Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Xp System Restore Limitations?


  • Please log in to reply
3 replies to this topic

#1 cpr100

cpr100

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 12 July 2006 - 02:02 PM

A friend works for a small company run by a family who use their home PC for the business software and data (accounting, stock etc). Some members of this family have been rather careless in the use of this PC (visiting porn sites specifically) and my friend now has her work on the computer blighted by popups and adverts and all the usual stuff you might expect from the malware you can pick up on porn sites. A run of some online virus checker (don't know which one) claimed a count of 175 viruses.

She turned to me for help and I got her to install a copy of Norton Internet Security (I advised a fresh install of Windows but that was out of the question because it seems no-one at the company knows enough about computers to set all their business software back up and restore the data from what limited backups they do - and because I'm trying to offer tech support by phone I daren't get involved in anything that drastic)

Norton promptly detected and quarantined a large number of viruses however the removal of one (or some) of these affected the network settings and their accounting software (which connects via dial-up to a bank to send the payroll and is fairly vital) stopping it connecting. "Error 678" was the one given - something to do with the remote computer not responding as I understand it. Clearly the problem doesn't lie with the remote computer and interestingly the dial up internet connection still seemed to work ok anyway.

In order to get the accounting software working again we restored all the quarantined files and turned off Norton which left us back at square one. I suspect that removing the files again and running the utility winsockxpfix will sort the problems with the network but I'm nervous about trying anything I can't undo (I don't really want my friend to get fired because I gave her bad advice).

Hence I want to set a system restore point before I get her to try anything else. Basically my question boils down to this: If I run this utility and mess with the TCP/IP stack and other network settings and this affects this accounting software's ability to connect to the bank will going back to a restore point put it right again?

I know system restore backs up critical windows files I just don't how it interacts with other software and I'd rather know a bit more before I offer any more advice.

Congratulations on wading through this rather lengthy post. My apologies on the lack of technical detail but you now know about as much as I do on this one. Any advice would be appreciated!

BC AdBot (Login to Remove)

 


#2 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:12:12 AM

Posted 12 July 2006 - 02:22 PM

Hello and welcome to Bleeping Computer.
From what you describe you should be able to clean your system (your friend's system) without disruption or lost of files. Nothing is 100% since we do not know exactly what malware infects the computer in question.
I recommend you go to "Preparation Guide for use before posting a HijackThis Log", and follow the instructions provided. Once you begin it is important you follow any instruction given to you by the HJT Team. No one else should give advice, nor should you take advice except from a HJT Team member.
"2007 & 2008 Windows Shell/User Award"

#3 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:01:12 AM

Posted 12 July 2006 - 05:10 PM

Being that this computer is being used for business, payroll, accounting, etc, I suggest that they hire a professional to come in and disinfect their network, especially since you state no one there is competent to fix the numerous problems they have and that you are attempting to do it by remote control.

In addition to the viruses and adware they may be infected by trojans, keyloggers and who knows what else, and in my opinion your attempt at second party remote utilization of Hijack This, which will undoubtedly require registry changes, will be very risky.

It sounds like these people are playing Russian Roulette with their business just waiting to have their bank accounts and credit nailed. They need to have their complete network disinfected hands on by someone competent to do so and then protected with more than just a consumer version of Norton.

#4 cpr100

cpr100
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 15 July 2006 - 05:30 AM

Thanks for the advice. I told my friend to have it properly looked at so her firm decided to pass it to some guy that someone working there knew who said he'd do it for cash. It hardly sounds professional but its not my problem any more.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users