|
|
 |
|
|
Pages: 1
A Virus I can't get rid of!!!!
(Click here to view the original thread with full colors/images)
Posted by: MechWarrior
Ok, I've been fighting this nasty bastard for about a month now. Here is where I stand. I've got a Trojan Virus called .backdoor . It is located in this folder. C:_\restore\archive...@#%^@#^%@. My problem is I can't delete or quatenteen it. I've tried MANY different detectors and cleaners but I have the same problem every time, untill now. I got this cleaner called "MooLive". Now, it will find and quaranteen the virus, but If I try to delete the virus from my quaraqnteen file it says it's deleted but when I restart my computer and i run virus check it's back again. Now, I've tried to disable the _restore, I do all the steps, restart my computer and for some reason it's been enabled again. It won't let me turn the damn thing off!!!!! So, what do i do now? Am I to the point of reformate the drive and lose all my work? I've been told i really don't even need the restore folder but I can't find it any where in my system so i can't delete the folder. How do I delete this folder? Where is this folder located? Is this even an option? PLEASE HELP me, this damn virus requires me to restart my computer after about 4-5 hours and it's lagging it to all hell and back.
Posted by: redwench
well, save your work to a floppy and reformat. then you wont have a virus. and hopefully, didnt infect whatever you needed to backup.
Posted by: MechWarrior
This is not the answer I had hoped for. There has to be a way to remover the RESTORE folder form my computer.
Posted by: Dabom
http://tds.diamondcs.com.au/
Posted by: MechWarrior
I've allready got one of these. it find it, quarantees it but as soon as I restart my computer the virus infects a different file in my Windows Temp File. Is it ok to delete this folder all together? If so how do i go about finding it? I search "Windows Temp" and get about 20 different Folders called TEMP.
Posted by: Darky!
I believe we've alredy answered this once.
In any case, you can feel free to delete the windows _RESTORE directory.
To view this driectory, under windows 9x/ME, open up my compuuter, explore to drive C: (Where C is the letter of the infected drive).
then, go to View>Folder Options>View
Under the hidden files section, check view all files, thne close it.
You should now be able to see the _restore directory on your drive. I'm not sure wether its C:\_restore or C:\windows\_restore, but its one of the others.
As for the temp directory, it should be c:\windows\temp
Hope this answeres your question.
BTW, if you can't delete these files, then restart windows in safe mode and try.
Posted by: Darky!
Also, I wouldn't delete the c:\windows\temp folder if I were you, unless you want things to stop workign that use the temp directory to temporairly extract files for installs etc.
Rather then deleteing the folder itself, delete the files within the folder.
Posted by: steadyeddy
It may of affected your Boot Sector.... Are you runningany boot managers?
Posted by: -Memnoch-
Look in the registry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
See if the trojan is there.
Posted by: jrpm
Also check your autoexec.bat file.
The overall scenario sounds like the SirCam virus of a few weeks ago. It hid itslef in RUNDLL and/or RUNDLL32, executed out of a hidden directory and was invoked by the autoexec.bat. It also put an entry or two into the registry. If you can, you might check some of your dll's.
It took me 4 days to finally get clean of that sucker. Someone kept re-infecting me.
Posted by: Darky!
rundLL or rundIL? Some of them change one of the L's to an I so they look like a normal windows function.
Posted by: gfields1701
If you haven't tried "Norton" anti virus program, I would
try it. Once you run Norton (with current updates) if
the virus and problems are still there, contact Norton.
I've found them to be very helpful.
If not....in my humble oppinion....burn you important
files to a CD and reformat.
Good Luck
Gary
|
|
|
|
|
