Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Syatem Restore


  • Please log in to reply
12 replies to this topic

#1 Verons88

Verons88

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kuala Lumpur
  • Local time:03:09 PM

Posted 25 November 2006 - 09:34 PM

Hi, may I know how I can disable my system restore?
I need to do some scanning for malware/spyware for my laptop in safe mode, with the restore disabled.
I've been searching for this (restore) topic, but couldn't find it.

Thanks in advance.
Veronica Yeoh

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:03:09 AM

Posted 25 November 2006 - 10:08 PM

A guide for system restore can be found here: Windows XP System Restore Guide

One word though...

Be careful turning system restore off when doing cleaning. If you wreck your system, you will not have a safety net to fall back on. Having an infected restore point is better than nothing. May I suggest following our malware removal guide.

Good luck

rigel

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 25 November 2006 - 10:12 PM

Click on Start> .. Control Panel> .. System icon... then click on the tab labeled System Restore. Then click on the checkbox to turn it off.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:09 AM

Posted 25 November 2006 - 10:23 PM

Be careful turning system restore off when doing cleaning. If you wreck your system, you will not have a safety net to fall back on. Having an infected restore point is better than nothing. May I suggest following our malware removal guide.


I have to agree with Rigel here. Rather than turning off system restore while doing the scans, do the scans first, make sure everything is running fine, then flush the system restore by turning it off and then back on. And yes, do go through the malware guide. It's very good at step-by-step explanations.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Verons88

Verons88
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kuala Lumpur
  • Local time:03:09 PM

Posted 25 November 2006 - 10:31 PM

Thanks Walkman, rigel

Be careful turning system restore off when doing cleaning. If you wreck your system, you will not have a safety net to fall back on. Having an infected restore point is better than nothing.


I'm not a computer savvy person here, and quite worried that I will wreck my machine!

I'm now wondering is it Necessory to turn OFF my system restore just to do a good malware cleaning....

If I can skip the system restore, and get a good malware cleaning, then I will choose the safe way.

Thanks again, will be waiting for next suggestion :thumbsup:
Veronica Yeoh

#6 rowal5555

rowal5555

    Just enough info to be armed & dangerous...


  • Members
  • 2,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Kilda, Dunedin. South Island. NZ
  • Local time:08:09 PM

Posted 26 November 2006 - 12:21 AM

It may be helpful for you to browse thru this forum. http://www.bleepingcomputer.com/forums/t/72630/where-is-system-restore/

Good luck. Cheers

rowal5555 (Rob )                                                             

Avid supporter of Bleeping Computer's
Team 38444

You can help find a cure


 


#7 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:01:09 AM

Posted 26 November 2006 - 01:45 AM

The "need" to clear System Restore, has to do with any infections that may be hiding in there.
If you had to do a restore, and the restore date you choose was infected, you would restore the infection.

Before flushing your restore points, make sure your computer is totally clear of any infection.
Go to System Restore, and disable it, which will clean out all restore points.
Then re-enable System Restore, and set a new restore point.
Now if you ever have to do a System Restore, you'll have a clean one to restore to.

You don't want to clear your restore points before cleaning your computer, because if the cleaning causes a crash, you'll have a restore point to fall back on, and as rigel said, an infected restore point is better than, no restore point.
It will be easier to clean an infection, then having to reinstall the operating system.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:09 AM

Posted 26 November 2006 - 04:32 PM

If your restore points are infected - there's nothing that you can do to clean them (until you restore them).

So leave System Restore on in Safe Mode while you scan for viruses. If the system comes up clean - then your restore points are probably clean. If it's dirty, then the restore points are probably dirty also.

If it's clean - you don't need to turn it off. If it's dirty, once you do the repair and everything is working ok - then you can turn it off, then turn it back on and make a new restore point.

Things lurking in System Restore generally can't hurt your system - they have to be restored in order to hurt you.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 Verons88

Verons88
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kuala Lumpur
  • Local time:03:09 PM

Posted 26 November 2006 - 06:12 PM

Ok, this is what my AVG antispy found, I think it is at the system restore. I done this test in safe mode with system restore ON. Since I've quarantine it, does this mean my system restore is cleaned now? When should I click 'Remove Finally' from my AVG? I've just created another restore point after the cleaning, is this the right way? Thanks again!

Posted Image
Veronica Yeoh

#10 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:09 AM

Posted 26 November 2006 - 07:21 PM

Yes, that's the way to do it. If AVG reports that it can't clean it (likely), then as long as your system is running well it's OK to disable System Restore to delete these buggers. Quarantine is a way of isolating them so they don't cause any problems. System Volume Information is the hidden directory that your Restore Points reside in.

Make sure to turn it back on and make another Restore Point ASAP.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#11 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:02:09 AM

Posted 26 November 2006 - 07:30 PM

The Funweb garbage (shown in the AVG screenshot) is malware that infected your computer when downloading things like screensavers, free games, smileys, etc.
Not a very high risk issue but malware just the same.

The registry entry may be a different story, but you cut off the info in the screenshot you posted that would tell us what it is.

It is a browser helper object that can be either legit or not, depending on what it is, although it probably is malware that was hidden in one of the "free" crapware associated trojans from Funwebs.
Read the EULAS from now on!

Being that AVG has quarantined them, and you had AVG delete them, I suggest that you do the following, (because there is probably a lot more malware infection present than just the few AVG found.

By the way, AVG has issued a new freeware version, V7.5 and their old freeware version will not be supported for too much longer, so go to their website and update your version - not just the definition updates - update the program to the new version which will continue to be supported. Get AVG Anti-Spyware Free while you're at it as well):
http://free.grisoft.com/doc/1

Back to your malware infections:

Run The Windows OneCare Free Scan (on-line scan)
To run the Windows One Care Free Scan
Go to Windows Live Onecare Free Scan site using Internet Explorer.

It will say "Get a free PC safety scan"
http://safety.live.com/site/en-us/default.htm

Make sure you click "Full Service Scan" in the middle of the page and
not the "Try It Now Free" offer on the right side.

Allow the download of a Active X components.
Choose "Complete Scan" in the window that opens
Click "Next"
Do not click on anything else that offers you a free trial or to sign up if you live in the US.

Allow it to scan - it may take quite a while, possibly two hours or so depending on the size of your hard drive is and how fragmented your registry and drive may be.

After completing the Windows OneCare Free Scan run both Adaware and Spybot Search and Destroy from safe mode, updating each program’s malware definitions before you reboot into safe mode to scan and allowing both to fix what they find.

If you do not already have these freeware aps installed on your computer, you can get them at the following sites:

*AdAware SE:
http://www.majorgeeks.com/download506.html

*Spybot S&D:
Spybot (in its default settings) now ignores certain products such as New.Net and Sidestep even though they are crapware. New.Net compromises the WinSock stack and spies on your Internet activity by routing all your DNS queries through the NewDotNet.DLL.
To enable detection of the above malware go to Spybot's "Settings", "Ignore products", "All products" Tab, right click on "Product", left-click on "Deselect all".
Download Spybot from:
http://www.safer-networking.org/en/index.html
Be sure to enable “Teatimer” while you are setting up the program which gives you realtime protection against malware infection.

Following that that I suggest you post a “HijackThis” log in our “Hijack This” Logs and Analysis Forum for expert assistance with your malware infection.

Read the pinned post in our “HijackThis Logs and Analysis” forum,
here
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Carefully read and follow all directions carefully.

Following the instructions create a HJT log, and POST THE HJT LOG THAT YOU CREATED IN OUR HJT LOGS AND ANALYSIS FORUM – not in this forum,
at this link.
http://www.bleepingcomputer.com/forums/posthjtlog.html

Include the specs for your computer (i.e., what processor, amount of RAM, brand or motherboard, etc, and briefly describe that AVG found infections)

Unless you are expert at editing the registry, Do not use the Hijack This program to try to fix anything by yourself as even what may seem to you to be a small mistake can hose your system and render it inoperable.
Some files when in the correct folder for them may be legitimate and necessary but in different files may be hidden malware.


A member of our expert HJT Team will analyze your log, make recommendations and offer assistance, guiding you through the complete process necessary to disinfect your computer.

Do not delete your System Restore Points until advised by our HJT Expert to do so. They cannot reinfect your computer unless you use an infected point to "Restore" it, so just being there causes no harm.

It may take a short period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Posting your Hijack This log anywhere but in the Hijack This Logs and Analysis forum will delay their response as it will require a moderator to move the log there before the HJT Team will see it and it will fall behind other logs posted after yours was posted, so be sure to post your log in the Hijack This Logs and Analysis forum.

Please be patient as this team is manned by volunteers. They will help you in order received as soon as possible.

NOTE
Once you have posted your HJT log, please DO NOT make any additional posts in the HJT Logs and Analysis forum thread you created until you get a response from a member of our HJT expert team, and do not make any additional changes to your system (changes, including any attempted repairs, will make your computer to be different than as represented in the log you posted and therefore make your log inaccurate).

The first criteria the HJT Team has when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having had 1 reply.
A team member, looking for a new log that requires help might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, post your HJT Log in our HJT Forum (not here in this forum) and wait for a response from a HJT team member.

After you post your log, please do not make any changes to your computer. Discontinue trying to delete anything with any program as changes will make your HJT log obsolete and waste valuable time spent by our HJT experts analyzing the log made inaccurate by changes and therefore their plan formulated to address the problems will also be obsolete.

If after 5 days you still have gotten no response, then post a re-request and a link to your HJT log HERE.
http://www.bleepingcomputer.com/forums/topic14717.html

Make sure you post your HJT log in the HJT forum, not here, because if you post it here in this forum the response from our HJT Team will be delayed because the post will have to be moved before they see it and it will fall in line behind many others posted that same day.

If you want to continue downloading "freebies" and do not want to read every EULA, I suggest you get the following freeware ap that will help you (somewhat) avoid malware infections that are actually disclosed in the EULAs that accompany "freebie" that include malware as many if not most actually are. The companies that infect your computer while disguising their spyware actually get the user's permission to install their garbage and rely on the fact that most users will not bother to read their EULAs!

EULAlyzer™ 1.1
http://www.javacoolsoftware.com/eulalyzer.html

Edited by Enthusiast, 26 November 2006 - 07:36 PM.


#12 Verons88

Verons88
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kuala Lumpur
  • Local time:03:09 PM

Posted 26 November 2006 - 07:50 PM

Thanks, Enthusiast for your very detailed help.
I guess I got the adware when I try to have some extra animated smileys for my yahoo messenger last time. Anyway, I've got the smiley program / toolbar uninstalled 2weeks ago..
My AVG is version 7.5. I download it weeks ago. I also have Ad-aware SE, Spybot S&D, Spyware blaster, XosfSpy SE & Superantispy free.
My current scan (in normal mode) with all the spyware tools shows no infections. Just that when I runing safe mode, AVG happens to find some adware still hiding in the restore.
I will be doing a scan with OneCare Free Scan later when I come home in the evening, since it may take 2 hours to scan.

Thanks again for the help :thumbsup:
Veronica Yeoh

#13 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:02:09 AM

Posted 26 November 2006 - 08:03 PM

You are welcome.
AVG 7.5 is the most current version. (you did set it to update definitions automatically?)

The other AVG freeware ap which I highly recommend was formerly known as Ewido - extremely good and extremely useful!
http://free.grisoft.com/doc/1




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users