|
|
|
Start new subject | Reply to this subject
|
[1]
|
 The Mountaineer |
Sat, 07/11/09@01:46
|
|
Still in Kathmandu running in circles chasing trojans but now having a problem with system restore.
I finally gave up on trying to rid three computers and three usb flash drives of a trojan killvirus.vbs today which basically hijacks IE homepage to a "goggleonline" webpage! I'd succeeed once with this a couple of weeks ago with System Restore in safe mode, restoring to a set point on October 10th which I know is/was clean, but now I can't get restore to work, constantly getting the usual message "your computer cannot be restored ....". I'm running on XP Home. I'm baffled and would appreciate any help.
|
buteman |
Sat, 07/11/09@08:52
|
|
The Mountaineer Have you tried updating and running the free version of this.
click here it gets rid of most problems.
Another good one is this.
click here
That is a pay for program but you get 30 day trial and it will remove anything that it finds.
Running scan with malwarebytes is better if you can run it in safe mode.
|
Fruit Bat /\0/\ |
Sat, 07/11/09@10:10
|
|
If malwarebytes won't run due to the infection, rename the mabam.exe file to something like rabbit.exe and then try running it.
|
The Mountaineer |
Sat, 07/11/09@10:43
|
|
Buteman and Fruitbat, thanks for replying. Sorry I didnt give more information last time as follows:
So far I have run Malwarebytes, superantispyware, spybot etc., a-squared, and my Panda 2010 suite, all in Safe mode as well as normal. Only a-squared detected and "removed" the trojan, but it keeps coming back, and strangely it no longer can be seen in the Sys32 folder where it originally resided. How do I know I've still got it? Because IE home page keeps getting hijacked to this damned goggleonline.blogspot false page! As I said in my first post an earlier success I had was to roll back via system restore to Oct 10th, the day before I flew out here, but that has now stopped working. I've tried using superantispyware's system restore repair feature, but that hasn't cured it.
I'm about to try two things: I'm currently downloading Trojan Remover from Simply Super Software as you recommend Buteman, then failing that I'm going to switch off system restore in case the trojan is "hiding" in some restore points.
Unless that works I'm going to put the netbook in my suitcase, get home next Thursday and do a clean reinstall of Windows. Failing that, a large hammer .....
Unless further suggestions received which it would be discourteous to reject!
|
buteman |
Sat, 07/11/09@11:17
|
|
Maybe you have to open your hidden files before you run the scan the next time.
Not on XP anymore and cannot quite remember how it is done.
maybe someone can tell you how to do it just in case it is hiding in there.
|
madboy33©® |
Sat, 07/11/09@11:21
|
|
The Mountaineer I havent read all your posts, but have you tried switching off system restore then running all tests?
I have a feeling the virus is locked in system restore and unfortunately the only way to eradicate it is by turning off the restore and deleting the restore points - which by turning it off will do so!
|
The Mountaineer |
Sat, 07/11/09@11:33
|
|
Buteman, the Trojan Remover found it, blocked it and renamed it. I hope these were the correct options. IE now opens with the correct home page (though I mostly use Firefox and Chrome).
Still a bit concerned about it returning from hidden system restore folders since Panda is regularly blocking hijack attempts so deleting these is my next step as per your advice Madboy. Got about 20mins before nightly power cut for an hour so I may be a while before I can post feedback, but I will.
Thanks everyone so far.
|
buteman |
Sat, 07/11/09@11:53
|
|
If you would like to download Winpatrol it will stop anything from changing your Home page.
click here
It will warn you if anything tries to change your computer settings.If it is anything that you have not tried to download or you are not sure what it is just deny it you can always allow it again later if you find out it is needed.
click here
You want the free version.
|
buteman |
Sat, 07/11/09@11:54
|
|
Sorry for the double click here.
|
The Mountaineer |
Sat, 07/11/09@16:09
|
|
System Restore still didnt allow me to go back to Oct 10th so switched off and all points deleted. Switched System Restore back on again and saved a "clean" restore point but noticed that Panda has a System Volume Information folder (with restore points information" in it listed as a "dont scan" folder which seems highly suspicious.
IE Homepage is still OK though but living for a month in Trojan City has been a real eye opener and I will never be so smug about my Panda/CCleaner/Malwarebytes trio ever again. I wont be taking a hammer to my little Eee PC but I WILL be doing a clean reinstall when I get home.
Buteman, Winpatrol looks interesting and I will download and install it, once I have removed Superantispyware, a-squared, Spybot, Spywareblaster, Malwarebytes, ....... from my little netbook which is creaking and groaning under the strain!
Thanks for your help everyone, safe for 5 days now till I can get home.
Marked as resolved
|
Sea Urchin |
Sat, 07/11/09@17:50
|
|
click here
|
The Mountaineer |
Sun, 08/11/09@02:34
|
|
Buteman, Winpatrol downloaded and working well. I like it and will install it on my other systems when I get home. Thanks
Sea Urchin, I've read the article link you sent me on System Restore and understand it but am confused by it ... if that doesn't sound too cock-eyed! So, if system restore doesnt take you back to a clean registry/OS after a viral infection what's the point of it? I can understand that the virus may be elsewhere, in a programme folder for example, so recontamination will occur. But I still dont understand why SR wont roll back to a clean point, even though that may be reinfected once booted. Thanks for trying anyway, maybe I'm just thick, but under normal circumstances I would just do a restore from my C drive daily backup on an external HD or as a last resort do a clean reinstall of Windows. I've been caught out by being away from home for so long.
|
|
[1]
|
|
Total threads 325773 | Total posts 2112113 | Total users 293200
|
|
Forums > Helproom
|
Back to top
|
