Virus in restore file

[Hugh]

Hi

i seem to have acquired a Mal\basine-c virus in a system restore file
(.rbf). It was detected by Sophos and advises to run full scan from
CD/command prompt. Did this but did not find it. Question is should I delete
this file if I can, or try restore to a date before infection.


Can anyone advise?


hugh

 

[pcbutts1]

Turn off system restore, reboot, turn on system restore.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

 

[Alfred Einstein]

Turn off system restore, reboot, turn on system restore.

Turn off system restore and keep it off. As you've discovered, it preserves
virus-infected files just as aptly as it preserves good files. And it
doesn't work most of the time, anyway. I gave up on it years ago. It just
plain fails most of the time.

Instead ... to restore, use an imaging package to take a drive image and
save it to secondary storage. Backing up a primary C: drive containing just
Windows and a few executables (ones that insist on residing in C:\Program
Files) still fits in 20 GB. This keeps your C: drive small so that imaging
it takes only 15 minutes. Restoring it from secondary storage also takes
just 15 minutes.

Keep your personal stuff there in your profile (C:\Documents and Settings)
.... that will get backed up too.

Keep your applications on the secondary drive. Those don't need to be backed
up. They can be reinstalled from the distribution media (or, if you insist,
they too can be imaged and backed up).

A second drive (several hundred GB) is cheap these days. It's good for
saving images and other backups. A year ago a 250 GB drive cost me $80. You
can get more GB for less $ today.

 

[Heather]

Turn off system restore and keep it off. As you've discovered, it
preserves virus-infected files just as aptly as it preserves good
files. And it doesn't work most of the time, anyway. I gave up on it
years ago. It just plain fails most of the time.

While your point about an external drive is right, your thoughts on
system restore are totally wrong!!

If you knew anything about SR, you would know that it eventually purges
the *now harmless* virus out. (Called FIFO). And should you be stupid
enough to turn it off and something gets screwed up, how are the newbie
types going to restore their computers?

Would you care to go to their house and fix it for them?? I thought
not.

System Restore has always worked for me and is a lot easier to
understand than your instructions re an external drive. I am not saying
you are wrong re the second drive, but you sure as heck are about System
Restore.

Case in point......just went over to a neighbour's house to clean off a
trojan or two and also spent quite some time showing him how to
*houseclean* the crap off his computer. And also showing him how SR
works.

He had SIX Sun Java versions in Add/Remove, along with a sh*tload of
Symantec stuff and he told me he even used their tool to remove Norton.
I made the mistake of assuming he would remove programs from
Add/Remove.......sigh.

I do believe there should be a Dummies book that is more basic than the
currrent ones. It never fails to amaze me how little the average guy
knows about his computer.

OK, rant over. But for the average computer user, knowing how to use SR
effectively can save him a lot of grief.

cheers......Heather

 

[Leythos]

If you knew anything about SR, you would know that it eventually purges
the *now harmless* virus out. (Called FIFO). And should you be stupid
enough to turn it off and something gets screwed up, how are the newbie
types going to restore their computers?

This is one of those times where you have to determine what is best for
your infection. Personally, since I can fix most OS related problems,
the very first thing I do when cleaning a machine is to disable SR,
reboot in safe mode, run the cleaners. When I'm done I enable SR.

I have never had a case where disabling SR cause me to not be able to
boot and if the machine was corrupt enough that it needed a SR then it
didn't work anyway and SR was useless.

--
Leythos - (e-mail address removed) (remove 999 to email me)

Fight exposing kids to porn, complain about sites like pcbutts1 that
create filth and put it on the web for any kid to see: Just take a look
at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

 

[Heather]

This is one of those times where you have to determine what is best
for > your infection. Personally, since I can fix most OS related
problems,
the very first thing I do when cleaning a machine is to disable SR,
reboot in safe mode, run the cleaners. When I'm done I enable SR.

I have never had a case where disabling SR cause me to not be able to
it
didn't work anyway and SR was useless.

You wouldn't have a problem, but I would say a fair majority who ask for
help would. David Lipman used to say "turn SR off", but Mike M. and
others showed him where it could be a very wrong thing to do for
relative newbies.

I used to use it religiously on WinME before loading a program, and I
still do it from time to time on XP. Loaded a trial of Spyware Doctor
and didn't like it, so removed it. I could have made a Restore Point
and reverted to that, but didn't.

Gee.....I wonder if Dave is still out there fishing and catching
mermaids, grin. He can explain the above better than I.

Night, Leythos......Heather

 

[foghollow]

This is one of those times where you have to determine what is best for
your infection. Personally, since I can fix most OS related problems,
the very first thing I do when cleaning a machine is to disable SR,
reboot in safe mode, run the cleaners. When I'm done I enable SR.

I have never had a case where disabling SR cause me to not be able to
boot and if the machine was corrupt enough that it needed a SR then it
didn't work anyway and SR was useless.

I've had one case where SR was all that saved the machine from a reformat.
And a dozen or so where it was the quickest simplest way to fix the thing.
"The symptoms began on Thursday? We'll just roll back the machine to Wednesday..."

 

[Leythos]

You wouldn't have a problem, but I would say a fair majority who ask for
help would. David Lipman used to say "turn SR off", but Mike M. and
others showed him where it could be a very wrong thing to do for
relative newbies.

The only difference between me and someone else is research. A
repair/reinstall method is simple enough for anyone. I'll stick with
telling people to turn it off before they clean and then letting them
turn it on after it's clean.

--
Leythos - (e-mail address removed) (remove 999 to email me)

Fight exposing kids to porn, complain about sites like pcbutts1 that
create filth and put it on the web for any kid to see: Just take a look
at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

 

[Leythos]

I've had one case where SR was all that saved the machine from a reformat.
And a dozen or so where it was the quickest simplest way to fix the thing.
"The symptoms began on Thursday? We'll just roll back the machine to Wednesday..."

And a repair/reinstall would work also. Yea, I'm sure that a SR works
for some people, problem is that it doesn't work for all people, and I
would say that, at least for what I've seen, it's not worth it.

--
Leythos - (e-mail address removed) (remove 999 to email me)

Fight exposing kids to porn, complain about sites like pcbutts1 that
create filth and put it on the web for any kid to see: Just take a look
at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

 

[foghollow]

And a repair/reinstall would work also. Yea, I'm sure that a SR works
for some people, problem is that it doesn't work for all people, and I
would say that, at least for what I've seen, it's not worth it.

I commonly see people who don't have the OS on separate media, and our licences won't cover
them, though, so the re-install route can be complex

 

[Leythos]

I commonly see people who don't have the OS on separate media, and our licences won't cover
them, though, so the re-install route can be complex

The big box vendors either provide a restore media or a method to make a
restore media - for people that didn't do it (typically from not reading
the included manual) or that lost their media, well, yea, that would be
hard for them.

If you're talking about the OS on a separate partition - a
repair/reinstall would work on a single partition as easily as two
partitions (OS and DATA).

--
Leythos - (e-mail address removed) (remove 999 to email me)

Fight exposing kids to porn, complain about sites like pcbutts1 that
create filth and put it on the web for any kid to see: Just take a look
at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.