• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Have a virus, and need help accessing a folder!Afee will not delete this file either, because of the qacc

Shamrock

Shamrock

Golden Member
Hi,

about 10-14 days ago, I started getting CPU usage straight upto 99% whenever i dialed up to online access, the file was sysconf.exe, I didnt expect it to be a virus because I run my McAfee twice a week, it didnt pick it up.

so I downloaded new update definitions...low and behold...sysconf.exe is a VIRUS!

IRC-SDBot. I new variant has been spread as of May 7th.

I have removed the virus...initially, by removing sysconf.exe and the registry entry to load it...HOWEVER (this one is a doozy)

there is a backup to restore it tucked away in my c:\system volume information folder, and access is DENIED to it, I have unhidden it, unread-only, and gave access to every part of that folder, I have used admin rights and even safe mode! and access is still denied. I cannot get this ONE file out of that folder, AT ALL! here is another pice of info. Mcafee will not delete this file either, because of the access denial.

if anyone can help me get into this folder and delete this "backup" file, I'd be grateful.

Thanks,

Shamrock

P.S. this is Windows XP Pro :\
 
It's normal not to have access to that folder. I never got access myself even after using the instructions I've found online for it.

You could use a boot disk with write ability for NTFS (if you use that) or a plain DOS boot disk if you use that. I don't think that the Recovery Console for XP allows you to read that directory.

Did you perform the steps mentioned here? http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

Incidentally, sysconf.exe isn't the file. It creates a Registry key referring to "sysconfig" which points to a copy of the worm named iexplorer.exe to be loaded at startup. Make sure that the Run keys in the registry for this are removed.

What's a "qacc"?
 
yes I did the disable system restore, and yes I deleted the registry entries 🙁 I'll try the bootdisk thing next
 
oops, the qacc is a mistake, notice I got part of McAfee on the subject line too. Another window popped up and I wondered where my typed letters went!
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top