How to use the Symantec Endpoint Recovery Tool to replace an infected file.
|Article:HOWTO41831|||||Created: 2011-01-18|||||Updated: 2011-01-21|||||Article URL http://www.symantec.com/docs/HOWTO41831|
There is a legitimate Windows file(s) that has been infected by a virus and the installed Symantec AntiVirus product is not cleaning the file(s).
The Symantec Endpoint Recovery Tool can be used to find and replace infected files on the system.
1. Boot the system from the Symantec Endpoint Recovery Tool cd.
2. Choose the command prompt from the Advanced Menu.
3. Verify the location of the file that needs to be replaced. What is the full path to the windows file?
4. Get a copy or know the location of a clean system file you intend to replace.
5. Use the command prompt in the recovery tool to delete the bad system file.
6. Use the command prompt to copy the good file to the correct location in step 3.
7. You can use the command prompt to rename the extension of the file if necessary.
You can also restore files using the Windows Recovery Console
How to install and use the Recovery Console in Windows XP
You can use Shadow Copy in Windows 7 and Vista
You can view shadow copies on each of your Windows folders. The Windows shadow copy client assumes you can boot to the operating system. Use a Windows 7 boot disk to repair and recover boot files. To restore a folder or recovery a corrupted file, use the following steps:
- Click the Windows Orb in the task bar. Click “Computer.”
- Navigate to the folder where your file was located. You need to know where you kept the file saved, if you want to restore Windows files and unerase a removed folder.
- Right-click the folder that contains your file. Click “Properties” in the context menu. A window opens showing you general properties for the folder.
- Click the “Previous Versions” tab. This tab shows you all the previous versions of you Windows folders. They are sorted by date.
Article URL http://www.symantec.com/docs/HOWTO41831