|
Posted by Sumo Wrestler (or just ate too on October 16, 2005, 10:45 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hello everyone. I've been to google and the microsoft
web sites, and everything I've tried to fix this problem
hasn't worked.
I have WinXP Pro, and I've recently removed malware
from my PC. My System Restore tab is missing.
Editing the registry doesn't work because "HKLM\Software\
Policies\Microsoft\Windows NT\SystemRestore" does not exist.
(The SystemRestore key does not exist under Windows NT).
Using GEDIT.MSC and going into Computer Configuration/
Administrative Templates/System/System Restore reveals
that both Turn Off System Restore and Turn Off Configuration
are set to Not Configured.
Starting and stopping the System Restore service in the
Control Panel does not help, and, from within CMD.EXE,
NET START says that the System Restore Service is running.
Evidently rstrui.exe has something to do with System Restore,
but when I try to run rstrui.exe from within CMD.EXE the
file cannot be found.
What do I do to get the System Restore tab back?
|
|
Posted by David H. Lipman on October 16, 2005, 11:59 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| Hello everyone. I've been to google and the microsoft
| web sites, and everything I've tried to fix this problem
| hasn't worked.
|
| I have WinXP Pro, and I've recently removed malware
| from my PC. My System Restore tab is missing.
|
| Editing the registry doesn't work because "HKLM\Software\
| Policies\Microsoft\Windows NT\SystemRestore" does not exist.
| (The SystemRestore key does not exist under Windows NT).
|
| Using GEDIT.MSC and going into Computer Configuration/
| Administrative Templates/System/System Restore reveals
| that both Turn Off System Restore and Turn Off Configuration
| are set to Not Configured.
|
| Starting and stopping the System Restore service in the
| Control Panel does not help, and, from within CMD.EXE,
| NET START says that the System Restore Service is running.
|
| Evidently rstrui.exe has something to do with System Restore,
| but when I try to run rstrui.exe from within CMD.EXE the
| file cannot be found.
|
| What do I do to get the System Restore tab back?
This may have been the side effect of a virus.
Download the following REG file (stored in a ZIP file).
http://www.ik-cs.com/programs/virtools/WinXP-Restore_Cache_Fix.zip
Extract WinXP-Restore_Cache_Fix.reg file to the desktop. Double-Click on the
.REG file to
fix the system.
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one
Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE.
It will
simplify the process of using; Sophos, Trend, Kasperski and McAfee Anti Virus
Command Line
Scanners to
remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode. This
way all the components can be downloaded from each AV vendor’s web site. The
choices are;
Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by Sumo Wrestler (or just ate too on October 17, 2005, 1:22 am
If you were Registered and logged in, you could reply and use other advanced thread options
>
> | I have WinXP Pro, and I've recently removed malware
> | from my PC. My System Restore tab is missing.
> [...]
> Download the following REG file (stored in a ZIP file).
> http://www.ik-cs.com/programs/virtools/WinXP-Restore_Cache_Fix.zip
>
> Extract WinXP-Restore_Cache_Fix.reg file to the desktop. Double-Click on the
.REG file to
> fix the system.
> [...]
Do I have to reboot afterward?
|
|
Posted by Sumo Wrestler (or just ate too on October 17, 2005, 1:46 am
If you were Registered and logged in, you could reply and use other advanced thread options
>
> | I have WinXP Pro, and I've recently removed malware
> | from my PC. My System Restore tab is missing.
> |
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
Thanks David for the link. I do suspect that the malware
stole my System Restore tab, and I downloaded multi_av.exe.
Earlier today, I checked my system with Spybot Search and
Destroy (found Simfraud-C, WinAntiSpyware2005), AdAware
(found Alexa), Avast! (found Win32-Trojano [I haven't
been able to find out what this does]), and AVG (found
nothing).
So it seems that I had a dirty little group on my system :)
Also, thanks for the reg file. I'm looking at it with a text
editor, and when I get the courage to install it I'll try it
out.
|
|
Posted by David H. Lipman on October 17, 2005, 2:20 am
If you were Registered and logged in, you could reply and use other advanced thread options
| Thanks David for the link. I do suspect that the malware
| stole my System Restore tab, and I downloaded multi_av.exe.
|
| Earlier today, I checked my system with Spybot Search and
| Destroy (found Simfraud-C, WinAntiSpyware2005), AdAware
| (found Alexa), Avast! (found Win32-Trojano [I haven't
| been able to find out what this does]), and AVG (found
| nothing).
|
| So it seems that I had a dirty little group on my system :)
|
| Also, thanks for the reg file. I'm looking at it with a text
| editor, and when I get the courage to install it I'll try it
| out.
I wish you stated this earlier !
I have a SmitFraud Removal tool. It is very comprehensive.
I do suggest rebooting after you merge the WinXP-Restore_Cache_Fix.reg file.
After you run the following, you do NOT need to run the McAfee module in the
Multi AV
Scanning Tool as it would be redundant.
Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe
Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close
NOTE: You may have to disable your software FireWall or allow FTP.EXE to go
through your
FireWall to enable FTP.EXE to download the needed McAfee related files.
Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }
A final report in HTML format called C:\mcafee\ScanReport.HTML will be
generated. At the end
of the scan, it will be displayed in your browser (Opera, FireFox or Internet
Explorer). It
is suggested that you move the report out of c:\mcafee before performing another
scan. It
would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of
the HTML
report for each session.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
| Similar Threads | Posted | | System Restore and malware. | January 4, 2006, 11:20 am |
| SYSTEM RESTORE BAGLE WORM | November 12, 2005, 8:11 pm |
| Attack by Unknowns and Defunct Norton AV and System Restore | November 8, 2007, 9:36 am |
| Am I missing something? | October 9, 2006, 9:18 am |
| avg missing .bin | September 2, 2008, 4:22 am |
| McAfee EPO Missing Man! | June 4, 2006, 10:42 am |
| AVG: .bin file is missing | January 5, 2009, 11:38 pm |
| Virus in restore file | September 30, 2007, 8:29 am |
| least system hog recommendation? | January 26, 2006, 8:50 am |
| OT: System utilities | August 23, 2006, 12:15 pm |
|
XML site map