Guest Bobbi Posted July 13, 2008 Posted July 13, 2008 My machine is infected with AntiVirXP08. McAfee Antivirus was unable to remove it. I've read that this virus can make it impossible to install other virus removal tools. It appears that the virus also deleted all my system restore points. However, I have some system state backups made using the MS Backup Utility on an external hard drive. The MS Win XP guidebook describes it as making "copies of your registry hives". What are registry hives? Would it be reasonable to try to restore a recent system state backup using the backup utility under these circumstances? What other parts of the system might need to be restored separately? (MSCONFIG/Startup, etc.). How is the system state backup different from creating a restore point? I appreciate all guidance and references to explanatory material. Bobbi
Guest Doug Knox - [MS-MVP] Posted July 13, 2008 Posted July 13, 2008 Re: AntiVirXP08 Registry hives control virtually every aspect of your operating system. From the hardware that's installed, per user and machine wide settings. Restoring to a completely infection free set of registry hives can be of help, but you may lose functionality if hardware drivers were changed since then, and there are always other startup vectors, such as the Startup folder in the Start Menu for malware to execute. Your best bets are: 1) Boot the computer in Safe Mode to run your malware removal tools. Safe Mode stops the vast majority of exploitable startup vectors from executing, so most malware won't be running. 2) In conjunction with step 1, locate a good anti-virus/malware package that doesn't require installation (can be run from a single command prompt) to clean your system. 3) Use offline tools such as Bart's PE or Ultimate Boot CD to boot your system. Then you can still access tools like Regedit and various anti-virus/malware tools that can be added as add-ins to clean your system of infections. 4) Back up your data that you can't afford to lose, format and start over, ensuring that you have reputable anti-virus/malware tools installed, as well as the use of either the built-in XP firewall, all security patches to date and that you practice "safe hex". Simply put, make damned sure you know what a file does, where it came from and scan it before you even think about runnig it. -- Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security Win 95/98/Me/XP Tweaks and Fixes http://www.dougknox.com -------------------------------- Per user Group Policy Restrictions for XP Home and XP Pro http://www.dougknox.com/xp/utils/xp_securityconsole.htm -------------------------------- Please reply only to the newsgroup so all may benefit. Unsolicited e-mail is not answered. "Bobbi" <bobbi@example.invalid> wrote in message news:%23gojLaK5IHA.2064@TK2MSFTNGP02.phx.gbl... > > > My machine is infected with AntiVirXP08. McAfee Antivirus was unable to > remove it. I've read that this virus can make it impossible to install > other virus removal tools. > > > > It appears that the virus also deleted all my system restore points. > However, I have some system state backups made using the MS Backup Utility > on an external hard drive. The MS Win XP guidebook describes it as making > "copies of your registry hives". > > > > What are registry hives? Would it be reasonable to try to restore a recent > system state backup using the backup utility under these circumstances? > What other parts of the system might need to be restored separately? > (MSCONFIG/Startup, etc.). How is the system state backup different from > creating a restore point? > > > > I appreciate all guidance and references to explanatory material. > > > > Bobbi > >
Guest YoKenny Posted July 13, 2008 Posted July 13, 2008 Re: AntiVirXP08 <Bobbi>wrote: > My machine is infected with AntiVirXP08. McAfee Antivirus was unable > to remove it. I've read that this virus can make it impossible to > install other virus removal tools. > > It appears that the virus also deleted all my system restore points. > However, I have some system state backups made using the MS Backup > Utility on an external hard drive. The MS Win XP guidebook describes > it as making "copies of your registry hives". > > What are registry hives? Would it be reasonable to try to restore a > recent system state backup using the backup utility under these > circumstances? What other parts of the system might need to be > restored separately? (MSCONFIG/Startup, etc.). How is the system > state backup different from creating a restore point? > > I appreciate all guidance and references to explanatory material. > > Bobbi Download and install then run Malwarebytes' Anti-Malware application: http://www.malwarebytes.org/products.php -- Regards, Yokenny Change is inevitable except from a vending machine.
Guest Timmy T Posted July 13, 2008 Posted July 13, 2008 Re: AntiVirXP08 Looks like option #4. My hard drive letters have disappeared from "My Computer", all of my restore points were reset, catastrophic failure error when I try to do a backup, blah, blah, blah. As I take my medicine, how can I save my entire set of drivers? I have a backup I performed a couple of weeks ago. I backed up the drivers folder under dell. Is that enough to save all the device drivers? Is the free AGP, spybot, ad-aware and XP software enough to protect me (when I don't go stupid and open the app myself)? Thanks for your time. Tim -- Don''t get fooled again? "Doug Knox - [MS-MVP]" wrote: > Registry hives control virtually every aspect of your operating system. From > the hardware that's installed, per user and machine wide settings. > Restoring to a completely infection free set of registry hives can be of > help, but you may lose functionality if hardware drivers were changed since > then, and there are always other startup vectors, such as the Startup folder > in the Start Menu for malware to execute. > > Your best bets are: > > 1) Boot the computer in Safe Mode to run your malware removal tools. Safe > Mode stops the vast majority of exploitable startup vectors from executing, > so most malware won't be running. > > 2) In conjunction with step 1, locate a good anti-virus/malware package > that doesn't require installation (can be run from a single command prompt) > to clean your system. > > 3) Use offline tools such as Bart's PE or Ultimate Boot CD to boot your > system. Then you can still access tools like Regedit and various > anti-virus/malware tools that can be added as add-ins to clean your system > of infections. > > 4) Back up your data that you can't afford to lose, format and start over, > ensuring that you have reputable anti-virus/malware tools installed, as well > as the use of either the built-in XP firewall, all security patches to date > and that you practice "safe hex". Simply put, make damned sure you know > what a file does, where it came from and scan it before you even think about > runnig it. > > -- > Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart > Display\Security > Win 95/98/Me/XP Tweaks and Fixes > http://www.dougknox.com > -------------------------------- > Per user Group Policy Restrictions for XP Home and XP Pro > http://www.dougknox.com/xp/utils/xp_securityconsole.htm > -------------------------------- > Please reply only to the newsgroup so all may benefit. > Unsolicited e-mail is not answered. > > "Bobbi" <bobbi@example.invalid> wrote in message > news:%23gojLaK5IHA.2064@TK2MSFTNGP02.phx.gbl... > > > > > > My machine is infected with AntiVirXP08. McAfee Antivirus was unable to > > remove it. I've read that this virus can make it impossible to install > > other virus removal tools. > > > > > > > > It appears that the virus also deleted all my system restore points. > > However, I have some system state backups made using the MS Backup Utility > > on an external hard drive. The MS Win XP guidebook describes it as making > > "copies of your registry hives". > > > > > > > > What are registry hives? Would it be reasonable to try to restore a recent > > system state backup using the backup utility under these circumstances? > > What other parts of the system might need to be restored separately? > > (MSCONFIG/Startup, etc.). How is the system state backup different from > > creating a restore point? > > > > > > > > I appreciate all guidance and references to explanatory material. > > > > > > > > Bobbi > > > > >
Guest Doug Knox - [MS-MVP] Posted July 13, 2008 Posted July 13, 2008 Re: AntiVirXP08 If you mean AVG for the antivirus, then that combination should be ok. Just make sure you're religious about updating them. As for the drivers, as long as you know they're the right ones for you hardware, then you should be ok, but if you're restoring your system from the Recovery partition or a Recovery CD/DVD then they should already be installed when you restore your system. -- Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security Win 95/98/Me/XP Tweaks and Fixes http://www.dougknox.com -------------------------------- Per user Group Policy Restrictions for XP Home and XP Pro http://www.dougknox.com/xp/utils/xp_securityconsole.htm -------------------------------- Please reply only to the newsgroup so all may benefit. Unsolicited e-mail is not answered. "Timmy T" <TimmyT@discussions.microsoft.com> wrote in message news:C59E119F-99C5-4DF2-AC05-148ED5F24F9A@microsoft.com... > Looks like option #4. My hard drive letters have disappeared from "My > Computer", all of my restore points were reset, catastrophic failure error > when I try to do a backup, blah, blah, blah. As I take my medicine, how > can I > save my entire set of drivers? I have a backup I performed a couple of > weeks > ago. I backed up the drivers folder under dell. Is that enough to save all > the device drivers? Is the free AGP, spybot, ad-aware and XP software > enough > to protect me (when I don't go stupid and open the app myself)? > Thanks for your time. > > Tim > -- > Don''t get fooled again? > > > "Doug Knox - [MS-MVP]" wrote: > >> Registry hives control virtually every aspect of your operating system. >> From >> the hardware that's installed, per user and machine wide settings. >> Restoring to a completely infection free set of registry hives can be of >> help, but you may lose functionality if hardware drivers were changed >> since >> then, and there are always other startup vectors, such as the Startup >> folder >> in the Start Menu for malware to execute. >> >> Your best bets are: >> >> 1) Boot the computer in Safe Mode to run your malware removal tools. >> Safe >> Mode stops the vast majority of exploitable startup vectors from >> executing, >> so most malware won't be running. >> >> 2) In conjunction with step 1, locate a good anti-virus/malware package >> that doesn't require installation (can be run from a single command >> prompt) >> to clean your system. >> >> 3) Use offline tools such as Bart's PE or Ultimate Boot CD to boot your >> system. Then you can still access tools like Regedit and various >> anti-virus/malware tools that can be added as add-ins to clean your >> system >> of infections. >> >> 4) Back up your data that you can't afford to lose, format and start >> over, >> ensuring that you have reputable anti-virus/malware tools installed, as >> well >> as the use of either the built-in XP firewall, all security patches to >> date >> and that you practice "safe hex". Simply put, make damned sure you know >> what a file does, where it came from and scan it before you even think >> about >> runnig it. >> >> -- >> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart >> Display\Security >> Win 95/98/Me/XP Tweaks and Fixes >> http://www.dougknox.com >> -------------------------------- >> Per user Group Policy Restrictions for XP Home and XP Pro >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm >> -------------------------------- >> Please reply only to the newsgroup so all may benefit. >> Unsolicited e-mail is not answered. >> >> "Bobbi" <bobbi@example.invalid> wrote in message >> news:%23gojLaK5IHA.2064@TK2MSFTNGP02.phx.gbl... >> > >> > >> > My machine is infected with AntiVirXP08. McAfee Antivirus was unable to >> > remove it. I've read that this virus can make it impossible to install >> > other virus removal tools. >> > >> > >> > >> > It appears that the virus also deleted all my system restore points. >> > However, I have some system state backups made using the MS Backup >> > Utility >> > on an external hard drive. The MS Win XP guidebook describes it as >> > making >> > "copies of your registry hives". >> > >> > >> > >> > What are registry hives? Would it be reasonable to try to restore a >> > recent >> > system state backup using the backup utility under these circumstances? >> > What other parts of the system might need to be restored separately? >> > (MSCONFIG/Startup, etc.). How is the system state backup different from >> > creating a restore point? >> > >> > >> > >> > I appreciate all guidance and references to explanatory material. >> > >> > >> > >> > Bobbi >> > >> > >>
Guest Bobbi Posted July 13, 2008 Posted July 13, 2008 Re: AntiVirXP08 Thanks, Doug I'm confident that there have been no system changes since my last backup. But I'd like to know about the other "startup vectors". I could try unchecking startup items using Run | MSConfig | Startup tab. I can also seach folders in Program Files and manually delete them. Can you think of other manual changes I can make? Are there KB articles on this subject? PC Magazine highly recommends Spyware Doctor for thoroughness of virus removal, but I don't know if it can be downloaded and run without installing. McAfee offers some agent-assisted and/or agent-direct remote virus removal. The most expensive option if $89, where the victim is on the phone with the agent and the agent remotely takes control of the computer and removes viruses. Have you heard of any good or bad reports of this service? Bobbi Gold "Doug Knox - [MS-MVP]" <dknoxNO@Spammvps.org> wrote in message news:627D0594-8A02-45E0-B37E-91A92068760F@microsoft.com... > Registry hives control virtually every aspect of your operating system. > From the hardware that's installed, per user and machine wide settings. > Restoring to a completely infection free set of registry hives can be of > help, but you may lose functionality if hardware drivers were changed > since then, and there are always other startup vectors, such as the > Startup folder in the Start Menu for malware to execute. > > Your best bets are: > > 1) Boot the computer in Safe Mode to run your malware removal tools. Safe > Mode stops the vast majority of exploitable startup vectors from > executing, so most malware won't be running. > > 2) In conjunction with step 1, locate a good anti-virus/malware package > that doesn't require installation (can be run from a single command > prompt) to clean your system. > > 3) Use offline tools such as Bart's PE or Ultimate Boot CD to boot your > system. Then you can still access tools like Regedit and various > anti-virus/malware tools that can be added as add-ins to clean your system > of infections. > > 4) Back up your data that you can't afford to lose, format and start > over, ensuring that you have reputable anti-virus/malware tools installed, > as well as the use of either the built-in XP firewall, all security > patches to date and that you practice "safe hex". Simply put, make damned > sure you know what a file does, where it came from and scan it before you > even think about runnig it. > > -- > Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart > Display\Security > Win 95/98/Me/XP Tweaks and Fixes > http://www.dougknox.com > -------------------------------- > Per user Group Policy Restrictions for XP Home and XP Pro > http://www.dougknox.com/xp/utils/xp_securityconsole.htm > -------------------------------- > Please reply only to the newsgroup so all may benefit. > Unsolicited e-mail is not answered. > > "Bobbi" <bobbi@example.invalid> wrote in message > news:%23gojLaK5IHA.2064@TK2MSFTNGP02.phx.gbl... >> >> >> My machine is infected with AntiVirXP08. McAfee Antivirus was unable to >> remove it. I've read that this virus can make it impossible to install >> other virus removal tools. >> >> >> >> It appears that the virus also deleted all my system restore points. >> However, I have some system state backups made using the MS Backup >> Utility on an external hard drive. The MS Win XP guidebook describes it >> as making "copies of your registry hives". >> >> >> >> What are registry hives? Would it be reasonable to try to restore a >> recent system state backup using the backup utility under these >> circumstances? What other parts of the system might need to be restored >> separately? (MSCONFIG/Startup, etc.). How is the system state backup >> different from creating a restore point? >> >> >> >> I appreciate all guidance and references to explanatory material. >> >> >> >> Bobbi >> >> >
Guest PA Bear [MS MVP] Posted July 14, 2008 Posted July 14, 2008 Re: AntiVirXP08 No one utility or combinaton of utilities is going to fix this. Unexplained computer behavior may be caused by deceptive software http://support.microsoft.com/kb/827315 Run a /thorough/ check for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/page2.html#Removing_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://aumha.net/viewforum.php?f=30, http://forums.spybot.info/forumdisplay.php?f=22, http://castlecops.com/forum67.html, or other appropriate forums for review by an expert in such matters, not here.** If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ Bobbi wrote: > My machine is infected with AntiVirXP08. McAfee Antivirus was unable to > remove it. I've read that this virus can make it impossible to install > other > virus removal tools. > > > > It appears that the virus also deleted all my system restore points. > However, I have some system state backups made using the MS Backup Utility > on an external hard drive. The MS Win XP guidebook describes it as making > "copies of your registry hives". > > > > What are registry hives? Would it be reasonable to try to restore a recent > system state backup using the backup utility under these circumstances? > What > other parts of the system might need to be restored separately? > (MSCONFIG/Startup, etc.). How is the system state backup different from > creating a restore point? > > > > I appreciate all guidance and references to explanatory material. > > > > Bobbi
Recommended Posts