RE: Virus Question about Win32/Hantaner

It seems you might be using Windows ME or XP, The option of system restore, keeps a copy of system files for further recovery of the system.

Files, in this area connot be normally removed or cleaned by the antivirus software.

Windows Millennium Edition (ME) and Windows XP have a feature known as System Restore, which creates backups of certain files in the _Restore folder. The System Restore feature usually backs up files with EXE or COM extensions, which may include infected files and malware programs. Files in the _Restore folder are protected and can only be accessed using System Restore. This feature must be disabled first before antivirus can access and clean these files.

The following procedure disables the System Restore feature:

For Windows ME
Right-click the My Computer icon on the Desktop and click Properties. Click the Performance tab.
Click the File System button.
Click the Troubleshooting tab.
Select Disable System Restore.
Click Apply > Close > Close.
When prompted to restart, click Yes.
Press F8 while the system restarts.
Choose Safe Mode then hit the Enter key. After your system has restarted, continue with the scan/clean process. Files under the _Restore folder can now be deleted. Re-enable System Restore by clearing Disable System Restore and restarting your system normally.

For Windows XP
Log on as Administrator.
Right-click the My Computer icon on the desktop and click Properties. Click the System Restore tab.
Select Turn off System Restore.
Click Apply > Yes > OK.
Continue with the scan/clean process. Files under the _Restore folder can now be deleted.
Re-enable System Restore by clearing Turn off System Restore

-----Mensaje original-----

De: maz [mailto:maz@short-b.us]
Enviado el: Miércoles, 06 de Agosto de 2003 11:39 a.m. Para: focus-virus@securityfocus.com
Asunto: Virus Question about Win32/Hantaner

I've been searching on how to rid a machine of this virus. Currently this virus is sitting in "d:\system volume information"

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

All attempts I've had trying to access this (through boot disks, mounting in Linux etc) yield nothing.

I've tried AVG from Grisoft, and McAfee from NAI.

Any help would be appreciated.

Regards,