Badtrans.B recovery in Windows ME

Topic

New Reply

I and many others here were victims of the I-worm Badtrans.B scourge. Fortunately most email servers have picked it up and stripped out the offending attachments which were sent to thousands of others.

I was able to get an update of AVG antivirus to detect it and on all the machines at work with WIndows 98 I have managed to clean them up. However at home I have WIndows ME. and 5 copies of the worm were detected – 3 in windowssytem directory which were quarantined and 2 in the _restoretemp directory which can not be quarantined, moved, cleaned. or deleted. Re running the AVG tells me I still have 5 viruses on the hard drive but all 5 are now in the _restoretemp directory. Infected files are all A001*.CPY in the above directory.

I know that I can delete these files by doing a cold minimum boot to DOS, possibly changing the file attributes to unhide them. What I would like to know is – is it safe to delete these files? I understand that these are used for a system restore if required but mine is disabled (by AVG?) anyway.
Sorry this is a wordy post but any help would be gratefully received.
Cheers Brian

Reply | Quote

Replies

You can remove these files in real time without having to reboot to DOS. Simple Right Click on the My Computer Icon -> select the Performance tab -> click on File System -> and finally select Troubleshooting Tab – under that tab checkmark the last selection ‘Disable System Restore’. Click on Ok, Ok,OK. and Reboot.
Your _restore directory will be gone and you do not need to re-uncheck that field (unless you need/want to have the system restore reactivated.
Bob

Reply | Quote

Thanks for your reply.

My understanding was that all AV progs disabled the System Restore feature and sure enough it was already disabled on my system. Even so, the _RESTORE folder and its myriad of files is still on the drive and there is no way to delete anything from this folder in real time (ACCESS DENIED message). However, if you re-boot to DOS (not from a DOS session) you can delete the files.

Anyway I took the plunge and deleted the offending files and so far everything is OK

Brian

Reply | Quote

I had the same problem, but was unable to delete these files in ME, Safe mode, or with a boot diskette.

I got around it by booting to my Linux partition, mounting my WinME partition, and deleting the files from there.

Good old Microsoft….. when it doesn’t work, use another OS.

Reply | Quote