i've run a virus scan on my computer and found these files: C:\windows\sysbckup\rb001.cab C:\windows\sysbckup\rb002.cab C:\windows\sysbckup\rb003.cab C:\windows\sysbckup\rb004.cab C:\windows\sysbckup\rb005.cab norton AV 2003 cannot quarantine them. since they are win.ini files, i was afraid to delete them in order not to cause moer damage to the existing. a search for this file in www.google.com brought me to your site. there i've found a similar case, but a little long ago...:(this is the attach...) After having trouble with the Dupator virus, I recently bought Norton SystemWorks 2003. I had it scan a few nights ago and it found the W32.Opaserv(win.ini) virus. It found and cleaned over 1900 files but still had 3 left over that it couldn't quarantine or delete. Two of these were C:\windows\sysbckup\rb000.cab and C:\windows\sysbckup\rb001.cab. Both of these were WinZip files that had just been put into my computer a few days ago. (I have since downloaded that patch.)Assuming that these weren't important files since they were only two days old and had been created during a time I wasn't on the computer, I deleted these. I ran Norton again and found that now I only have 1 infected file left. It's C:\recycled\nprotect\00001277.cab. I have no idea what this is. I have tried searching for it in my computer and within the recycling bin (using the Norton Protected UnErase Wizard) and there is nothing about it. So, how can I find and get rid of this last infected file? I've searched my computer for files like brasil.pif, brasil.exe, marco!.exe, etc. and havent found any of those. My Win.ini file *appears* to be normal. I don't have the renamed Put.ini or Gay.ini. I don't know where this is coming! ------------------------ back to my case: i understand that he had a similar problem. what should i do? should i try to first delete those files and then (if it won't work, like in his case) to try and delete them from the dos? please send me an explenation as detaias possible becase have a lack of knowledge in computer as you might have already assumed. thanks ! alon

Hi alon, hi everyone, >C:\windows\sysbckup\rb001.cab and similar... These files are backups of the registry Windows 98 makes every day at first start of the day. >C:\recycled\nprotect\00001277.cab. As you understood, this file is already in the bin... so you could delete it emptying the bin > 1900 files Wow! do you still have unaltered files on your disk? ;-) (just kidding) What about saving your data (your own files) and reformatting, reinstalling everything on the computer? I rarely suggest that as I prefer to try to cure and fix but you waited for so long that many parts of the system seem to be infected! HTH Have a good day, Gérard from Paris, France

Those are registry backup files. Read about it here

Anti-virus programs are not perfect. They will sometimes report false positives and sometimes miss real viruses. It appears that those Registry backup files were mistakenly thought to contain viruses. Norton 2003 is pretty dumb if he thought a 'CAB' file could do any damage to your system.

Since all of the cab files mentioned contain win.ini it may have been around for 5 days or so, and therefore be infected in each case (together with your current win.ini). Maybe Norton isn't so dumb, because if you restored the registry it would also put back win.ini from one of those cabs. Have you tried right clicking your current win.ini and asking your AV to check the file? Take a copy of it and save it elsewhere as a text file. Then you can peer at it with no risk of messing anything up. Derek

You can do it with a hosts file (not just pop-ups): http://yoyo.org/~pgl/adservers/ When you download the file I would advocate changing all the 127.0.0.1 entries to 0.0.0.0 (use Replace option in WordPad). Derek

Hi Derek, >You can do it with a hosts file (not just >pop-ups): etc. ??? Are you sure you didn't post in a wrong thread? wasn't it destined for anti-ad? Have a good day, Gérard from Paris, France