I hope this is the right section for my query.
Yesterday I got hit by "Security Sphere 2012" and found the Remove Security Sphere 2012 (Uninstall Guide) page on BleepingComputer.com. I proceeded through it like so:
– No threats found
– It terminated "KbdStub.exe" (Hewlett-Packard) and "Sf.bin" (Alwil Software)
– Found "Trojan.FakeAlert" (named "~!#E90.tmp" in the Temp folder)
I then went through all the other steps except for points 23 to 26 (I looked at the Hosts file and it only had "localhost" and a list of "adobe.com" references) and point 27.
After that, everything seemed to be fine, however I've just noticed that System Restore doesn't work how I'd expect it to...
Thing is, I haven't got a clue if it is a result of Security Sphere (or something more innocuous like ZoneAlarm?) because today was actually the first time I've used System Restore since I got my new system several months ago.
This is what happens:
- I go to the Start menu and select System Restore.
- I choose that I want to continue with this action.
- It is nowhere on my screen, however when I go to Task Manger, "rstrui.exe" is running as a process.
- Minutes later, it finally appears. (seems like an unusually long wait)
- I then choose the point I'd like to restore to.
- The sytem restore initialises and seemingly does all the normal stuff before the computer reboots.
- Once back in Windows, everything appears normal - a program installed today is gone, while a program uninstalled two days ago is back - but then, a number of minutes later, I get an error message saying "System Restore did not complete successfully. Your computer's files and settings were not changed."
What could be the reason for this? Is it likely to be a result of "Security Sphere 2012" still infecting my computer in some way? Or is it probably something else?
I was thinking of attaching a HijackThis log (btw, HijackThis told me that write access to the Hosts file was denied) to help determine if there's still anything amiss with my computer, however I'm not sure if any such logs are allowed to be posted in this subforum.
Thank you in advance for any help!
Edited by EmmVee, 21 December 2011 - 09:24 AM.