Virus in my restore points

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a virus that is locked in my restore points and anti-virus software
can't delete it. Can I safely delete my restore points and if so, how do I
accomplish this task without completely wiping out my computer. Thanks.
 
Try turning off System Restore, reboot, then turn it back on.

How to turn on and turn off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405&Product=winxp

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

-----------------------------------------------------------------------------------

:

| I have a virus that is locked in my restore points and anti-virus software
| can't delete it. Can I safely delete my restore points and if so, how do I
| accomplish this task without completely wiping out my computer. Thanks.
 
Carey-

Shouldn't jra1951 try to rescan/repair while System Restore is still turned
off, before turning it back on (to eliminate the infection)?

I have similar situation and am interested if turning System Restore allows
antivirus and malware tools access for cleaning.

Thx
 
Yes. One should perform a full scan (preferably in Safe Mode) prior to re-enabling the
System Restore cache.

--
Dave




| Carey-
|
| Shouldn't jra1951 try to rescan/repair while System Restore is still turned
| off, before turning it back on (to eliminate the infection)?
|
| I have similar situation and am interested if turning System Restore allows
| antivirus and malware tools access for cleaning.
|
| Thx
|
| "Carey Frisch [MVP]" wrote:
|
| > Try turning off System Restore, reboot, then turn it back on.
| >
| > How to turn on and turn off System Restore in Windows XP
| > http://support.microsoft.com/default.aspx?scid=kb;en-us;310405&Product=winxp
| >
| > --
| > Carey Frisch
| > Microsoft MVP
| > Windows XP - Shell/User
| >
| > Be Smart! Protect Your PC!
| > http://www.microsoft.com/athome/security/protect/default.aspx
| >
| > -----------------------------------------------------------------------------------
| >
| > "jra1951" wrote:
| >
| > | I have a virus that is locked in my restore points and anti-virus software
| > | can't delete it. Can I safely delete my restore points and if so, how do I
| > | accomplish this task without completely wiping out my computer. Thanks.
| >
 
here is the way to remove the restore points. Click Start, All Programs,
Accessories, System Tools, then Disk Clean up...when it is done finding
things to be removed..go to the more options tab..there's one about System
Restore..click the button next to it..and it will delete all the restore
points beside the last one..that was just used. If there is alot..u may gain
alot of hard drive space.
 
I've done all suggestions for my Restore and all check points are gone except
for today's date. Now, how do I go back to, let say, February 1 because I
have malware on my computer, on bottom right task bar and keep having pop ups
that warns me that my system is attached (driving me crazy) . Plse help.
tks.
 
From: "Di" <[email protected]>

| I've done all suggestions for my Restore and all check points are gone except
| for today's date. Now, how do I go back to, let say, February 1 because I
| have malware on my computer, on bottom right task bar and keep having pop ups
| that warns me that my system is attached (driving me crazy) . Plse help.
| tks.



Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate section.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.



Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


ALTERNATE:

S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php



Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *
 
Back
Top