Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Fixed" XP recovery infection,Windows XP recovery icon still remains...


  • Please log in to reply
5 replies to this topic

#1 JohnnyFever

JohnnyFever

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 07 June 2011 - 12:14 AM

Hello all.
Yup. Got the XP recovery infection last night. black screen then blue screen, disabled task manager, critical popups etc. Protection was Microsoft Essentials.

Two main questions:

1-Ran microsoft security scanner, Microsoft essentials, Rkill, Malwarebytes Malware remover. That seemed to have eliminate 2-3 viruses/troj. But it wasnt until I did a system restore that things started looking better. After the Restore I had to run unhide.exe and that made things seem normal. Now to my question, is what I did enough OR will I have to reinstall from disk etc...? I guess I kinda feel that the System Restore is not the best fix. When would the malware rear its head again, immediately or later? I do not have the install disks...Circa 2004 system that I cant unload for standard reasons.

2-Also, I have this shortcut icon on the desktop 'Windows XP Recovery'...what is that? 819byte file that was created at the time of the infection 830pm 6/5/2011. Not sure what to do with this and where it came from...malware? Do I uninstall it? I havent opened it.

Gratzi.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:35 AM

Posted 07 June 2011 - 08:01 AM

Sometimes this method of recovery works but other times it may not since System Restore was not designed to be a virus or malware removal tool. Whether it will be successful depends on what type of infection you are dealing with, what damage the malware has already caused, whether it disabled System Restore and if not, and what is restored during the process.

This is what mvps.org has to say:

NO. System Restore was not designed to be a virus or spyware removal tool and should not be depended on to do so. Click here for more information on virus and spyware removal.

Can I use System Restore to remove virus or malware infection?

Generally it's better to leave System Restore alone until the machine is clean and stable. However, in some cases, using System Restore may return some system stability if you are having problems running disinfection tools or booting up. If you are able to successfully use System Restore to return to a previous state there is no guarantee your computer will not still be infected. As such, you should immediately perform scans with your anti-virus and anti-malware tools afterwards, then monitor your system for any signs of infection.


Also, I have this shortcut icon on the desktop 'Windows XP Recovery'...what is that? 819byte file that was created at the time of the infection 830pm 6/5/2011. Not sure what to do with this and where it came from...malware? Do I uninstall it? I havent opened it.

If Malwarebytes Anti-Malware does not detect a file which you know to be malicious, use its built-in FileAssassin feature for removing stubborn malware files.
  • Go to the "More Tools" tab and click on the "Run Tool" button
  • Browse to the location of the file(s) to remove using the drop down box next to "Look in:" at the top.
  • When you find the file, click on it to highlight, then select Open.
  • You will be prompted with a message warning: This file will be permanently deleted. Are you sure you want to continue?. Click Yes.
  • If removal did not require a reboot, you will receive a message indicating the file was deleted successfully.
  • Click Ok and exit MBAM.
  • If prompted to reboot, then do so immediately.
-- If the file returns, then you probably have other malware on your system which is protecting or regenerating it.

Caution: Be careful what you delete. FileAssassin is a powerful program, designed to remove highly persistent files. Using it incorrectly could lead to serious problems with your operating system if removing a critical file.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 JohnnyFever

JohnnyFever
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 07 June 2011 - 12:08 PM

Thanks Janitor.
Is that Recovery icon and the xp recovery program a residual from the original infection or is it something generated during the cleanup? Before fileassasin can I just uninstall it?
JF

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:35 AM

Posted 07 June 2011 - 12:21 PM

You said

file that was created at the time of the infection 830pm 6/5/2011

so I'm inclined to suspect it was not affected when you did the restore. Do not try to click on it as its not likely to do anything that will uninstall it. If anything it may be an executable file so just remove it the way I instructed which will ensure its removed and not executed by clicking on it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 JohnnyFever

JohnnyFever
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 10 June 2011 - 11:56 PM

Janitor, thanks again.
Before I fire up file assasin...I want to run one more thing by you.
Via the Start Menu and thru the 'programs' list there is, in fact a XP recovery program that when I wave over it it has an install option as well as an uninstall option. Wdyt? File assasin still the way to go?
Hmmm. I am not at that CPU but I wonder if there is an option to remove by the add/remove programs...will check. But if you get a chance let me know what you think above...
Thanks. Have a good weekend.
JF

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:35 AM

Posted 11 June 2011 - 06:46 AM

Windows XP Recovery is a rogue application. Everything about it and what it does is fake/bogus. Just use FileAssassin and be done with it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users