Removing a virus

[Guest]

I have downloaded the new Beta 2 Windows defender, it doesnt seem to be able
to remove the virus's 'Grokster' or 'DownloadWare Media Loads'. Everytime it
attempts to do this, an error occurs.

Please help, Thanks

 

[Bill Sanderson]

Can you post the error message? Is there a number involved?

 

[Guest]

Hi,

Thanks for replying. The message 'Windows has encountered an error
:0x80501001. One or more actions could not be successful' appears on the
screen.

Thanks

 

[Bill Sanderson]

This error indicates that the target to be removed is either an archive
file, or is in a location such as the System Restore storage area, from
which it can't be removed by Windows Defender.

I believe they will improve on this behavior, but here's how to see more
about what's going on for now:

Start, run, eventvwr.msc <enter>

This should bring up the event viewer. Click on the System Event log, then
go to View, Filter, and choose WinDefend from the Source dropdown control.

This should show you a list of events with source WinDefend.

Look for yellow triangle events related to these detections.

If you double click on the relevant events, full details of path and
filenames should be there, and an icon to paste that info to the clipboard.

You can hit that button, and then right-click a new message in this thread
and paste the detection information here.

We may be able to say more about how to remove whatever's being detected
with that additional level of detail available.

--

 

[Guest]

Hi,

Thanks for replying again, I think you are very knowledgeable! I followed
the instructions and found their were lots of yellow triangles. Here are
some of the information pasted below:

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 1002
Date: 05/03/2006
Time: 12:33:47
User: N/A

Description:
Windows Defender scan has been stopped before completion.
Scan ID: {E76AFACA-CBBE-42EA-85B9-E2136079090D}
Scan Type: AntiSpyware
Scan Parameters: Quick Scan



For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

second Triangle -


Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 1006
Date: 05/03/2006
Time: 12:30:04
User: N/A

Description:
Windows Defender scan has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {6290BA21-33AB-4F7B-BB45-E4EB531C8679}
Scan Type: AntiSpyware
Scan Parameters: Full Scan
User: NT AUTHORITY\NETWORK SERVICE
Threat Name: KaZaA
Threat Id: 7631
Threat Severity: 2
Threat Category: 65535
Path Found: file:C:\System Volume
Information\_restore{CD523765-AA1F-4EBD-9406-0BD72D01F69E}\RP279\A0046046.cpl
Detection Type: Signatures


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

There are many more triangles, but have only posted two of them,

Hope this helps,

Thanks

 

[Bill Sanderson]

OK - one of the two that you posted involves a finding which is in the
System Restore data store.

If you are satisfied that your system is running reasonably well now, and
that you are unlikely to need to go back to an older restore point:

Start, all programs accessories, system tools, disk cleanup.
Find something else to do until it goes through all the files looking for
ones to compress. When the window appears with two tabs at the top--disk
cleanup and more options--click on the more options tab. In the third
panel, System Restore, click Clean up, Yes, then click OK, and yet another
Yes.

Spyware found in System Restore restore points is not a danger unless you
actually restore the system to that previous date--but it is probably better
to get it cleaned up anyway.