[pchelpers] Re: Protected infection in system volume folder
- From: John Durham <john.modec@xxxxxxxxxx>
- To: pchelpers@xxxxxxxxxxxxx
- Date: Mon, 26 Oct 2009 10:20:01 +1300
Ekhart GEORGI (last name last) wrote:
> OK, then besides the (still) erroneous forward slashes instead of
> backslashes, we now found another reason why you got error messages when
> running the attrib command, John: You also need to put (double i.e. " ")
> quotation marks around the path name in DOS commands when using names
> longer than 8 characters or with spaces.
Did I do that (slapping hand)?
> George, you're indeed right that the fastest and simplest way to get rid
> of malware in that folder is to temporarily turn off System Restore.
> However, many malware experts advise against removing all restore points
> in the situation that most computers are in when attacked by malware for
> the following reason:
>
> Even a malware-infected restore point is better than none at all, at
> least for most users. Instead of deleting all restore points, it's best
> to simply ignore malware found by antivirus scans in System Volume
> Information (because malware in there is completely harmless unless you
> use an old restore point) and to simply not use the restore points
> (unless you don't have any choice - and then you can get rid of the
> "resurrected" malware the normal way). The infected restore points are
> automatically removed when enough new ones have been made automatically
> or manually.
>
> As Scott has pointed out before, antivirus programs that do not know how
> to access and clean restore points are simply badly written. They should
> either use the method Scott described to automatically access System
> Volume Information or shut up and not blurt out their incompetence and
> not simultaneously worry users unnecessarily :-) The very least they
> could do is explain to users that their computer has been cleaned of and
> is in no danger from the malware whose copy is in some restore point,
> but that they should not use restore points unless absolutely necessary.
> They should then advise users to make a new restore point and then use
> Disk Cleanup to remove all but the most recent restore point once the
> computer has run well for a few days.
That reveals some good thinking. I will try to work out a way to apply
it to my system as time allows (busy day today).
--
Regards, John Durham <http://modecideas.com/contact.html?sig>
ICQ number 571215671 Fax/Phone 64 4 5286786
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Blog http://pc-tech-upper-hutt.blogspot.com/
Get a copy of my novel entitled "Return" at
http://stores.lulu.com/store.php?fAcctID=1382737
Good advice is like good paint- it only works if applied.
--
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at //www.freelists.org/cgi-bin/lsg2.cgi
List archives at //www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.
Other related posts:
