I'm infected with the above virus, I think I've been infected before and got rid of it by deleteing some registry keys but now it has infected files in a hidden folder called C:\_RESTORE\TEMP\filename.CPY. 30 files are infected now, 60 were infected but my antivirus software cleaned them, now it's just these 30 which I can't deleted because it says the sourse may be in use, I don't know if these files are safe to delete so can anyone give me any assistance on getting rid of these infected files, or cleaning them

Hi

I got rid of this worms, IFRAME exploits and lots of other dangerous e-mails by installing MailMagic. It's a talking Mailchecker, Spamblocker and Maillist Manager. But with its fine spam filters it's even able to detect and flatten such stuff right on the POP3 server even before you download it into your email program. It's really worth to give it a try. I've gor some 3 to 5 Klez mails and the same amount of IFrameEploits. Now none anymore, all deleted :-)

Just a hint for you folks...

Fred

PS: You may find MailMagic here:
http://www.buddyshare.org/mailmagic/

hi david,
here's some info on badtrans and some of its signature files. you can get more info at www.thepublicworks.com security section, click on simovits consulting and other numerous links on that page concerning trojans and trojan ports.

Name: Badtrans
Aliases: TROJ_BADTRANS.A, W32.Badtrans.13312@mm, I-WORM.BADTRANS, DUNpws.av,
Ports:
Files: INETD.EXE - Kern32.exe - Hkk32.exe - Hksdll.dll - Cp_23421.nls - fun.pif - Humor.TXT.pif - docs.scr - s3msong.MP3.pif - Sorry_about_yesterday.DOC.pif - Me_nude.AVI.pif - Card.pif - SETUP.pif - searchURL.scr - YOU_are_FAT!.TXT.pif - hamster.ZIP.scr - news_doc.scr - New_Napster_Site.DOC.SCR - README.TXT.pif - images.pif - Pics.ZIP.scr - - 13,312 bytes
Created: 2001
Requires:
Actions: Worm / Steals passwords / Mail trojan / Trojan dropper
Alters Win.ini. When the attachement is run, it shows the message
Versions:
Registers: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
Notes: Works on Windows 95, 98, NT and 2000, together with MS Outlook andMS Outlook Express. Also works with other MAPI enabled software.
Country: written in Great Britain
Program:
cheers,
murve

Sounds like you are running Windows ME and it is normal for anti-virus programs not to be able to delete files out of the _RESTORE directory.

(Start - Programs - Accessories - Control Panel - System)
click "Performance" tab
click "Advanced settings"
click "File System" bar
click "Troubleshooting" tab
check "Disable system restore" box
click "Apply" and Close window
Reboot system

Then wait a few minutes while system deletes the files. Go through above steps again, and uncheck the "Disable system restore" box.

Run full AV again and then DEFRAG.

Just to let you guys know that I got rid of the infected files, thanks to you all who helped and espicially JackG whos solution worked, I'm very grateful.