Virus in System Volume Information 
Author Message
 Virus in System Volume Information

F-Secure Antivirus 5.30 is telling me I have the Mail Bomb virus in
D:\System Volume
Information\_restore{AEE77FA9-5E27-4C53-A8E0-2A56DD9541CE}\RP4\A0002320.exe.
However, F-Secure cannot disinfect, rename, or delete this file.  Nor can I
get to this file through Windows Explorer or the command prompt.  Any
suggestions on how to get rid of it?

Scott



Fri, 12 Mar 2004 00:49:32 GMT  
 Virus in System Volume Information
ScottG schrieb:

Quote:

> F-Secure Antivirus 5.30 is telling me I have the Mail Bomb virus in
> D:\System Volume
> Information\_restore{AEE77FA9-5E27-4C53-A8E0-2A56DD9541CE}\RP4\A00023
> 20.exe.
> However, F-Secure cannot disinfect, rename, or delete this file.  Nor
> can I get to this file through Windows Explorer or the command prompt.  
> Any suggestions on how to get rid of it?

A mail bomb program is usually not a virus but a trojan. And malicious
software which was found in the "_restore" folder area is inactive and
cannot become active as long as it stays there. Anyway, if you want to
get rid of it nevertheless, then have a look at the following page:
"Antivirus Tools Cannot Clean Infected Files in the _Restore Folder"
http://support.microsoft.com/support/kb/articles/Q263/4/55.asp

It's written for Windows ME, but it should also work for your system.

Regards,
Axel Pettinger



Fri, 12 Mar 2004 01:07:06 GMT  
 
 [ 2 post ] 

 Relevant Pages 

1. LoveLetter Virus in C:\System Volume Information

2. System Volume Information

3. Volume Information with CW2003

4. Volume Drive Information

5. Drive Volume Information

6. Precautions reqd for System-Volume Backup

7. System Volume On OSX

8. VIRUS VIRUS VIRUS

9. Virus Information (Love Variant)

10. How can I Recover my system from this virus

11. Cleaning a virus from my system

12. Virus disabled System Restore

 

 
Powered by phpBB® Forum Software