Have a virus and need help to access a folder! Afee not delete this file, because qacc [cpu usage] [mcafee]
Q: Hi,
about 10 to 14 days ago, I started straight CPU usage to 99% when I chose to online access, the file was sysconf.exe, I didnt expect it to be a virus, because I My McAfee running twice a week, it didnt pick up.
so I downloaded new definitions update low . and see . sysconf.exe is a virus!
IRC-Sdbot. Im new variant has been distributed as of May 7th.
I have removed the virus . first, by removing the registry entry and sysconf.exe loading . But (this is a doozy)
there is a backup to restore it tucked away in my c: System Volume Information folder, and access is denied, I no longer hidden, unread-only, and gave access to every part of that folder, I have admin rights, and even safe mode! and access is still denied. I can not get ONE file from that folder, AT ALL! Here is another pice guide. Mcafee not delete this file, because access denial.
if anyone can help me to get into this folder and delete it “backup” file, I would grateful.
Thanks,
guy
P.S. This is Windows XP Pro:
Overclocking Your Cpu to the Extreme Plus $57 upsell!
Re:oops, the qacc is a mistake, notice I got part of McAfee on the subject line too. Another window popped up and I wondered where my typed letters went!
New Cafe Start Up
Re:yes I did the disable system restore, and yes I deleted the registry entries
I'll try the bootdisk thing nextHomonym Words Dictionary
Re:you'll need to disable system restore to purge that volume!
Memory Optimizer Expert – Best Memory Optimizer & Ram Booster
Re:Here's more:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.h.html
Linux For Desktop PC And Notebook Computers
Re:It's normal not to have access to that folder. I never got access myself even after using the instructions I've found online for it.
You could use a boot disk with write ability for NTFS (if you use that) or a plain DOS boot disk if you use that. I don't think that the Recovery Console for XP allows you to read that directory.
Did you perform the steps mentioned here? http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
Incidentally, sysconf.exe isn't the file. It creates a Registry key referring to "sysconfig" which points to a copy of the worm named iexplorer.exe to be loaded at startup. Make sure that the Run keys in the registry for this are removed.
What's a "qacc"?
Related posts
Tags: cpu usage, mcafee