Keylog-Briss
Thread Starter
Join Date: Dec 1998
Location: .
Posts: 2,997
Likes: 0
Received 0 Likes
on
0 Posts
Keylog-Briss
Every now and then I get this pop up
It won't let me clean or delete it. Pressing stop and running McAfee virusscan and it doesn't detect it, I have also run the virusscan at the command prompt by cd c: \prog*\common*\n*\v*\4* and then at the new prompt scan /adl /clean /all and this to did not pick it up.
It's only happened in the last couple of days. There were some other files with this as well but they have been cleaned/deleted successfully.
The file it refers to F: \system volume information\_restore{1DCACFF1-25EE-47AA-836B-FB3D95D3EB62}\PR379\A0075593.EXE\00009470.EXE can not be found by doing a search on the drive.
I have run housecall and it to can not find it either.
I am in contact with McAfee support, but was hoping that someone here may have some idea of what to do next.
System - Win XP Home (SP1 + all updates), P4 2.8, 512mb RAM, Radeon 9700, Panasonic DVD ROM, Sony DVD-R, IE6, OE6, McAfee virusscan 7, Firewall +, BT Broadband. 2 HDD 80GB each.
It won't let me clean or delete it. Pressing stop and running McAfee virusscan and it doesn't detect it, I have also run the virusscan at the command prompt by cd c: \prog*\common*\n*\v*\4* and then at the new prompt scan /adl /clean /all and this to did not pick it up.
It's only happened in the last couple of days. There were some other files with this as well but they have been cleaned/deleted successfully.
The file it refers to F: \system volume information\_restore{1DCACFF1-25EE-47AA-836B-FB3D95D3EB62}\PR379\A0075593.EXE\00009470.EXE can not be found by doing a search on the drive.
I have run housecall and it to can not find it either.
I am in contact with McAfee support, but was hoping that someone here may have some idea of what to do next.
System - Win XP Home (SP1 + all updates), P4 2.8, 512mb RAM, Radeon 9700, Panasonic DVD ROM, Sony DVD-R, IE6, OE6, McAfee virusscan 7, Firewall +, BT Broadband. 2 HDD 80GB each.
Join Date: Jun 2000
Location: Geriatrica, UK
Posts: 1,003
Likes: 0
Received 0 Likes
on
0 Posts
Spanners, I think you can't delete a "restore" cache whilst Restore is active so turn it off through:
Right Clik My Computer>left click Properties> click the Restore tab and check the box to turn off restore.
You should be able to manually delete the restore cache and then re-enable the Restore facility.
There is a way of doing this in one operation but I can't remember it at the mo...
However, THIS may be some help.
fobs
Right Clik My Computer>left click Properties> click the Restore tab and check the box to turn off restore.
You should be able to manually delete the restore cache and then re-enable the Restore facility.
There is a way of doing this in one operation but I can't remember it at the mo...
However, THIS may be some help.
fobs
Join Date: Jun 2000
Location: Geriatrica, UK
Posts: 1,003
Likes: 0
Received 0 Likes
on
0 Posts
Thread Starter
Join Date: Dec 1998
Location: .
Posts: 2,997
Likes: 0
Received 0 Likes
on
0 Posts
Thanks fobotsco, did the procedure in the first link and reduced the size of the restore folder to use the first in first out feature, so far so good - no pop up of infection. Will also do what the other link said as a precaution as well.
Thanks for your help, much appreciated.
Thanks for your help, much appreciated.
The Oracle
Join Date: Aug 2001
Location: Naples, Florida U.S.A.
Posts: 2,902
Likes: 0
Received 0 Likes
on
0 Posts
spannersatcx,
Just remember not to use the Restore Feature on your computer since the virus is in there.
If you end up with a problem with your comp, I would just think about doing a fresh install of WinXP instead of Restoring.
Take Care,
Richard
Just remember not to use the Restore Feature on your computer since the virus is in there.
If you end up with a problem with your comp, I would just think about doing a fresh install of WinXP instead of Restoring.
Take Care,
Richard
Join Date: Jun 2000
Location: Geriatrica, UK
Posts: 1,003
Likes: 0
Received 0 Likes
on
0 Posts
Richard, as long as a virus scan doesn't reveal a virus in the main sytem or data files, its OK to set a new Restore point even with the virus in a previous Restore cache. The virus won't be in the files that are copied to the new Restore cache
The next step in the procedure in 419's solution deletes any infected Restore cache(s) and it's a neat way to access the System Information folder that is normally barred even to Administrators. (Except the really bolshie ones like me who don't like to be told by some pesky bit of software where I can and can't go )
I'm not basically against doing a fresh install of XP; they pretty easy and quick (40-60 mins?). The problem comes when you have to spend the next several hours downloading the updates and patches from the update site.
Best Wishes, fobs
The next step in the procedure in 419's solution deletes any infected Restore cache(s) and it's a neat way to access the System Information folder that is normally barred even to Administrators. (Except the really bolshie ones like me who don't like to be told by some pesky bit of software where I can and can't go )
I'm not basically against doing a fresh install of XP; they pretty easy and quick (40-60 mins?). The problem comes when you have to spend the next several hours downloading the updates and patches from the update site.
Best Wishes, fobs
The Oracle
Join Date: Aug 2001
Location: Naples, Florida U.S.A.
Posts: 2,902
Likes: 0
Received 0 Likes
on
0 Posts
fobotcso,
I was going in the "So far so good" as not a definite of the virus being out of the comp.
If spannersatcx is 100% sure the viruses have been removed, then by all means use the Restore if needed.
Take Care,
Richard
I was going in the "So far so good" as not a definite of the virus being out of the comp.
If spannersatcx is 100% sure the viruses have been removed, then by all means use the Restore if needed.
Take Care,
Richard
Thread Starter
Join Date: Dec 1998
Location: .
Posts: 2,997
Likes: 0
Received 0 Likes
on
0 Posts
I'm 99% sure it is only the restore file that is affected as I have done numerous scans with McAfee in windows and through the cmd prompt and also using housecall online. None of them can find it. I'd be just sitting there doing whatever and all of a sudden it pops up.
If you look at the McAfee pop up it says that it is being denied access to the file, so I asume windows is doing it's restore McAfee is seeing it but being denied access as it's a restore file.
I've purged all the previous restore points and so far so good, if it happens again I'll let you know for sure.
Thanks all much appreciated.
If you look at the McAfee pop up it says that it is being denied access to the file, so I asume windows is doing it's restore McAfee is seeing it but being denied access as it's a restore file.
I've purged all the previous restore points and so far so good, if it happens again I'll let you know for sure.
Thanks all much appreciated.