Tech Support banner

Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Newbie here,
but I think I figured something out.
Maybe this is old news, if so, I certainly couldn't find it yesterday when I needed it.
Some anti-virus, anti-spyware programs can remove System Restore Points. Found that out the hard way!
After reading up on missing System Restore Points, it seems that Spybot S&D is being blamed for instability. Well, I installed AVG free Anti Virus today, and the same thing happened. It may happen with any anti-spyware, anti-virus
program (I think, if it's doing it's job).
If you think about it.....if the infection has been there imbedded in memory, and not detected, it will be on all available Restore Points, right? Once you load a AV Program that detects AND removes the infected file, the file is no longer available....so there may not be a System Restore file anymore.
Does this make any sense....or am I way off????
BTW, I did manage to get rid of WinFixer, for today anyway. Ran free AVG twice. Downloaded new Ad-Aware defs (now recognizes virtumondo). Had to run Ad-Aware twice. Infection has been gone for about 12 hours now, nice break. It may be back tomorrow....but I've enjoyed the last 12 hours!
FYI......before running anti-spyware, anti-virus programs, create a back-up disk! Although.....you might be backing up the infection too.... !!!
 

·
Registered
Joined
·
1,097 Posts
Firinne said:
Newbie here,
but I think I figured something out.
Maybe this is old news, if so, I certainly couldn't find it yesterday when I needed it.
Some anti-virus, anti-spyware programs can remove System Restore Points. Found that out the hard way![
Yes, this is old news, however, it is always good to know about this.

Firinne said:
If you think about it.....if the infection has been there imbedded in memory, and not detected, it will be on all available Restore Points, right? Once you load a AV Program that detects AND removes the infected file, the file is no longer available....so there may not be a System Restore file anymore.
I'm not quite sure what you mean here, but if a virus is on your system, and you created a new restore point, then you just backed up that virus also. Make sure your system is totally clean before creating a restore point. If a virus has infected your restore points, then disabling and then enabling System Restore will purge/delete the restore points from your system.

I would also recommend that you scan for viruses/spyware in Safe Mode. If you are just using Adaware to get rid of spyware, then that is not enough.
 

·
Registered
Joined
·
2 Posts
Discussion Starter · #3 ·
Thanks Resolution!

Not quite familiar with the format here yet, so I'll be safe and post new!

Anyway, thanks for your info. Wish I talked with you about 24 hours ago! Regarding my issue with the Restore Points, all I could find was Spybot bashing yesterday.
Get ready for more questions and/or experiences with Winfixer/Vundo! It seems to be rearing it's ugly head everywhere now. So, there are going to be more questions about missing Restore Points I imagine. The only reason I even found out about the missing Restore Points is....I installed Avast AV and it seemed incompatible, sucked up resources, homepage was missing. Also, the interface was confusing and the darned alarm was annoying. Good grief....just scan the PC and give me the lowdown....I don't need alarms going off during a scan! Especially when a pop up appears with a "radioactive" like symbol....and no matter what option you choose, the infection is detected again, alarm sounds, scan stalls, firm "Caution" voice blasts. C'mon......! However, it did do more than Norton did....for free.
Well, I installed free AVG yesterday, scanned twice, scanned twice with Adaware-SE. I also use Microsoft AntiSpyware (although that did not remove this insidious beast). Last evening, scanned again.....nothing.
I've got my fingers crossed......nothing detected YET. I'm ready to scan again.....I'm soooo paranoid. Geeze, if I could figure out how to copy and paste a HijackThis log.....I'd do it for piece of mind!
Sorry this post is long. Just figured I'd give a through description of my perils, for the benefit of those looking to post or just lurking.
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Hi Firinne -

You raise some good points. Res has addressed the system restore points issue.

I may be able to address some of your concerns with HJT.

If you've placed the exe in a folder of it's own, as you should, then a log will be created in that folder when you do this:

Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.
The log is named hijackthis.log.

Simply click in the field, Press CTRL + A, then press CTRL + C, then in your HJT thread, press CTRL +V. Or.....With the log open, go to Edit in the Menu bar, click Select All, then select Copy, then in your HJT thread, right click and paste.

A vundo infection takes a particular tool and process right now to eradicate, and the first step is to post a HJT log in the HijackThis Log Help forum.

I use Avast, and like the alarms :grin:.....but you can turn them off. Program Settings.

AVG has similar bells and whistles, they can also be controlled through the user interface.

Hope this helps.
 

·
Registered
Joined
·
1,097 Posts
For HijackThis, just choose the option to "Do a system scan and save a logfile". It will output a logfile in the same directory that hijackthis.exe is in. Copy and paste the entire log file to the HijackThis forum, and let the guys over there will analyze it and give you removal steps.
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top