G-Stress Posted July 27, 2007 Share Posted July 27, 2007 I had a really weird problem last night, trying to help someone over the internet. They previously had viruses which were properly quarantined and removed with Norton Corporate Edition v.7 I believe. A couple days after they were removed Norton would spit out these random notifications saying it found something within the system volume (e.g. C:System_restore{004539023-CCAD-9823423F} ) that is the info in the notification and then quarantined are a bunch of weird files (A00094990.exe) I had this problem sometime ago on one of my machines running 2k3 and was able to solve it by removing the registry entries... (I think) I couldn't remember exactly, but I removed a registry entry after searching for the first set of numbers in the above (e.g.) then the folder that was contained in I just removed the whole folder. I believe it was called something like KeystoNotDelete or KeystoRemove something like that. After that this person wasn't able to access the internet at all, but did have a valid IP. We tried a system restore to a couple previous dates as far as a month back which failed back that far. Rebuilt the tcp/ip stack, still nothing. Then today I guess it was fine and able to access the internet. I am just curious if anyone has any idea what could have prevented this machine from accessing the internet being that it had valid ip information and I thought the registry key I removed only associated with norton? Quote Link to comment Share on other sites More sharing options...
moonlit Posted July 27, 2007 Share Posted July 27, 2007 Looks like it's still infected, I'd wager System Restore's files are also hosed. I say reinstall, it'll be much, much easier than trying to pick out the crap. Quote Link to comment Share on other sites More sharing options...
G-Stress Posted July 30, 2007 Author Share Posted July 30, 2007 Yea that's probably what I'm gonna end up doing. Surprisingly the next day the machine was able to route out to the internet and everything seemed fine, but a re-install is probably what I'm gonna do. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.