Odd virus and system restore

Dell Latitude d600
May 22, 2009 at 10:31:24
Specs: Microsoft Windows XP Home Edition, 1.694 GHz / 1023 MB
Hi There. I'm pretty sure i have a virus as several strange things have happened on my machine in the past week. I cannot find it runnng in memory using task manager so i decided to do a system restore. Problem is, it won't lt me run it. I get to the screne where I've selected my restore point etc and I press "next" and nothing happens. I've looked at the manual system restore using a Boot CD and recovery console but i cannot find my WIN XP CD.
Does anyone know a command line for system restore in command prompt only mode, or a command line I can type in to "RUN" that will bypass the interface defaults?
Many thanks
Dave.

See More: Odd virus and system restore

Report •


#1
May 22, 2009 at 10:43:51
Please follow these steps:

Download and run Kaspersky AVP tool:

http://devbuilds.kaspersky-labs.com...

Once you download and start the tool select all the objects/places to be scanned and hit Scan. Fix what it detects and at the end of the scan post screen shot/log of detected items that is fixed and which it could not fix.

--------------------------------------------
To Private Message me Click Here


Report •

#2
May 22, 2009 at 10:48:20
Thanks, I tried housecall and Mcafee free scans and they came up with nothing. is this the best new free scanner now? Housecall used to be recommended by this site.
Many thanks
Dave

Report •

#3
May 22, 2009 at 11:03:48
It found this pretty quickly, which the other programs did not find.
not found: Trojan program Packed.Win32.Tdss.f File: globalroot\systemroot\system32\UACutxtrvplfstenwv.dll

It's still scanning.

Hoping there are no more results.

Cheers.

Dave.


Report •

Related Solutions

#4
May 25, 2009 at 08:34:16
Hi there. After a few days of observation, it's pretty clear the virus is still here.
I'm still interested in anyone knows how o use system restore from a command line and whether there are any options for this like a forced startup of it that restores the computer to it's original state etc.
Cheers
Dave.

Report •

#5
May 25, 2009 at 08:40:45
Don't do system restore virus might be in your restore files and then you will have to format. I will help you remove it follow these direction. Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again.

1) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

3) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.

Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

--------------------------------------------
To Private Message me Click Here


Report •

#6
May 25, 2009 at 09:31:19
Thanks for the reply.
Seems like a lot of personal data to be handing over to anyone in this scan. The files created have a lot of details about the computer and ports etc...
Hmmmm, not sure about all that. Not clear about what this proggie is doing
Cheers
Dave.

Report •

#7
May 25, 2009 at 09:42:49
Its legitimate program and equivalent of hijackthis log. If you want you can private message it to me or format and reinstall OS if you are that paranoid about it.

--------------------------------------------
To Private Message me Click Here


Report •

#8
May 25, 2009 at 10:38:06
Follow these steps in Order.

1) Run this script in AVZ like before. Your computer will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\02766569.sys','');
 DeleteFile('C:\WINDOWS\system32\DRIVERS\02766569.sys');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

2) Attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.

PS: you can private message me download link to the log.

--------------------------------------------
To Private Message me Click Here


Report •

#9
May 25, 2009 at 14:24:21
Problem solved. Your combofix log is clean in addition you might also want to turn of system restore and do through system scan with bitdefender/eset online scanner to remove residual files.

--------------------------------------------
To Private Message me Click Here


Report •

#10
May 25, 2009 at 14:30:05
Yep, very good cleaning system. I did a rechack and all fine.
So I should get rid of the old system restore files. Manually or using that util? Do I find it by google etc?
Dave.

Report •

#11
May 25, 2009 at 14:33:40
For system restore: http://support.kaspersky.com/faq/?q... You can delete AVZ if you like now.

--------------------------------------------
To Private Message me Click Here


Report •

#12
May 25, 2009 at 14:37:30
Yes, I turnd it off and all the files have gone. Just "MountPointManagerRemoteDatabase" left. is that done? or do i need a util?

Report •

#13
May 25, 2009 at 15:00:25
It should be done. Don't worry about "MountPointManagerRemoteDatabase".

--------------------------------------------
To Private Message me Click Here


Report •

#14
May 25, 2009 at 15:30:04
No, I knew that was a proper windows system file. Just thought I needed to delete everything.
Many thanks aagain
Dave.

Report •


Ask Question