My wife offered my services to a neighbor family who was having trouble with their Dell 8200. It's running WinME, and had mucho spyware, malware and viruses that I've found. Adaware found over 300 problems and fixed all but the ones named C:\_RESTORE\TEMP\A0097219.CPY (File names are similar, different numbers at the end) All these same files are also infected with the W32/Bagle.dll.gen virus per Stinger which finds them but cannot repair them.
Are these System Restore files? (System Restore is NOT currently enabled on the system) Can they be safely deleted?
Full Version: Help with Win ME
WooHoo, I found an answer for you before Alan 
Name: ozzie
Date: April 04, 2004 at 15:52:17 Pacific
Subject: Virus removal problem
OS: WinME
CPU/Ram: 191
Comment:
I am currently using AVG Free edition and for the past couple of days whenever I do a scan I get 'Virus Detected'. The log says the infected files are:
C:\RESTORE\TEMP.A0000927.CPY - Virus is Trojan Horse Downloader.S
C:\RESTORE\TEMP.A0000929.CPY - Virus is Trojan Horse Downloader.A
I've put both of these files in AVG's Virus Vault, highlighted one and clicked on 'heal' and just got an error message.
Anyone know how I can get rid of them.
Name: blender
Date: April 04, 2004 at 16:19:04 Pacific
Subject: Virus removal problem
Reply:
ozzie
That is your system restore folder.
Windows locks out the restore folder from modification by any programs including antivirus. (hence the error)
The recommened action is to disable system restore, reboot, re-scan with antivirus, if all clean then re-enable system restore.
The above action removes all restore points from the system along with the infected files. You will likely want to make a new restore point when done.
Name: ozzie
Date: April 05, 2004 at 11:52:45 Pacific
Subject: Virus removal problem
Reply:
Hi Blender
Thanks for the advice,followed your instructions and it worked a treat.
Name: ozzie
Date: April 04, 2004 at 15:52:17 Pacific
Subject: Virus removal problem
OS: WinME
CPU/Ram: 191
Comment:
I am currently using AVG Free edition and for the past couple of days whenever I do a scan I get 'Virus Detected'. The log says the infected files are:
C:\RESTORE\TEMP.A0000927.CPY - Virus is Trojan Horse Downloader.S
C:\RESTORE\TEMP.A0000929.CPY - Virus is Trojan Horse Downloader.A
I've put both of these files in AVG's Virus Vault, highlighted one and clicked on 'heal' and just got an error message.
Anyone know how I can get rid of them.
Name: blender
Date: April 04, 2004 at 16:19:04 Pacific
Subject: Virus removal problem
Reply:
ozzie
That is your system restore folder.
Windows locks out the restore folder from modification by any programs including antivirus. (hence the error)
The recommened action is to disable system restore, reboot, re-scan with antivirus, if all clean then re-enable system restore.
The above action removes all restore points from the system along with the infected files. You will likely want to make a new restore point when done.
Name: ozzie
Date: April 05, 2004 at 11:52:45 Pacific
Subject: Virus removal problem
Reply:
Hi Blender
Thanks for the advice,followed your instructions and it worked a treat.
I'll give re-enabling sys restore a try. McAfee said to disable then delete but even disabled you cannot delete them.
don't forget to run in safe mode when doing that. that way if any processes use them,most likely they will not be running in safe mode.
This machine is possessed! Last night after running adaware it refused to reboot. Finally got it to boot by using the verify each boot process option. After that it would not restart, but if I shut it down completely it would reboot. Now today all the items adaware found last night are back again (it is not connected to the net). I cannot enable the System Restore. Each time I reboot it reverts to the disabled mode. I finally got it to boot into safe mode and it is now letting me delete the .cpy files from the _restore folder, over 500megs of virus infected files were found in there.
I hated WinME when it was on my machine and this machine has not changed my mind.
I hated WinME when it was on my machine and this machine has not changed my mind.
IMO there comes a time where thing's are so messed up the best thing to do it backup data, format & reinstall everything. You'll spend less time, have fewer headaches and the folks will have a nice clean machine.....until they screw it up (people don't tend to change their habits).
if you do reformat, pls do not put win me back on there. blame all the problems they had on their os and get them to buy win2k or xp or even win98se....just not win me.
QUOTE(n99nyrwg @ 05-26-2004 - 11:24 AM)
if you do reformat, pls do not put win me back on there. blame all the problems they had on their os and get them to buy win2k or xp or even win98se....just not win me.
Geez, I must be the only person who's never had any problems with WinMe. I feel so special
Two questions:
1, how to restart Win-ME in safe mode?
2, my problems are 300 RG*********.CAB files in the _Restore/Archive/ folder. The oldest one was from Jun/12 last year. The system seems to generate one such file every three days or three everyday. Each file is about 5 MB. And 300 files used more than 2 GB files of my hard disc.
Mom does not have the original Win-ME installation disc that came with the machine with a valid lisence any more, so I cannot reinstall the system for her. Have to deal with what we have right now.
1, how to restart Win-ME in safe mode?
2, my problems are 300 RG*********.CAB files in the _Restore/Archive/ folder. The oldest one was from Jun/12 last year. The system seems to generate one such file every three days or three everyday. Each file is about 5 MB. And 300 files used more than 2 GB files of my hard disc.
Mom does not have the original Win-ME installation disc that came with the machine with a valid lisence any more, so I cannot reinstall the system for her. Have to deal with what we have right now.
1. restart the computer, right after the bios flash screen start tapping f8 until the boot menu pops up.
2. that is what i alan said i believe, system restore. to mess with system restore settings right click on my computer and choose properties. then goto the system restore tab.
2. that is what i alan said i believe, system restore. to mess with system restore settings right click on my computer and choose properties. then goto the system restore tab.
At first I did not find the system restore tag. But I found that on the tag says "Hard disc", there is an option called "space used by system restore" and the value set was "450MB/max". I just reduced that to 380MB. This cannot explain why the (Archive) folder is taking 2.3 GBytes though.
I disabled system restore and now I am restarting the computer in normal mode.
If I cannot delete the CAB files, I will try to restart in safe mode and try to delete them then.
Keeping my fingers crossed.
I disabled system restore and now I am restarting the computer in normal mode.
If I cannot delete the CAB files, I will try to restart in safe mode and try to delete them then.
Keeping my fingers crossed.
QUOTE(carloscai @ 07-23-2004 - 08:13 AM)
I disabled system restore and now I am restarting the computer in normal mode.
Once I did that, the HD space is released. I enabled the system restore option again and restart. The 2.6 GB was not taken back. YAY!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.