System Restore and Virus removal

  wotbus@ 21:15 19 Jan 09
Locked

I am in the process of trying to remove virus from a friends PC. As a result of a lot of reading on the net, there appears mixed conclusion with regard to de-activating System Restore in order to run deep scans. Some say it should not be switched off before the infection is removed and others say you can't remove the infection if it's in the "restore" area.
I would welcome any comments, thanks.
PS: Vista by the way but need not be in the Vista Forum.

  woodchip 21:21 19 Jan 09

Do not de-activate it may be the only way back. Try running a scan in Safe Mode. But it true that one you have sorted the computer System Restore should be turned off to remove all Restore Points Then Turned back on to create a new Clean Restore Point

  wotbus@ 21:26 19 Jan 09

That's what I read and erred on the side of caution, so thanks for that woodchip.
Unfortunately, this particular virus has removed the ability to start in safe mode and I am not going to mess with the boot.ini file.
It's Trojan.DNSChanger-Codec by the way.
SuperAntiSpyware detects it and quarantines it but it's back after re-boot. A2 and AVG don't detect it. I am currently running a scan with Vipre AV & AS and it has been detected but whether it will remove it remains to be seen after the scan.

  woodchip 21:34 19 Jan 09

Don't know if it will remove it, click here

But this should remove it click here

  wotbus@ 21:37 19 Jan 09

I have been surfing for hours and never saw either of the two links woodchip. TVM - I will try the latter ASAP :-)

  wotbus@ 21:45 19 Jan 09

I won't have time for another scan this evening so I will post back sometime tomorrow. Thanks again for the links ;-)

  gazzaho 22:34 19 Jan 09

I just posted this on the other thread about system restore.

Restore can actually retain a virus. I got a virus warning while using kaspersky quite a few years ago and no matter how many times I tried to remove it, on reboot it kept re-detecting the damn thing. Eventually, after a lot of hair and sanity loss I realised the file was residing inside the system restore. If I remember correctly I had to switch restore off and then do the scan in order to remove it, then switch restore back on.

As far as I can remember, the virus was removed but the file that carried the payload was being detected in the system restore. To be honest I can't remember if kaspersky removed it or if I did a search for the file and deleted it myself.

I always turn off restore before scanning for viruses because of my experience.

  wotbus@ 13:12 20 Jan 09

I have run several free softwares which claim to remove it but no go, so it looks like a dedicated virus removal forum and HJT logs with a 1 on 1 advisor.
I have learned the virus is very early in the boot.ini folder so when you re-boot "in order for the virus cleaning process to be complete" - the virus re-activates before the AV software can do it's job.
I am currently running Malwarebytes which is the last I will try before HighjackThis.

  wotbus@ 16:58 20 Jan 09

Thread closed but unresolved.

This thread is now locked and can not be replied to.

Best phone camera 2016/2017: Galaxy S7 vs iPhone 7 vs Google Pixel vs HTC 10 Evo vs OnePlus 3T vs…

1995-2015: How technology has changed the world in 20 years

The Pantone Colour of the Year 2017 is Green

Super Mario Run preview | Hands-on first impressions of Super Mario Run: Mario's iPhone & iPad…