General discussion

Locked

Win ME System Restore vs. virus'

By wsroadrunner ·
Out of curiosity, I loaded Win ME onto a spare system and then loaded "Ecar", which is a program to simulate a virus to check antivirus software... once a restore point has been established on your Me system, most antivirus software cannot touch it in the restore archives. I have found though, that restore archives are only temporary... they will remove themselves through time.(One other way is to reduce the amount of disk space available and restart, it will (or should) delete your restore archives) After a while this archived virus will disappear. If anyone finds a better way to get at it and remove the archive manually, please share with the rest of us, this could be just what the next Melissa is looking for.

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Win ME System Restore vs. virus'

by girlmf In reply to Win ME System Restore vs. ...

I recently had this problem with the
W32.Klez.E@mm, KLEZ virus. I could not find the virus in the registry or in the windows/systems folder but it was in the _Restore folder under the temp directory. I removed the read only attribute from the _Restore folder, used a boot disk to boot into DOS at start up and deleted the virus files this way. They got reinfected two days later and this time I when into
control panel/systems/performance/file system
and I disabled the System Restore Utility.I
booted into safe mode and ran the Antivirus
software. The Antivirus quarantined the virus,
which I deleted later. I rebooted and deleted
the _restore folder off the C drive. Once I rebooted the _restore folder was replaced and the system was clean. This particular machine was having problems with the Restore Utility but I know that disabling the restore utility and using the antivirus software in safemode works.

Back to Community Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums