help me please

[ryan445]

I have a unique problem. I have an hp computer with a restore partition on the main drive. It has become infected with 3 viruses. So everytime i restore my computer, the viruses come back. How do I get rid of these viruses without damaging my only source of backup? two infections are located in the system restore volume information, and if i delete them system restore never works. ARG!!!1

[Spiritsongs]

   Hi Ryan :

      We need to know the SPECIFIC Name of your antiVIRUS program ?

      In addition, have you used this Forum's "SEARCH" feature ? I think your
      question has been asked several times before with appropiate Responses.

[ryan445]

Avast of course....lol. If you need to know the virus name it is Win32 Adware-gen

[Lisandro]

Which program do you use for backup?
If it is a partition image, I see no other way than restoring the partition, cleaning it, deleting the system restore points, enable system restore again, make a new partition backup...

[ryan445]

It's a standard HP restore partition, it holds a complete copy of my operating system and all programs that come with it. It's accessible through the bios.

[mauserme]

What is the name of the detected file on the D: (?) partition?  Its entirely possible that the infection is one of the pre-installed programs like WeatherBug that come with HP/Compaq and Dell computers.

The detections in System Restore are not a big problem, but lets deal with the other first.

[ryan445]

Win32:Adware-Gen. [Adw] That's the only virus I have. It is infecting some system restore files on the partition and some other files. And it loves to come back. Fun.

[mauserme]

... and some other files.

Does avast! give you these file names?

eg  D:\recovery\minibug.exe

[Lisandro]

Does avast detect that partition? (I'm not sure how avast behave with hidden partitions).
Anyway, you'll be able to unhide that partition and scan it, sending to Chest the infected files. Then, hiding it again.
Try http://partitionlogic.org.uk/ 

[mauserme]

If something from an outside source has infected the recovery partition it should be removed, but if its simply an adware program that came preinstalled it might be better to leave it alone.  A file name might help decide which action is best.

[Lisandro]

But if its simply an adware program that came preinstalled it might be better to leave it alone.

Hmmm... Why? Are you affraid to avoid restoring of the partition if you manage it?

[ryan445]

Avast just recognizes it as drive D ands scans it with no problems. The files that are infected are A0013978.exe, A0013979.exe, CompaqPresario_Spring..., and HPPavillion_Spring06.exe These are all infected with Win:32Adware-gen. [Adw] I put everything I found in the chest already.

[mauserme]

But if its simply an adware program that came preinstalled it might be better to leave it alone.

Hmmm... Why? Are you affraid to avoid restoring of the partition if you manage it?

My concern was, if this was part of an broader installation or archive file that is normal to the computer, the ability to recover other programs might be removed with the adware.  If the adware is of the more benign type that comes pre-installed on HPs its better, imo, to leave it rather than risk damaging anything.  If it is this type it would normally only reinstall to C: if requested by the user anyway.

Searching those 2 file names, however, implies there was more going on than just pre-installed junk programs. 

@ ryan - Are you sure those 2 files were found in the D: drive, or were they in System Restore?  The recovery partition and System Resore are different things.

[ryan445]

They are in something called system volume information/_restore then a bunch of numbers. I have 4 on the D drive and 1 on C.

[essexboy]

The other alternative is to make a drive image of your system using something like Acronis and then you would not need the restore partition