C:\_RESTORE\TEMP\A0029707.CPY Trojan horse IRC/BackDoor.SbDot

[doffen]

Used AVG to scan my ME system. Said it found four BackDoor.SbDot trojans and a Worm/Surnova as well as a Virus called Weird. AVG couldn't heal or move them to virus vault. Said to disable _restore folder. They are all there listed like this.
Testing C:\ serial 0B70-18FE
C:\_RESTORE\TEMP\A0029707.CPY Trojan horse IRC/BackDoor.SbDot
C:\_RESTORE\TEMP\A0041615.CPY Trojan horse IRC/BackDoor.SbDot
C:\_RESTORE\TEMP\A0041616.CPY Trojan horse IRC/BackDoor.SbDot
C:\_RESTORE\TEMP\A0046313.CPY Virus identified Worm/Surnova
C:\_RESTORE\TEMP\A0079883.CPY Virus found W95/Weird
C:\_RESTORE\TEMP\A0098897.CPY Trojan horse IRC/BackDoor.SbDot

Question - When I went into properties and was to click on disable restore as per AVG website it was already clicked. Do I delete these files somehow? Or are they effectively safe in the disabled folder? One instruction said to click box again to enable restore function if needed. Won't that spread the viruses again?

Thanks for any clarification.

 

[AVChap]

Since these are in the \_RESTORE\TEMP directory, just delete them after disabling system restore. They will not re-infect your system unless executed.

HTH, AVChap
... take my advice, I don't use it anyway!

 

[doffen]

Thanks for your quick reply AVChap.

I enabled the _restore folder and deleted the files. Emptied recycle bin. Went back to disable _restore and it was rechecked as disabled automatically.

Oh well running avg again to double check. It'll take a while.

Thanks again