BleepingComputer.com: XP Total Security 2011 Prevents System Restore

I have had the problem of XP Total Security 2011 effectively blocking me out of one of our XP laptops.

The following article comes the nearest that I've found to providing a solution that the layman can use:

http://computersplace.net/virus/how-do-i-get-rid-of-xp-total-security-2011.html

However, though the above may work for some users, unfortunately it didn’t for me, though a modified version does appear to have worked successfully.

I had already manual inserted the registration number into XP Total Security 2011, as suggested at the following link:

http://www.2-spyware.com/remove-xp-total-security-2011.html

I was still unable to run System Restore in Normal Mode, nor could I run the full HP Recovery process by pressing F11 during Startup.
Similarly in Safe Mode I was unable to run System Restore from My Computer – right click deactivated.
Restarting into Safe Mode, if I selected No, as opposed to Yes when confronted with the explanatory Dialogue, which is shown before loading Personal Settings in Safe Mode, then System Restore was successfully launched. I selected the most recently available Restore Point and ran it. This has allowed me back into the system, enabling me to launch Malwarebytes. The latter has successfully detected several infections. I also notice that, as Malwarebytes has begun to make progress, so Microsoft Security Essentials has also been able to identify a problem.

Hope this is of use to some other sufferers!

Milo

This post has been edited by Budapest: 06 April 2011 - 04:14 PM
Reason for edit: Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP

I have manually disabled this scareware virus (or however you want to define it) half a dozen times, although after disabling it I scanned the computer with Malwarebites and Superantispyware.

If you have this virus, your computer will act as if it's possessed and you will be denied access to your Task Manager. Just shut down the computer and restart it. The virus lurks in the system Startup and only takes seconds to load following a reboot (do not restart in Safe Mode). As soon as Windows has loaded enough for you to access your Start Menu, click Run, type in msconfig and click OK. Once in the System Configuration Utility, select Startup (you will only have seconds to do this and it may take several attempts to get the timing right). Once you see the list of items in Startup, look for anything suspicious, particularly in the location C:\Documents and Settings. (I have always made it a habit to keep a list of the items in my Startup. The easiest way to do this is to create a screenshot. Just bring up the list of Startup items in the Configuration Utility and press the Print Screen key. Then open a new Word document, paste the image there and print it out for future reference. Note: you will need to do this each time you add a program to your Startup items.) After unchecking the suspicious item, click OK. If you unselected the correct item, your computer should boot normally. Then I suggest emptying your System Restore history. To do this, click Start, click Control Panel, click Performance and Maintenance, click System, click System Restore, and then check Turn off System Restore. Restart the computer (if, after restarting, you get a message about a change in your Startup items, just check the box so that it doesn't tell you again). Then go back to System/System Restore and uncheck Turn off System Restore. Restart again. Scan with Malwarebites and Superantispyware (be sure both programs have been updated first). Then, for future reference, create an updated list or screenshot of the items in your Startup. (If you are still worried the virus might be lingering somewhere, scan with Spybot Search & Destroy and Microsoft Security Essentials. You could also download and run CCleaner to tidy up the items in your Startup.)

Milo O, on 06 April 2011 - 04:02 PM, said:

I would not recommend using the method given in this link. Messing about in the registry is dangerous if you do not know what you are doing and can easily render your computer un-bootable.

Topic closed.