Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Voodoo on December 30, 2005, 12:55:32 AM
-
I have tried using Avast in safe mode to erase a virus it found on the restore file of a Windows ME system. How can I get rid of these files if I can't access them in safe mode?
Thanks for any input
-
The funy thing here is that I disabled system restore and avsat still cannot delete the viruses which are still appearing in the restore folder! Help please!
-
Voodoo,did you reboot computer after diable of sys restore?
-
Yes I did, and this is what's curious! It acts as of it never restarted. tried a complete shut down, with unplugging from the wall and as soon as I restart in safe mode, it is still not able to delete these files! I am desperate! :-X
-
avast can't delete viruses in the system restore points because they are protected by windows.
By disabling system restore and rebooting it should remove all restore points (infected or otherwise), avoiding reinfection if you use system restore incorporating an infected restore point.
So I take it that the restore points weren't cleared by disabling system restore and rebooting?
-
This is correct. Even though they are shown to be disabled, they reappear as soon as I reboot in safe mode! What can I do to take care of this issue?
Thanks for any help!
-
This is correct. Even though they are shown to be disabled, they reappear as soon as I reboot in safe mode! What can I do to take care of this issue?
Thanks for any help!
Strange... the restore points are protected by Windows and they are not deleted upon booting :o
Well, new infection behaviors...
Maybe booting in Safe Mode and using Unlocker 1.7.6 to isolate the folder and delete it manually.
-
Thanks! I downloaded and installed the program but windows ME never lets it run. I think some of the main files of this version of windows are corrupted but I cannot tell which one and I do not have the installation CD. The "unlocker" icon shows in the right click menu but when I clik on it, it does not do anything! At other times, it doe not show at all! Any idea?
-
Thanks! I downloaded and installed the program but windows ME never lets it run.
Are you sure? The last version?
Any idea?
MoveOnBoot, InstallFile, Delete FXP Files are some other application that could do the same job.
-
I am positive! One other thing: I tried installing Microsoft Anti Spyware and it keeps telling that the IE version is not the right one (it's require IE 6.0 or better and I have 6.0 already installed). it also refuses to take any updates or download any program from the net. When it shows the donwload menu (open, save, cancel, help) I can click on cancel and help but when I click on save or open , nothing happens!
Thanks for the suggestions. I am trying them as we speak!
-
MoveOnBoot installs ok but does not do the job. One strange thing happenned: after it rebooted, it showed that the disable restore case was unchecked. I checked it then rebooted in safe mode and the very minute, _restore began writing file in itself, which I was unable to delete. Another thing it does is that Internet Explorer doe not allow me to update it. It donwloads the update files but says there is an error in trying to install it. I tried completely erasing the files in Internet Explorer folder but it keeps writing them back! Is there any program I could use to boot in dos and run an antivirus from there os is this a known issue?
-
The viruses that are loaded in the _restore file are sumerous. One I found is the win32:Startpage125 trojan
-
Voodoo, for sure your system has a lot of troubles or infections.
I think the DOS version of avast won't detect anything different from the Windows one. I think the better, if you could, will be try to boot in safe mode and run an on-line scanning:
http://www.virustotal.com/flash/index_en.html
http://www.kaspersky.com/virusscanner
http://www.mwti.net/antivirus/mwav.asp
http://www.security-ops.tk
http://housecall.trendmicro.com/
http://www.bitdefender.com/scan/index.html
http://support.f-secure.com/enu/home/ols.shtml (ActiveX required)
-
Thanks! I do not have the option to load safe mode with networking! all it shows is a safe mode or a step by step confirmation windows when I chose the startup menu! it is aparently a modified Safe Mode. The virus modifies the windows command lines. I am able to startup with a boot disk but I cannot see the hidden directories (I can log on _restore from the dos boot and erase most of what's in but I can't see it) Is there a small dos anti virus I can use from a floppy?
-
I am able to startup with a boot disk but I cannot see the hidden directories (I can log on _restore from the dos boot and erase most of what's in but I can't see it)
What happens is you overinstall Windows Millenium over your actual installation.
You won't lose data and programs installed, just your Windows updates.
Is there a small dos anti virus I can use from a floppy?
If you have other computer to install AVG, you can set a group of 5 or 6 floppys to get it.
If you want you could test F-Prot for DOS (it's free).
Other antivirus versions for DOS were discontinued last years...
-
Thanks! I am using another computer now. I am trying F-Prot. I was able to delete the _RESTORE directory after booting from the floppy which was created in an XP computer, so it's a good step forward. Now I am running avast from safe mode after erasing some of the file from _RESTORE and will see what it gives...
I am usually rather fgood at cleaning computers but it's the first time it is beating me up that much! :) :-X
-
Not a chance! I changed the kernel32.dll file as it was showing to be corupted and it asked me to reinstall windows! >:(
I did all what I could to orevent a fresh install but I think this is what I will have to do at the end! ::) Thanks for all the support! I will install avast as soon as it is new again!
-
For further reference, http://www.rescueme4win.org/index.htm has as lot of hints about rescue bootable CD and floppy disks with DOS, Linux, etc.