System restore

Status
Not open for further replies.
I had a virus yesterday and now I'm not sure if I'm clean or not I used a combo of spybot snd, spyware doctor, and Malwarebytes' Anti-Malware. I used SuperAntiSpyware Home Edition Free Version free edition but that came back clean I also used SmitfraudFix in safe mode. I have some of the logs but not all of them I can post them if you like. I tried to do a system restore to a point before a got the virus and when the pc reset it said restore incomplete no chages made. I made a restore ponit today to test, and that restore point worked. Does this mean that I'm clean and the older restore point is just corrupt?

Also I'm attaching my current system scan with hijackthis.
 

Attachments

  • hijackthis.log
    10.4 KB · Views: 12
Welcome to Techspot

Please follow my exact instructions.

1, you are infected with Viewpoint. Although its not considered bad it usually installs without your prior notice.

Download Viewpoint killer from here

Unzipp and run and follow the instructions

Then to check,
1) Right-click on the clock in your task bar and choose Task Manager
2) Click on the Processes tab and search for VIEWMGR.EXE, if its found, click on it and then click End Task to close it
3) Click on Start, Control Panel, Add/Remove Programs
4) Uninstall any of the following programs associated with Viewpoint

* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar

5) Close the Add/Remove Programs and Control Panel
6) Restart your computer


2,
Please complete the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
Post fresh Superantispyware and Malwarebytes logs.

3,
Download and run SDfix from here

Then follow the instructions HERE

Then post a reply with:
  • A FRESH hijack this log
  • Malwarebytes log
  • the SDfix log
  • Superantispyware log
 
Don't think that making a system restore will remove a virus as a virus is a or some files on your HDD and also some files are processes. So sometimes making a system restore may delete it but rarely it do. So the best way to remove virus is Antivirus software, spyware software etc...
 
some other dude, it is never a good idea to do a System Restore when there has been malware. At the end of cleaning a system, we remove all the old restore points and create a new one.

Viewpoint isn't an infection. We usually recommend it being removed however as it is considered foistware:

Update Java:
Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 11 ): http://java.com/en/download/manual.jsp
Please install it and then reboot your computer.



1. Click Start, Control Panel, Add/Remove Programs.
2. Delete all Java updates except J2SE Runtime Environment 6.0 Update 11
Update Adobe:
Your Adobe Reader is out of date. Vulnerabilities can be exploited. Click here to download the latest version v9: https://www.techspot.com/downloads/2083-adobe-reader-dc.html
OR
Install the FoxIt Reader: this does the same thing as Adobe, but doesn’t have the bloat: http://www.foxitsoftware.com/pdf/rd_intro.php
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\DNA\btdna.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:.
You system has to be running slow. You have too many programs running, too many processes loading. If you want to speed it up:

Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK everything except the Trend Micro antivirus program> Apply> OK.

Start> Run> services.msc> right click on Viewpoint Manager Service> Properties> Change the Startup type to Disabled> Stop the service

Control Panel> Add/Remove Programs> Uninstall any of the following:
Viewpoint
BtTorrent
Remove the older versions of Java:
Remove the older versions of the Adobe Reader.
Reboot the computer into Normal mode. You will get a nag message that you can ignore and close after checking 'don't show this message again.' Stay in Selective Startup.

Please update and scan with Malwarebytes, SuperAntispyware, follow with new HijackThis and attach all three logs. https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

DO NOT use System restore.
 
I turned off my system restore, and here's my new logs I haven't tried your advice yet Bobbye but I think Viewpoint is uninstalled already, and my pc doesn't seem slow to me I'm trying to make sure it's not infected, I don't feel the need to speed it up.

anyway here are the logs rev_olie asked for

I know I shouldn't double post but do these logs say if I'm I o.k, or is their still an infection lurking around that these scanners couldn't pick up. The suspense is killing me, lol.
 
Apparently the other member who was helping has gone elsewhere. Hope you don't mind- I took a few hours off to sleep!

The logs are clean.
This entry remains:
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

You have not updated Adobe as instructed.
You are still running BitTorrent

If all you care about is malware and not the overall health of your system, you're through.

Remove the cleaning tools:
* Download OTCleanIt: http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
* Click the CleanUp! button.
* It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).
Clear system restore points

* Clear your existing system restore points and establish a new clean restore point:
1. Go to Start > All Programs > Accessories > System Tools > System Restore
2. Select Create a restore point, and OK it.
3. Next, go to Start > Run and type in cleanmgr
4. Select the More options tab
5.Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
If you still have the problem with System Restore, it is likely because you don't have the available 'space':
System Restore Troubleshoot:

Q.What should I do if System Restore does not work?
A.Try these steps if System Restore does not appear to work:

1.Ensure the System Restore service is running. For more information, see: How can I verify that the System Restore services are running on my machine? (see site)

2.Verify that you have enough free space on all your drives as required by System Restore. If the free space on any partition system restore is monitoring falls below 50 MB, System Restore will suspend and purge out all restore points to free up disk space. It will automatically reactivate when 200 MB+ free space is available. For more information, see How the System Restore Tool Handles Hard-Disk Space Usage. (see site)

3.Examine event logs for any system restore-related errors that could help you identify the problem.

http://www.microsoft.com/technet/prodtechnol/winxppro/plan/faqsrwxp.mspx

Boot into Safe Mode: Start> Run> cmd> type in:
C:\Windows\system32\Restore\rstrui.exe

which is the Restore program, it will prompt with Create vs Restore and you can pick
a Restore point.
_______________
 
Hope you don't mind- I took a few hours off to sleep!

Sorry for being inpatient. Thank you for the help, as long as the malware is gone then I fine. I will uninstall Adobe Reader reader and replace it with FoxIt Reader, bittorrent is going to go as well I just haven't gotten around to it yet. Right now just want the malware to be gone. I haven't turned system restore on to test it yet but I have 163 GB of free space, so I don't think theirs a disk space problem.
 
You must have edited your post- we use the cleaning program because it will remove all the entries from the cleaning programs.

Let us know if you need any more help.
 
I did edit my post because when you were talking about removing cleaning tools I thought you meant Superantispyware and malwarebytes, but I tried OTCleanIt and now I see you meant and I see you meant things like sdfix and viewpoint killer. Well at least that's what I think it cleaned.
 
No, actually it should remove all the cleaning program you downloaded.

It's pretty spooky when I get the feedback in email and go to the board and the post if missing! That's what happened with your comment- saw it in email, but gone on the board.
 
Status
Not open for further replies.
Back