OK. That Event Log entry shows that Defender is finding the malware in system
restore. I will give you links to helpful info about safe mode and system
restore.
CHSAFE: Getting into Windows Safe Mode
http://www.computerhope.com/issues/chsafe.htm
-CH000775: Disabling System Restore.-
http://www.computerhope.com/issues/ch000775.htm
Disabling System Restore
http://download.nai.com/products/mcafee-avert/systemhelpdocs/disablesysrestore.htm
You can probably get rid of this just by purging system restore using the
above instructions. To be perfectly sure the PC is clean, go into safe mode.
do full scans and removal with McAfee and Defender, disable system restore,
turn off your computer, wait 30 seconds, reboot computer and then turn
system restore back on. If you feel comfortable with the instructions about
system restore, there is a way to create a new CLEAN restore point and save
it and purge all the others. I will copy those instructions below. They come
from someone else with more knowledge than me: It
is a common recommendation, when cleaning for viruses in Windows ME or
Windows XP, to advise that System Restore be disabled and all old stores
cleared before starting on your cleaning. We do not recommend this approach.
The reason for the recommendation is that many viruses are stored when a
System Restore point is created and, should you use System Restore, you will
bring these back onto your computer. This is useful to know! But it is also
true that, in cleaning highly infected systems, sometimes you make mistakes
that cripple Windows and it is better to be able to take a step back to a
working version of Windows - even an infected one! - rather than have Windows
trashed completely. To quote Mow Green, "a leaky lifeboat is better than no
lifeboat in a storm."
What we recommend is: (1) Understand that using System Restore on an
infected system might bring back virus-infected files you don't want. (2)
Leave System Restore in place until your computer is clean and stable. (3)
Then get rid of the old infected restore points.
TO CLEAR OLD SYSTEM RESTORE POINTS
On an infection-free computer, make a new restore point:
- Launch System Restore from its Start Menu | Programs | Accessories
shortcut (or directly launch C:\Windows\System32\restore\rstrui.exe from a
Run box).
- Select "Create a restore point." Click Next and follow out the menus.
Then, purge all restore points except the most recent:
- Run Disk Cleanup, either from its Start Menu shortcut, or from right-click
+ Properties on C: in My Computer, or from directly launching
C:\Windows\System32\cleanmgr.exe from a Run box).
- After it scans, click the More Options tab, then Clean Up in the System
Restore section, confirm the action, then click OK to run it.
That's it!
BOTTOM-LINE SUMMARY OF RECOMMENDTIONS
(1) Know the risk of reinfection if you System Restore before it is cleaned.
(2) Until it is cleaned, don't use it unless you absolutely have to.
(3) Leave SR cache in place during cleaning since a leaky boat in a storm is
better than no boat in a storm, and returning to an
infected computer state is better than losing everything.
(4) Clean the machine.
(5) After the machine is clean, make a new SR point and purge all the old
ones.
(6) Rescan to make sure things remain clean.
_________________
Jim Eshelman, MS-MVP (Windows Shell/User - Windows Security)
"People should not be afraid of their governments. Governments should be
afraid of their people." - V
Old Rebel: Old, but not too old to learn new tricks!
