00085583.exe located:
> >| systemvolumeinformation. I can't even find these files (conducted a file
> >| search). You've been so helpful -- how can I find this file to delete?
>
> >If I understand you correctrly, this is the WinXP System Restore cache. You
can either
> >leave it there an d it will eventually Cache Out or you can disable the
System Restore
> >cache, reboot the PC and then re-enable the System Restore cache which will
purge the System
> >Restore cache of this file. If you do purge the System FRestore cache, after
you re-anble
> >the cache you should set a new Restore Point.
>
> This is a bad way to purge SR, as it has side-effects, but there isn't
> really a cleaner way to do this in WinME without resorting to DOS mode
> (i.e. simply delete the C:\_RESTORE subtree in DOS mode).
>
> In XP, a better way is to:
> - create a new "clean baseline" Restore Point
> - run Disk Cleanup, More Options tab
> - purge all but most recent restore point
> - back to "general" tab, UNcheck what you don't want cleared
> - OK to apply Disk Cleanup (else old SR data is not purged)
>
> The reason to prefer these approaches is that any SR settings you may
> have applied (capacity limit in WinME, capacity limits and excluded HD
> volumes in XP) are preserved, whereas disabling and re-enabling SR
> will usually fall back to "waste maximum space everywhere" duhfaults.
>
> It's also good to have a baseline restore point in XP, because (unlike
> WinME) the SR data in the SVI subtree is the only automatic registry
> backup that is maintained by XP.
>
>
>
>
> >------------ ----- ---- --- -- - - - -
> The most accurate diagnostic instrument
> in medicine is the Retrospectoscope
> >------------ ----- ---- --- -- - - - -
>

Posted by =?Utf-8?B?bmVlZGhlbHA=?= on March 30, 2007, 5:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I do have a "volumecache" that I created when I needed to fix something
(don't remember what anymore) -- If I understand you correctly I can do
nothing -- or should I just delete the "volumecache", since I don't need it
anymore. Thank you soooo much, you've been really helpful.

"David H. Lipman" wrote:

>
> | Thanks! socks8b is deleted (though I couldn't find the backup in killbill so
> | couldn't submit to virus total.
> |
> | But the virus isn't gone!!!! It has now infected a00085583.exe located:
> | systemvolumeinformation. I can't even find these files (conducted a file
> | search). You've been so helpful -- how can I find this file to delete?
> |
>
> If I understand you correctrly, this is the WinXP System Restore cache. You
can either
> leave it there an d it will eventually Cache Out or you can disable the System
Restore
> cache, reboot the PC and then re-enable the System Restore cache which will
purge the System
> Restore cache of this file. If you do purge the System FRestore cache, after
you re-anble
> the cache you should set a new Restore Point.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

Posted by Charles W Davis on April 4, 2007, 9:10 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>
> | Thanks! socks8b is deleted (though I couldn't find the backup in
> killbill so
> | couldn't submit to virus total.
> |
> | But the virus isn't gone!!!! It has now infected a00085583.exe located:
> | systemvolumeinformation. I can't even find these files (conducted a
> file
> | search). You've been so helpful -- how can I find this file to delete?
> |
>
> If I understand you correctrly, this is the WinXP System Restore cache.
> You can either
> leave it there an d it will eventually Cache Out or you can disable the
> System Restore
> cache, reboot the PC and then re-enable the System Restore cache which
> will purge the System
> Restore cache of this file. If you do purge the System FRestore cache,
> after you re-anble
> the cache you should set a new Restore Point.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
Try here: http://www.spywareremove.com/removenotsoldierexe.html


Similar ThreadsPosted
HELP: Virus is preventing me from installing anti virus software!! January 11, 2007, 2:17 am
I have a virus that uses "anti virus software" downloads as a cover up March 24, 2007, 1:40 pm
I have a worm or virus that does not allow me to go to ANY anti-virus website January 28, 2006, 10:29 pm
Caught a Virus: Virus:Trj/Shutdown.Z -- need advice June 13, 2007, 12:59 am
Vundo fix not finding vundo virus - windows tool deletes virus May 14, 2008, 2:06 pm
Does anybody know what virus i've got? July 5, 2005, 8:23 am
New Virus? July 6, 2005, 11:22 am
virus July 19, 2005, 12:20 pm
Virus help August 8, 2005, 10:34 am
Virus Help August 13, 2005, 8:00 am

The site map in XML format XML site map

Contact Us | Privacy Policy