Virus infecting rstrui.exe

  realist 19:23 05 Jun 09
Locked

My sister says she gets this message when trying to open programs, including running av programs:

"Warning
Application cannot be executed the file rstrui.exe is infected"

She is expecting me to visit and fix this. Is there a simple solution or is it going to be easier to carry out a repair/reinstall of OS (Vista Home Basic)?

I googled the "warning" but not much help forthcoming and so far unable to identify the virus.

Many Thanks

  mfletch 19:36 05 Jun 09

This is to do with the system restore {RSTRUI.EXE}

Has she tried to do a S/R?

Right click on the tsk-bar and stop the RSTRUI.EXE processes or restart the computer,

Then turn off the S/R and create a new restore point,

Steps to turn off System Restore

1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab. {Protection for Vista}
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box. {unpick The drive you want to turn off}
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?After a few moments, the System Properties dialog box closes.

Steps to turn on System Restore

1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab. {Protection for Vista}
3. Click to clear the Turn off System Restore check box. Or, click the Turn off System Restore on all drives check box.
4. Click OK.
After a few moments, the System Properties dialog box closes.

  rdave13 19:40 05 Jun 09

Sounds like system restore virus/malware infection. Try running antivirus, antispyware/malware in safe mode first. Run malwarebytes in ordinary mode and see if pc clear. If so I'd disable sys restore, reboot and re-enable it.

  Fruit Bat /\0/\ 19:43 05 Jun 09

Do a sfc /scannow
vista should replace the rusti.exe file. then run your Av scans

  rdave13 19:58 05 Jun 09

If the antivirus your sister is using is Avast then select a 'scheduled scan'. This runs the AV before Vista loads and will allow you to quarantine the virus/malware in advance.

  realist 20:02 05 Jun 09

Thanks everyone.
I'll copy out your advices and run through it with her tomorrow.

  realist 22:25 05 Jun 09

Now looks likely to be System Security 2009 so will also follow advice in this thread: click here

  realist 20:04 06 Jun 09

System Security 2009 removed by running Vista system restore in safe mode.

This thread is now locked and can not be replied to.

What is ransomware and how do I protect my PC from WannaCry?

Disney layout supervisor Rob Dressel on the challenges of visualising Moana

Siri vs Google Assistant