|
|
 |
|
|
Pages: 1
Kill Klez Dead
(Click here to view the original thread with full colors/images)
Posted by: Tweaker
Klez is a low-down, tricky, insidious little virus that has millions of computer users trying to figure out its devious ways. Klez is especially hard to remove if your operating system is Windows Me or XP.
With Windows Me and XP, Klez comes back from the dead after you've disinfected. This happens even if you manually remove all of the registry modifications or run a Klez-removal tool. You reboot after the removal and scan to double-check that you've exorcised the sneaky rogue, only to find five or so files that are still infected.
This is because Me and XP use a function called "system restore" to prevent catastrophic system or data losses, restoring the last known "good" configuration of your system. In this case, Windows Me and XP restore the last Klez-infected configuration of your system, undoing all your disinfecting work.
Windows Me keeps the restore data in the _RESTORE folder. Windows XP keeps this information in the system volume information folder. Instead of manually deleting those files, there's an easy fix that does the job.
Drive a stake in Klez
Users of Me and XP have to disable the System Restore feature and then disinfect, reboot, and turn system restore back on. (Our thanks go to SARC for its instructions on disabling and enabling the system Restore feature in Me and XP.)
Here's how you disable Windows XP system restore:
1) Click Start.
2) Right-click the My Computer icon and then click Properties.
3)Click the System Restore tab.
4)Check "Turn off system restore" or "Turn off system restore on all drives."
5)Click Apply.
6)A message appears saying it will delete all existing restore points. Click Yes to do this.
7)Click OK.
8)Proceed with what you need to do -- for example, virus removal. When finished, restart the computer and follow the instructions in the next section to re-enable System Restore.
Here's how you enable Windows XP system restore:
1)Click Start.
2)Right-click My Computer and then click Properties.
3)Click the System Restore tab.
4)Uncheck "Turn off system restore" or "Turn off system restore on all drives."
5)Click Apply and then click OK.
Here's how you disable system restore in Windows Me:
1)Close all open programs.
2)Right-click My Computer on the Windows desktop and then click Properties.
3)Click the Performance tab.
4)Click File System.
5)Click the Troubleshooting tab.
6)Check Disable System Restore, click OK, and then click Close.
7)Click Yes to restart. This disables the System Restore feature and will purge the contents of the _RESTORE folder when the system is restarted.
8)Run your anti-virus program or removal tool.
9)Make sure your anti-virus program is set to scan all files and all drives, and then scan the computer.
If you're virus free, enable system restore.
Here's how you enable system restore in Windows Me:
1)Close all open programs.
2)Right-click My Computer on the Windows desktop and then click Properties.
3)Click the Performance tab.
4)Click File System.
5)Click the Troubleshooting tab.
6)Uncheck Disable System Restore.
*This information obtained by www.techtv.com
|
|
|
|
|
