Virus in XP System Restore

Factual Questions
1

Throughout the day, I get a ton of virus emails. I have Eudora as my client and McAffee as my VS, and they all get caught and deleted.

However, every day I log in and find a message from McAffee that it cleaned a virus (SoBig, usually in a .pif or .scr file) from my latest System Restore folder.

I ran HouseCall to doublecheck and it did find a couple of things. Yet I still get these virus deletions every day.

I’ve also been plagued with SpyWare that I’ve cleaned (or so I thought) 2 days in a row now using both AdAware and SpyBot (both updated). S far today I haven’t gotten the SpyWare back, but I’m waiting to see what happens tomorrow.

Any idea of why I am getting the virus in my system restore and how I can get rid of it? I do use system restore from time to time, so I don’t want to discontinue using it. Turning it off for a day or so is fine by me, just not forever.

On a related now (i think) I had some weird files in my C:\ directory that I know I didn’t put there. One was labeled as an MFC Application (an exe file) and there were abou 8 others with no file extension and short random names like “nh5f” and “s1rt”. The contents of the files were simply “<mfc status=1 />”

I googled the exe’s filename and found nothing. Also googled all of the other little files’ names. Nothing again. I deleted all of that stuff and have seen no ill effects, but I was wondering if this had anything to do with my virus(?) or spyware.

Sorry for the long explanation but I’m just feeling creeped out :slight_smile:

Oh, and I have the MS Broadband Wireless Router with built in firewall, so no need for ZoneAlarm.

2

(Sorry if this ends up being a double-post. I kept hitting “refresh” and not seeing any evidence of my first attempt, which had timed out.)

I believe that the problem with your System Restore folder is that your McAffee software doesn’t have the access rights to delete any files that are in it. So it thinks that it’s taken care of those files, but it really hasn’t.

When this happened to my wife’s computer, the only way we could find to remove those files was to turn off the System Restore option and reboot. (I can’t remember if that act alone removed the System Restore folders or if we had to remove them manually after the reboot.) You could aoways re-enable the System Restore option afterwards (although you’ll have lost all of your earlier restore points).

Hopefully others will respond with better ideas than this one.

3

BTW, System Restore is a very reliable way to restore those virus infections you somehow lost! If you cleaned all infrections, then installed a devise driver that didn’t work, System Restore will easily restore your computer to the point before the driver installation…virus infections and all! :smack: Gotta love it.