nachi.b in system volume

  • Thread starter Thread starter Sean Bartleet
  • Start date Start date
S

Sean Bartleet

Hi,

I have just performed a virus check using trend housecall available from
http://housecall.trendmicro.com/housecall/start_corp.asp It reported that I
had a virus in a file in my C:\WINDOWS\system32\config\systemprofile\Local
Settings\Temporary Internet Files\Content.IE5\IQ9B3RP1 folder. It reported
that as uncleanable and I deleted it.

It also reported the nachi.b worm in a file labelled as c:\system volume
information\_restore{1AED8FF.....\A0003182.exe.

There is no folder in my windows explorer called "system volume
information". I an reluctant to delete this file through trend houscall scan
as I am concerned that I may trash my operating system.

Does anyone know what this file is for and if I can delete it and what
happens if I do not delete it?

Thanking you in anticipation.

Sean Bartleet
 
Executable files that are placed in the system restore folder have
their name changed to Annnnnn.exe by system restore. The system
restore process maintains a database of real names to Annnnnn names so
should you need to perform a system restore the files are renamed back
to as they were orginally.

If you have an infected file in system restore, do nothing about it,
and perform a system restore then you will be re-installing the virus!

By default the system restore folder is protected from normal folder
views. It is actually a hidden folder which can be viewed if you
change your folder settings to show hidden and system files and
folders. If you still are unable to view the contents of system
restore then you may need to change the access profile of the
directory under the security tab for the folder.

If you cannot get a utility to clean the infected file then try
switching off system restore. Deleting the file manually and then
restart system restore to take a new restore point.

Hope this helps.
 
Back
Top