Hi, I have a problem, I downloaded the test virus Eicar. I was able to rmove 2 entries, but theres a copy of it in my Cab files. When I try to delete it it says that this file is write protected. I did a restore and it was still there! I copyed the name of the file in search for files,folders and it did'nt show up. I know it wont hurt to leave it there but I really would like to know how to get rid of it, in case sometime down the road I get a real virus and it gets in my restore archive, I know how to get rid of it. The exact location is C:\RESTORE\ARCHIVE\FS3275.CAB
I am using McaFee 6.0. The Eicar test virus was a zip file and it said that its the hardest one to find.
Please, if anyone has any information on how to get this out of my restore files, let me know. Thank you for any help.

what os are you running? if you have ME or XP, disable system restore first, then run your antivirus program. according to norton, their antivirus should clean it.

Sorry, I forgot. Im using Windows ME Also how do you disable system restore?

he's using McAfee and regardless of Norton even McAfee should clean it

it's only a TEST virus, is not even real

www.eicar.org

is fun try it

as for the Removal

your McAfee is Toasted man

it's what they call a FALSE Positive

there should not be any eircar inside that .cab file unless you forced it in there

try this link to verify
http://security1.norton.com/ssc/vc_about.asp?ax=0&langid=ie&venid=sym&plfid=22&pkj=SOXCDTKJBTVISBYWWYP

Originally posted by jon46y
Sorry, I forgot. Im using Windows ME Also how do you disable system restore?

right click --> properties on my computer

then go to advance
then dissable that

:t

I figured that mcafee could remove it. I just was too lazy to check out their site. Norton's www.sarc.com is much easier to navigate. Sounds like it made a system checkpoint, or he manually created a restore point.

On the Eicar test I downloaded the one that goes in your hiarchy folder. Out of the 4 choices it said it's the hardest one to find by your anti virus program. Also, Thank you all for all the help!

So were you able to get rid of it?

Sorry it took me so long to get back to you. Yes When you disable and then rinable system restore it gets rid of all prior restore points and then sets another restore date. I scanned the system after that and there was no Eicar. Thanks John...