TechSpot

Virus in Restore

By confused001
Jul 1, 2006
  1. My zone alarm has detected viruses in my C: restore folder, and it cannot treat it. Anyone have any ideas/tools on how to solve this?
    Thanks
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You will need to turn off system restore. This will delete all your restore points and anything nasty that`s living there.

    Then, boot into safe mode and do a complete scan with your antivirus programme and delete whatever it finds.

    Reboot into normal mode and turn system restore back on.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Once you have done that, go HERE and follow the instructions exactly.

    Post a fresh HJT log as a .txt attachment into this thread, only after doing the above.

    Regards Howard :)
     
  3. confused001

    confused001 TS Rookie Topic Starter Posts: 135

    Am i to download all that sh*t in step 3?
    Or do i just download hjt and post the log from there?
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You can just post a HJT log if you want, but don`t be surprised if I send you back to those instructions lol.

    Regards Howard :)
     
  5. confused001

    confused001 TS Rookie Topic Starter Posts: 135

    Here's all my logs.
    I did not do all of step 3, all I did was do the HJT part. fyi.
    Thanks.
     
  6. confused001

    confused001 TS Rookie Topic Starter Posts: 135

    here's hjt log
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html


    Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=search&LC=0409
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=search&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409



    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_ansi.cab
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    Click on the fix checked button.

    Close HJT.


    Reboot into normal mode and turn system restore back on.


    Regards Howard :)
     
  8. confused001

    confused001 TS Rookie Topic Starter Posts: 135

    Why fix these?
    What happens when i fix these?
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You should fix those entries because they are unecessary. You really don`t need all that presario crap.

    The missing file entries are no longer working and should therefore be fixed.

    The 016-DPF entries are ActiveX controls. Fixing them is a good idea. If any are needed they will come back.

    Regards Howard :)
     
  10. confused001

    confused001 TS Rookie Topic Starter Posts: 135

    Will the internet work after removing any necessary entries? :suspiciou
    For I have not done this before. :)
    How many percent sure are you?
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You can deffinitely fix those entries.

    Your internet will still work I guarantee it 100%.

    The only thing you may have to do is set a new home page in IE.

    Regards Howard :)
     
  12. confused001

    confused001 TS Rookie Topic Starter Posts: 135

    Finally!
    I did it!
    Here's the hjt log.
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Well done, your HJT log is clean.

    Regards Howard :)
     
  14. confused001

    confused001 TS Rookie Topic Starter Posts: 135

    Thanks a lot man!
    No more viruses. :unch:
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I forgot to mention, you are running an old version of Internet Explorer.

    Run Windows updates asap.

    Regards Howard :)
     
  16. confused001

    confused001 TS Rookie Topic Starter Posts: 135

    Why should i update my IE? I don't think windows supports my version anymore, I have windows ME on that computer.
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Because your version of IE is out of date and therefore is a security risk. It may even have contributed to your systems infections.

    If you run the Windows updates, you will find out if you have any security fixes missing.

    Of course you could always download and use Firefox. It`s a hell of a lot more secure than IE.

    You can get it HERE.

    Regards Howard :)
     
  18. confused001

    confused001 TS Rookie Topic Starter Posts: 135

    Ok, I will take that into seggestion.
    Thanks for helping me. :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...