C:\_restore

Bosnian_Cowboy

<div class="IPBDescription">What is this?</div> I ran an internet virus scan utility that said I have a virus in one of the files in the C:\_RESTORE\TEMP\ folder. It couldn't delete the virus because it "might be in use." I found only the internet browser, system tray, and explorer running in the backround. I checked this _Restore folder out, it's only got like 4 files in there: DISKCFG.dat, SRDISKID.dat, VxDMon.cfg, and VxDMon.dat. There is no temp, but there must be more there. I can't see it even with "see hidden folders" thing enabled. The size of the folder _RESTORE is 14 gigs, but the files I see in there couldn't amount to more than 1 mb. I'm unable to delete the folder.

Can anyone explain to me what the hell is going on?

Epidemic

You got pwned by a virus :/

Bosnian_Cowboy

But the virus scan could only find a virus in one of the files in the folder. Apparently there are a lot of files in there, which I can't see. Either way, I'd like to know how to get rid of this thing. I don't think it caused any permanant damage, but it's wasting me 14 gigs. (I think the shifty disk space I've been seeing finally makes sense now)

Epidemic

<span style='font-size:30pt;line-height:100%'><span style='color:red'>T</span>o<span style='color:red'>t</span>a<span style='color:red'>l</span> V<span style='color:red'>i</span>r<span style='color:red'>u</span>s <span style='color:red'>P</span>w<span style='color:red'>n</span>a<span style='color:red'>g</span>e</span>

<span style='font-size:8pt;line-height:100%'><span style='font-family:Courier'>Just kidding <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo--></span></span>

Bosnian_Cowboy

Yeah, that helps.

Not really.

Cr-ck

WHY DOES EVERYONE THINK THEY ARE SAFE WITH VIRUS SCANS.

Cause your NOT. Virus scanners catches most viruses but not all. STOP RELYING ON THEM.

"OH NOS I RAN MY VIRUS SKANNER I R LEET WITH NO VIRZES"

Now.
Because you dont know how much the virus has spread the best recommendation for you would be: Format. Even if you 'clean' the virus out it still leaves traces no matter what your scanner tells you.

Bosnian_Cowboy

I'm going to wait for another opinion. Calling me a nub and telling me to reformat hasn't won me over.

RaVe

Bosnian you run Windows XP by any chance?

Could be that it infected your Restore files <!--emo&:(--><img src='http://www.unknownworlds.com/forums/html/emoticons/sad.gif' border='0' style='vertical-align:middle' alt='sad.gif'><!--endemo-->

Bummer if it did, cause you'll need to format if it did <!--emo&:(--><img src='http://www.unknownworlds.com/forums/html/emoticons/sad.gif' border='0' style='vertical-align:middle' alt='sad.gif'><!--endemo-->

Epidemic

I sense the dark force is gowing strong in you, Bosna!

Bosnian_Cowboy

No, Windows ME. So far I only found evidence of one file infected and a whole lot of confusing details. So I'm just waiting for someone with some expertise in this matter to come along and say "Oh it's bla bla bla and all you have to do is bla bla bla."

MonsieurEvil

Erk. My complete lack of knowledge of ME becomes self-evident.

localhost2600

that folder is protected by default as its system restore. first disable system restore
[right click my computer-> properties ->system restore -> disable]

the restart your machine into safe mode

now run your virus scan, now it should have full access to the drive

BigD

Localhost is correct. Disabling system restore is very important if you find a virus anywhere in your computer, because Windows saves changes to "important files" reguardless of what your anti-virus tells it. Unlike what some have said, formatting is not the only option here. But if it is recurring even after you disable system restore, it may be a viable option later.

After you are done, I dunno, you may want to turn system restore back on. But only after you are sure the virus is gone. Best of luck!

Zel

does anyone here know what system restore is!? sheesh!

oky; system restore saves all sorts of system information, and quite often this includes a virus file. if youve had a virus for a couple weeks then it will be recorded in the system restore files. here it is DORMANT. if you cleaned the virus from elsewhere on the system it will keep showing up uncleanable in the system restore folder until you purge your system restore data by disabling it and then deleting the folder.

its not hurting you in system restore, but if you ever use it theres a good chance the virus will be restored with the previous windows settings <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo--> although the virus is harmless in its current state it would be wise to disable sysrestore, delete the folder, and reenable it.

Paranoia2MB

First Problem: You are using ME. Either shoot your pc or shoot yourself in the head.

GGKTHXBai!


Jk, but honestly. If you can't find any other way to deal with it. Backup the stuff you really want get a new OS and reformat.

Zel

yeah so windowsME is the worst operating system since, uh... the gui was invented, but for most people changing operating systems is simply out of the question.

Paranoia2MB

Got a friend with a Win98 or Win2k cd? You dont need to do any registering and dont have to worry about double cd keys.

Bosnian_Cowboy

It's fine now. I never had any problems in the first place, it was just bothering me. I turned off system restore, since I didn't know I had it in the first place so I figure I don't really need it. That gives me 15 extra gigs. I found all the other infected files, there were only like four. I got lucky. Thanks to everyone for all the help, except Epidemic. <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo-->

Paranoia2MB

Ownage <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->

Scythe

Add the line "deltree C:\_RESTORE\TEMP\" into your c:\autoexec.bat then reboot.

This should get rid of it. If not, and if you're running FAT32, you can always get a hold of a bootable distro of Linux known as "Knoppix". You can then mount your drive ("mount hda0" or "mount hda1") and delete the pesky folder from there.

Then I suggest you get yourself a software firewall. I use <a href='http://www.tinysoftware.com/home/tiny2?la=EN' target='_blank'>Tiny Personal Firewall</a>. It's pretty good.

--Scythe--

[EDIT] /me slaps self

That'll learn me to not read the entire thread.

[/EDIT]

Jammer

_RESTORE is the folder used by System Restore. You are not allowed to mess with it if System Restore is on.

To FIX:
(This is in XP, but I've done this in ME. It should match up)
Control Panel -> System -> System Restore tab.
Disable System Restore
Restart Computer
Delete Virus
Turn System Restore back on.

Can we have a rule that, for tech support threads, we don't fill it up with worthless crap? 19 replies and I've seen maybe 3 that actually addressed the problem.

You aren't clever by writing a stale one liner (lol virus pwnge!) <!--emo&:angry:--><img src='http://www.unknownworlds.com/forums/html/emoticons/mad.gif' border='0' style='vertical-align:middle' alt='mad.gif'><!--endemo-->

Epidemic

Welcome to the off-topic forum, Mr virgin!