[Resolved] Cant get rid of virus in C:\_restore

[nathan52981]

I have two viruses in the folder C:\_restore that cannot be cleaned, quaritined, deleted or anything. I am using windows me.
I have tried to turn off the system restore and then delete them manually, no luck. tried to install the dos mode patch for win me and delete the files from dos mode, but the patch didnt work.

The virus names are:

PE_FUNLOVE.4099 and
TROJ_NETBUSP21.S

If anybody has any idea's i could really use the help

 

[LadyLisa]

Try these fixes

PE_FUNLOVE

TROJ_NETBUSP21.S

 

[TonyKlein]

Hi,

Take a look at these articles:

Antivirus Tools Cannot Clean Infected Files in the _Restore Folder

Cannot repair, quarantine, or delete a virus found in the _RESTORE folder

Good luck,

 

[Sharon D]

Hi Nathan. Have you tried booting up in SafeMode and deleting the files from C:\Restore that way? It should work for you as System Restore\System File Protection are not "active" while in SafeMode. To boot up in SafeMode for WinMe:

Restart the PC and hold down the Ctrl key during the bootup. Press and hold it after the drives are recognized on the screen but before the Windows splash screen. Select the option for SafeMode. Once you're in windows, try to delete those files. To get back to "Normal" Mode just Start>Shutdown>Restart.
Good luck! sharon

 

[TonyKlein]

But the way MS and Symantec indicate it should be done is real easy:

1. Close all open programs.
2. Right-click My Computer on the Windows desktop, and then click Properties.
3. Click the Performance tab.
4. Click File System.
5. Click the Troubleshooting tab.
6. Check Disable System Restore, click OK, and then click Close.
7. Click Yes to restart. This disables the System Restore feature and will purge the contents of the _RESTORE folder when the system is restarted.


Greetz,

 

[Sharon D]

I just noticed that you said that you applied that WinMe DOS patch. Unfortunately, when you apply that patch it disables your option to boot up in SafeMode. You can still get into DOS with WinMe without that patch-you just need to use your WinMe startup disk. If I were you I'd restore your registry to a date before you applied that DOS patch and hope that you regain your SafeMode option. I'll cross my fingers for you that Tony's procedure works well for you (I'm sure it will) as well as getting back your SafeMode option.

 

[nathan52981]

thank you all very much. i applied a little bit of everyone's ideas and solved the problems. while i was trying to delete the funlove virus from the system yesterday with the tool off the trend micro web site, it deleted it but at the same time corrupted my registry and some system files. (maybe i did it wrong.......shrug) So when i ran the win me start disk i did finally get to dos. from there i repaired the registry, rplaced my system files, and while in dos mode i went ahead and deleted everything in the system restore folder. when i got the os back up, i made a backup of the working system in the sys restore.

Thanks for all your help.

 

[LadyLisa]

You're welcome. I'm glad it all worked out.