security risk or a backdoor program help me!!!!

found several thousand new zip files in my computer, virus
checker found during DOS run produced 4 suspictious temp
files the first being this,
c:\_RESTORE\TEMP\A0099303.CPY and then 3 more like it. I
tried to delete them and can not ... what to do ????
Thank you, asap asap please have over 92,000 zip
files added in a day.

Sandi
Mon Mar 01 01:47:11 CST 2004

They are simply data for your restore points. Disable system restore
(control panel, system, system restore tab), reboot then restart System
Restore to flush out your restore cache.

--
Hyperlinks are used to ensure advice remains current
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://www.mvps.org/inetexplorer

"Floyd" <lonestarfwg@elvis.com> wrote in message
news:471c01c3ff4f$af94a700$a301280a@phx.gbl...
> found several thousand new zip files in my computer, virus
> checker found during DOS run produced 4 suspictious temp
> files the first being this,
> c:\_RESTORE\TEMP\A0099303.CPY and then 3 more like it. I
> tried to delete them and can not ... what to do ????
> Thank you, asap asap please have over 92,000 zip
> files added in a day.

N
Mon Mar 01 02:19:51 CST 2004

In article <471c01c3ff4f$af94a700$a301280a@phx.gbl>, lonestarfwg@elvis.com
says...
> found several thousand new zip files in my computer, virus
> checker found during DOS run produced 4 suspictious temp
> files the first being this,
> c:\_RESTORE\TEMP\A0099303.CPY and then 3 more like it. I
> tried to delete them and can not ... what to do ????
> Thank you, asap asap please have over 92,000 zip
> files added in a day.

It looks like to separate issues. The easy one first; c:\_RESTORE\TEMP
\A0099303.CPY looks like a normal Winodws OS file; part of the System
Restore which comes with Windows ME and Windows XP. To clear suspicious
files from the System Restore folder means turning it off, then restarting
your computer. You will lose all restore points when you do that, but those
files are well-protected against tampering, and disabling is the only way I
know of to deal with it. Be sure to reactivate Sysetem Restore when you are
finished.

Thousands of .zip files added every day. Let me guess; you are running
Windows XP, on a high speed Internet connection. You aren't running behind a
NAT router, and you probably didn't activate the Windows XP ICF. Or you
clicked on an attachment in an email. Or...

It sounds like you have been "rooted"; some malicious character has taken
over your computer, and is using it as a repository of assorted files,
probably mostly illegal, and nothing you would want the authorities to know
are there.

I've never actually been in a similar position, so I don't know precisely
how to proceed. You probably need a serious Trojan hunter/killer program,
some adware seeker, and a current anti-virus program. Hopefully you can find
somebody willing to set you up with a boot disk with those items, as trying
to clean the infected computer by downloading the software you need may be
difficult, or even impossible; the latest such malware attempts to disable
protective programs, or prevent their installation and operation. A clean
boot disk is the best bet.

Good luck with the second problem.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

Ozone
Mon Mar 01 11:37:34 CST 2004

The best way to look at the mysterious files issue is to monitor your port
activity, and by all means get a firewall. There are several free ones that
can get you some protection immediately.

Ozone
"N. Miller" <nsm@blackhole.aosake.net> wrote in message
news:MPG.1aac92053fa37f5e989d55@msnews.microsoft.com...
> In article <471c01c3ff4f$af94a700$a301280a@phx.gbl>, lonestarfwg@elvis.com
> says...
> > found several thousand new zip files in my computer, virus
> > checker found during DOS run produced 4 suspictious temp
> > files the first being this,
> > c:\_RESTORE\TEMP\A0099303.CPY and then 3 more like it. I
> > tried to delete them and can not ... what to do ????
> > Thank you, asap asap please have over 92,000 zip
> > files added in a day.
>
> It looks like to separate issues. The easy one first; c:\_RESTORE\TEMP
> \A0099303.CPY looks like a normal Winodws OS file; part of the System
> Restore which comes with Windows ME and Windows XP. To clear suspicious
> files from the System Restore folder means turning it off, then restarting
> your computer. You will lose all restore points when you do that, but
those
> files are well-protected against tampering, and disabling is the only way
I
> know of to deal with it. Be sure to reactivate Sysetem Restore when you
are
> finished.
>
> Thousands of .zip files added every day. Let me guess; you are running
> Windows XP, on a high speed Internet connection. You aren't running behind
a
> NAT router, and you probably didn't activate the Windows XP ICF. Or you
> clicked on an attachment in an email. Or...
>
> It sounds like you have been "rooted"; some malicious character has taken
> over your computer, and is using it as a repository of assorted files,
> probably mostly illegal, and nothing you would want the authorities to
know
> are there.
>
> I've never actually been in a similar position, so I don't know precisely
> how to proceed. You probably need a serious Trojan hunter/killer program,
> some adware seeker, and a current anti-virus program. Hopefully you can
find
> somebody willing to set you up with a boot disk with those items, as
trying
> to clean the infected computer by downloading the software you need may be
> difficult, or even impossible; the latest such malware attempts to disable
> protective programs, or prevent their installation and operation. A clean
> boot disk is the best bet.
>
> Good luck with the second problem.
>
> --
> Norman
> ~Win dain a lotica, En vai tu ri, Si lo ta
> ~Fin dein a loluca, En dragu a sei lain
> ~Vi fa-ru les shutai am, En riga-lint