Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remove System Restore Infection


  • This topic is locked This topic is locked
10 replies to this topic

#1 Steven1279

Steven1279

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 31 October 2011 - 06:45 PM

Hello All

My computer got hit with system restore and I follow all the step how to remove system restore guide line, but I still have a problem with it. My computer still run slow, the web search can not play music, no sound and pop up error. I am trying to run Combofix for my computer and can't get through the system. Please help!!! What's should I do? Is this infection get into my Root file?

Thanks

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:15 AM

Posted 31 October 2011 - 10:36 PM

Hello, Please do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer.
If needed we will run it with you.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 JBE117

JBE117

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 01 November 2011 - 07:51 AM

Hello - I too got hit with the System Restore malware/virus. Unfortunately I didn't find this forum before attempting the removal myself. I ran Malware Bytes and IOBit ASC . Also came across RKill. Have manually unhidden the majority of directories/folders. One of the problems that I now face is that IOBit Asc (I think) deleted all the temp files. Now, after reading many of the postings and guides on this site, I find that I have now deleted the files necessary to restore the shortcuts to my programs etc. Is there any way to recreate this information? I am able to browse to the directories where the apps are located and then run the program, or if I do a fresh install of the programs the shortcuts are populated. I am hoping to avoid having to reinstall all the apps, and even more depressed about the possibility of having to reinstall the OS and the apps.

After removing the malware/virus and fixing the majority of the damage, I also updated a few programs that needed newer versions etc... I am wondering about possibly using a restore point but don't know if that will revert the updated programs to their previous outdated version. What about new files (I am a photographer and have a working directory that I edit files in and then back them up to external storage when I am finished)? The original files prior to edit have also been downloaded to external storage so I at least have them.

Preparing for the worst, but hoping for the best.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:15 AM

Posted 01 November 2011 - 03:29 PM

JBE<<<
see if post 2 here can help you.
http://www.bleepingcomputer.com/forums/topic405724.html/page__p__2305412__hl__missing+start+menu+shortcuts+__fromsearch__1#entry2305412
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 JBE117

JBE117

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 02 November 2011 - 12:05 PM

Boopme -

Thanks for the link to the restore procedure. I was already able to restore the majority of those shortcuts by copying them from another PC. I am still missing a number of shortcuts or menu items (not sure what the correct term is) that should be listed under "Computer" on the right side of the pop-up "menu" when you click the Start button. Basically, everything that should be listed below the logged-on user name (Documents, Pictures, Music, Control Panel, etc...)is missing except "Computer".

Thanks again.

JBE

#6 Steven1279

Steven1279
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 02 November 2011 - 02:48 PM

Hello Boopme

I am trying to follow step 6-9 and run DDS log, but I was unable to do it. The DDS program scan my system and then froze my comp right away. Please advice. Thanks

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:15 AM

Posted 02 November 2011 - 03:50 PM

@ Steven1279
If you cannot get DDS to work, please try this instead.

Please download OTL by OldTimer and save it to your Desktop.
  • Close all other applications and windows so that you have nothing open.
  • Double click on the Posted Image icon on your desktop.

    Vista/Windows 7 users right-click and select Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • Under Output, ensure that Minimal Output is selected.
  • Click the "Scan All Users" checkbox.
    Leave the remaining selections to the default settings.
  • Click the Posted Image button.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad:
    • OTListIt.txt <- (will be maximized)
    • Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply.
    If the Extras.txt log is too long, you may need to add a second reply to your thread or upload it as an attachment.
  • Click the red X in the upper right corner to exit OTL.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If OTL did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:15 AM

Posted 02 November 2011 - 03:54 PM

@ JBE117

I suggest you try running SFC.. If no joy ,,,you will need yo post a DDS log,see after SFC.

SFC

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.


DDS>>>>
Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Steven1279

Steven1279
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 02 November 2011 - 06:39 PM

The AVG Anti-Virus show me some Malware (C:\32788R22FWJFW\CMD.exe). Please advise. Thanks

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:15 AM

Posted 02 November 2011 - 09:32 PM

Hello, see post 2, You need to post the log in a different location. Thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,049 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:15 AM

Posted 03 November 2011 - 06:12 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic426179.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users