Virus detected in C:SYSTEM VOLUME INFORMATION_RESTORE{D2DF5…
-
Every day or so I receive a message from my virus scanner indicating that it has detected the Win32.FriendGreetings virus in C:SYSTEM VOLUME INFORMATION_RESTORE{D2DF5492-3C53-4C45-A50A-0364DOAFD538}RP45A0006899.EXE.O.AVB and that the cure failed and the file has been restored. Despite my best efforts, I can not find the virus anywhere in my system so it cannot be deleted. Can you advise me how to completely delete this virus from my system? I operate a Toshiba Satellite 2400 laptop with a 1.6 GHz processor, 256MB RAM, 20GB HDD, DVD, Modem, LAN, and Windows XP Professional. Any advice would be most appreciated.
The Win32.FriendGreetings virus which is present in your computer is in the System Restore folder. This is where all the restore points for Windows XP are stored. These are used in the event that Windows XP becomes unstable (so that the system can be rolled back to a previous ‘good’ state). In order to protect the integrity of the System Restore files, only the Windows System Restore utility can access the data store. Thus, your antivirus program cannot remove the virus as it does not have access to manipulate the data store. The simplest way to fix this problem is by purging the data store. Be aware that once you do this all restore points for Windows XP will be deleted! If you do not wish to do this, there is another, more complex method which can be followed by going to support.microsoft.com/default.aspx?scid=kb;EN-US;q263455 (be aware these instructions are for Windows Me and the placement of certain menus and options in Windows XP are different). However, if you wish to take the simple option and delete all restore points, then go to the ‘Start’ menu > ‘Control Panel’. In the control panel, double click ‘System’. Click the ‘System Restore’ tab. Tick ‘Turn off System Restore’. Click OK. Restart your computer. Once the computer has rebooted, run a virus scan. Be aware that the virus warning may not appear as the System Restore data store has been purged. After the scan has completed, re-enable System Restore (by going back into the System properties).
Subscribe
Donate!
The story thus far...This website is provided as a free resource to the community. However, when you consider the hosting fees together with other costs (including time) it ends up costing several hundred dollars to operate this site. Me (The Silicon Kid) funds this at the moment, but always appreciates assistance!
What can I do to help?
In the current harsh economic times if you could spare a few dollars towards this website it would be greatly appreciated! There are four buttons above, allowing you to contribute either $5, $10, $15, or $? (an amount of your choosing). All payments are processed securely through PayPal. Thanks in advance for your contributions :)
