Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System restore is not able to protect your computer.


  • Please log in to reply
7 replies to this topic

#1 IH.MY.PC

IH.MY.PC

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 11 February 2013 - 11:17 AM

I had a virus called LIVE SECURITY PLATNIUM. I have remove the virus using several programs such as malware bytes, rougue kiler and a few others and have also ran unhide.exe. Now the only leftover problem is system restore is not working. It is not listed in services.msc. When i try to run it from system tools it says "System Restore is unable to protect your computer. Please restart your computer, and then run System Restore again". Which I have done several times to no avail. Can anyone help with this? I am running Windows XP Home Addition SP3.


Edited by IH.MY.PC, 11 February 2013 - 11:44 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:16 AM

Posted 11 February 2013 - 11:54 AM



Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:
 


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

Edited by narenxp, 11 February 2013 - 11:58 AM.


#3 IH.MY.PC

IH.MY.PC
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 11 February 2013 - 12:22 PM

Here is the report.

 

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html


 

Program started at: 02/11/2013 12:07:59 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3


 

Checking for Windows services to stop:


 

 * No malware services found to stop.


 

Checking for processes to terminate:


 

 * C:\WINDOWS\system32\HPZipm12.exe (PID: 1896) [WD-HEUR]


 

1 proccess terminated!


 

Checking Registry for malware related settings:


 

 * No issues found in the Registry.


 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.


 

Performing miscellaneous checks:


 

 * No issues found.


 

Checking Windows Service Integrity:


 

 * Dnscache [Missing Service]
 * EventSystem [Missing Service]
 * helpsvc [Missing Service]
 * Netman [Missing Service]
 * NtmsSvc [Missing Service]
 * seclogon [Missing Service]
 * upnphost [Missing Service]
 * WmdmPmSN [Missing Service]
 * wscsvc [Missing Service]


 

 * SENS [Missing ImagePath]
 * SharedAccess [Missing ImagePath]
 * srservice [Missing ImagePath]


 

 * W32Time [Missing Parameters Key]
 * WebClient [Missing Parameters Key]
 * napagent [Missing Parameters Key]


 

Searching for Missing Digital Signatures:


 

 * No issues found.


 

Checking HOSTS File:


 

 * HOSTS file entries found:


 

  127.0.0.1       localhost


 

Program finished at: 02/11/2013 12:08:33 PM
Execution time: 0 hours(s), 0 minute(s), and 33 seconds(s)



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:16 AM

Posted 11 February 2013 - 12:25 PM

Download

 

http://download.bleepingcomputer.com/win-services/xp/Dnscache.reg

http://download.bleepingcomputer.com/win-services/xp/EventSystem.reg

http://download.bleepingcomputer.com/win-services/xp/helpsvc.reg

http://download.bleepingcomputer.com/win-services/xp/Netman.reg

http://download.bleepingcomputer.com/win-services/xp/seclogon.reg

 

Launch them and click YES

 

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run RKILL again and post the new log



#5 IH.MY.PC

IH.MY.PC
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 11 February 2013 - 01:00 PM

here is the new report:

 

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html


 

Program started at: 02/11/2013 12:50:25 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3


 

Checking for Windows services to stop:


 

 * No malware services found to stop.


 

Checking for processes to terminate:


 

 * C:\WINDOWS\system32\HPZipm12.exe (PID: 1448) [WD-HEUR]


 

1 proccess terminated!


 

Checking Registry for malware related settings:


 

 * No issues found in the Registry.


 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.


 

Performing miscellaneous checks:


 

 * Windows Firewall Disabled


 

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000


 

Checking Windows Service Integrity:


 

 * NtmsSvc [Missing Service]
 * upnphost [Missing Service]
 * WmdmPmSN [Missing Service]


 

 * SENS [Missing ImagePath]
 * srservice [Missing ImagePath]


 

 * W32Time [Missing Parameters Key]
 * WebClient [Missing Parameters Key]
 * napagent [Missing Parameters Key]


 

Searching for Missing Digital Signatures:


 

 * No issues found.


 

Checking HOSTS File:


 

 * HOSTS file entries found:


 

  127.0.0.1       localhost


 

Program finished at: 02/11/2013 12:50:57 PM
Execution time: 0 hours(s), 0 minute(s), and 32 seconds(s)



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:16 AM

Posted 11 February 2013 - 02:08 PM

Download

 

http://download.bleepingcomputer.com/win-services/xp/NtmsSvc.reg

http://download.bleepingcomputer.com/win-services/xp/upnphost.reg

http://download.bleepingcomputer.com/win-services/xp/SENS.reg

http://download.bleepingcomputer.com/win-services/xp/srservice.reg

http://download.bleepingcomputer.com/win-services/xp/W32Time.reg

http://download.bleepingcomputer.com/win-services/xp/WebClient.reg

http://download.bleepingcomputer.com/win-services/xp/napagent.reg

 

Launch them and click YES

 

Restart the PC,try to launch system restore now.



#7 IH.MY.PC

IH.MY.PC
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 11 February 2013 - 03:06 PM

That worked, all seems to be good now. Thank you for the help. This is the best place I have found for those problems that I just can not figure out. Thank you again!



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:16 AM

Posted 11 February 2013 - 03:09 PM

You're most welcome :)

 

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users