posted 10-05- 03:21 PM               

For those who have sent me e-mails and are waiting for files.

A worm got past my virus scanner and firewall ( I was using mozilla mail, the virus scanner is compatible with Netscape mail, but mozilla mail is just different enough that it doesn't autoscan the e-mail files). It also managed to slip into the most recent restore point under WinME. Herein lies the problem. Removing the infected files causes WinMe to restore the infected files from the most recent system restore on the next reboot. If I reply to any e-mails or post any files, it will hitch a ride.

The anti-virus company is trying to help me with this, the problem is MS gives no options to delete the restore point or turn restore off, and none of the restore files can be viewed in a file manager, so I can't delete them that way either. WinME also refuses to let the virus software delete the infected restore point (Thanks again for taking away control from the user MS jack****s). Although this is a known worm, this is the first time they've seen it buried in a system restore file.

I can't wipe the drive as I need some of the files off it and if I back them up this thing will go with the backup. I have to get this puppy disinfected first.

Since I don't wish to pass this headache on to anyone else, nobody will get a e-mail reply from me until this is fixed (it's recommended to NOT use webmail as I can still send this along, especially when uploading files).

posted 10-05- 07:15 PM               

Hey Jug - I had some experience with the SirCam worm; and even though Norton quarantined it, it was still busy mailing evil while I was reading the info at SARC before deleting it(!) I found it was working from a hidden folder in the recycle bin. From a DOS window do a "dir /ah" in c:\recycled. If anything but "desktop.ini" shows, do "attrib -h c:\recycled\" and then delete it/them. While you're at it, do a full drive search for hidden folders from the c:\ prompt "dir *. /ah /p"