Bros Help me out with this Virus

[Explicit]

I decided to run AVG because all of a sudden my diskspace on my hardrive showed that had little space..I found that i had 6 infected files, i was moving all of them to the virus vault but one said:error can't move C:_Restore/Temp/011blahblah.cyp,how do i go upon deleting this if i can't move/delete it and what the hell kind of files are .cpy?

The Trojan is called Trojan Horse downloader.toolber.D and Trojan Horse Downloader.Msdvm.A

[RACKnRAIL]

I decided to run AVG because all of a sudden my diskspace on my hardrive showed that had little space..I found that i had 6 infected files, i was moving all of them to the virus vault but one said:error can't move C:_Restore/Temp/011blahblah.cyp,how do i go upon deleting this if i can't move/delete it and what the hell kind of files are .cyp?

Try here
There are tools and instructions here for virus removal.

[napho]

That's sounds like your system restore point 011. You can delete that whole thing and make a new point. If the virus doesn't get restored then that's the end of that.

[lizardsforall]

It sounds like you have either ME or XP, System Restore is worthless, IMO. You can turn it of and delete the _Restore folder and be done with it. I've removed several viruses from situations like yours, on ME machines mostly. You have to disable System restore to remove it. Once Removed, you can enable the System Restore feature if you want,

(System Restore) right click on My Computer and go to Properties, click on the System restore Tab and uncheck/check the box.

[Explicit]

What the hell, i can't find the _Restore folder

[aqlo]

You want a bootdisk do you have one?
http://support.buympc.com/downloads/boot.html

Once you boot up clean you will be able to delete the file manually at the prompt.

Like so:
c:\>del wherever\whatever.xxx

[shawners]

also i know sometimes you cant delete things if your in normal mode and have to boot up in safe mode, I dont know if windows xp is like that.. I had windows 98 and drove me nuts.

[Explicit]

It sounds like you have either ME or XP, System Restore is worthless, IMO. You can turn it of and delete the _Restore folder and be done with it. I've removed several viruses from situations like yours, on ME machines mostly. You have to disable System restore to remove it. Once Removed, you can enable the System Restore feature if you want,

(System Restore) right click on My Computer and go to Properties, click on the System restore Tab and uncheck/check the box.

Im not seeing it when i click properties and i am running windows ME.. do you think the _restore folder could be hidden and if so how do you show hidden folders?

[sifu]

Im not seeing it when i click properties and i am running windows ME.. do you think the _restore folder could be hidden and if so how do you show hidden folders?

Open Explorer, go Tools>Folder Options>View>Hidden Files and Folders>ShowHidden Files and Folders.
You won't be able to delete the _Restore folder or any of it contents unless you completely disable system restore and PCHealth. This used to be a bit tricky and involved a number of registry edits that disabled Windows Help, explained here: http://members.aol.com/axcel216/me1.htm. Following these instructions completely removes system restore. However, if you're not confident with regedit then there's a tool that does the lot and much cleaner. Get system restore remover from http://downloads.planetmirror.com/pu...c/srpsetup.exe. This stays on your system and, at every reboot, deletes the _Restore folder, so it's not quite as effective as the first method but it doesn't disable Windows help. Then get adaptecs Goback and use that instead of Windows Restore. Don't you just hate when MS *forces* you to use one of their products w/o a simple method of removal. Oh well, I'm slowly but surely migrating to *nix...

[lizardsforall]

@sifu: You got there faster than i did.
the _Restore folder is a hidden folder located directly on the c: drive or your boot drive. but you have to disable the System Restore before deleting the folder.

Good old symantec always has an anwser Disable System Restore in ME

[lizardsforall]

if you boot to a bootable floppy, and delete it, windows (especially ME) will freak out, maybe spit out an error or two, and it will recreate the _Restore folder. Doing it in safe mode will produce similar results. once you've disabled it on ME, your better off leaving it disabled. I remember removing the klez virus that got into someone's _Restore folder, and It took up 12 gigs on the hard drive, so i told them to leave the System Restore off. they eventually got 2000. Besides, the system restore monitors all activity and chews up CPU too.

[Explicit]

thanks a lot for the help guys

so next time i reboot since i installed that program it should delete my restore folder and the trojan thats lurking?

[sifu]

thanks a lot for the help guys

so next time i reboot since i installed that program it should delete my restore folder and the trojan thats lurking?

Yep! You should also gain a *lot* of HD space once the _Restore folder has gone. Make sure you do regular back-ups now Restore is gone. The other option is to partition your HD (use Partition Magic) and keep your personal stuff on a separate partition. Then if Windows goes belly up on you, you can often get away with a reinstall w/o losing your data files...unless your HD packs up.

lizardsForAll - sorry about that, I'll type a bit slower next time :)

[lizardsforall]

That's ok :gj I'm only 32 WPM!

i'M a SlOw tYpeR