Restore from Virus chest

[hines232]

I was just poking around in my Virus chest. Rescanned all of them, (With Avast). Some were still infected and told me so loud and clear. The ones that passed the scan I "restored" from the chest. and they said that they restored OK !!. Yet they are still in the chest !!!.Do I have to manually delete them now .

[DavidR]

A copy remains in the chest (though the help file says it should be removed), personally I feel this is safer. Once you have confirmed that the file is back in the original location, then delete it from the chest.

What was the malware name, the file name, where was it originally found e.g. (C:\windows\system32\infected-file-name.xxx) ? 

[hines232]

DavidR, I will give you there names in a short time. Will have to go back into the chest.

[hines232]

DavieR Restored files.

1. mcupdate portal.dll   (c:\windows\download\system)

2. twcsetup.exe          (c:\program files\mydocuments)

3. yms9183.tmp          (c:\windows\tmp)

4. command.com         (c:)

5. kernal32.dll             (c:\windows\system)

6. wsock32.dll             (c:\windows

Thanks for the come back.

Restored, but did not delete yet. 

[DavidR]

Well the kernal32.dll and wsock32.dll would be in the System files section of the chest and aren't infected (they are back-up copies of important system files).

The only area that should concern you is the Infected files section, which I guess the others 1-4 were ?

I'm a little surprised that the command.com came from the c:\ drive as the command.com would normally be in the windows\system32 folder. This is for winXP, so I don't know if c:\ would be correct on a winME OS.

So I would suggest that the item 1, 2 & 4 be uploaded to virustotal for confirmation that nothing else detects anything.

Item 3 being from a temporary folder I would just have binned.

[hines232]

You are correct on the Kernel32.dill and Wsock32.dll. I will farther check out what you suggested. Again thanks for your time.

[DavidR]

You're welcome.

Sorry I can't be more help reference winME file locations.

[wyrmrider]

yms9183.tmp          (c:\windows\tmp)

does not google so I'd definitely upload it to virustotal however it is a temp file
if you restored does it go away when you clean your system temp files?
ATF Cleaner- or CCleaner or by hand?)

[oldman]

Okay, a day late and a dollar short, but I think I can resolve the question of command.com.

Since I'm using ME's grandfather for an OS, command.com is in the C:\ drive and is also in the chest's sytem files.

[DavidR]

Thanks oldman.

Better late than never I guess with an old OS command.com would be essential

[oldman]

Not only essential, but useful