Guest E. T. Posted October 29, 2008 Posted October 29, 2008 On June 15th, my ZAP log mentions some: OSFW,2008/06/15,11:04:32 -7:00 GMT,UNKNOWN(0),Microsoft Windows Malicious Software Removal Tool,C:\WINDOWS\system32\MRT.exe,PROCESS,OPENPROCESS,DST,\SystemRoot\System32\smss.exe I realise it now, looking into my ZAP logs file. Later in the summer this line multiplied dozens of times in the log and I realize that too now, but before, I started having ZAP alerts, the violet ones saying Generic Host Program for win32 services is trying to act as a server and red alerts saying LSA Shell Export Version is trying to communicate with C:\Windows\system32\Zonelabs\UpdClient.exe by opening its process, application Isass.exe. among other things. I always denied them but did not find the time to check this problem. I have lots of problems in my p/c's function and today I tried to restore before this date (June 16th) basically in order to avoid those alerts and eventual trojan provoking them but I cannot restore before August (when I press the left arrow of restore system calendar being in August it does not function to lead me to July). Why is that? Tks for immediate response.
Guest M.I.5¾ Posted October 29, 2008 Posted October 29, 2008 Re: Cannot restore before August "E. T." <ET@discussions.microsoft.com> wrote in message news:02C675AF-8B33-4B64-B744-D7F40856379B@microsoft.com... > On June 15th, my ZAP log mentions some: > OSFW,2008/06/15,11:04:32 -7:00 GMT,UNKNOWN(0),Microsoft Windows Malicious > Software Removal > Tool,C:\WINDOWS\system32\MRT.exe,PROCESS,OPENPROCESS,DST,\SystemRoot\System32\smss.exe > I realise it now, looking into my ZAP logs file. > > Later in the summer this line multiplied dozens of times in the log and I > realize that too now, but before, I started having ZAP alerts, the violet > ones saying > Generic Host Program for win32 services is trying to act as a server > and red alerts saying > LSA Shell Export Version is trying to communicate with > C:\Windows\system32\Zonelabs\UpdClient.exe by opening its process, > application Isass.exe. > among other things. > I always denied them but did not find the time to check this problem. > I have lots of problems in my p/c's function and today I tried to restore > before this date (June 16th) basically in order to avoid those alerts and > eventual trojan provoking them but I cannot restore before August (when I > press the left arrow of restore system calendar being in August it does > not > function to lead me to July). > Why is that? Restore only keeps a limited number of restore points. As new ones are created the older ones are deleted. The reason you cannot get into July is that there are no restore points available prior to August. You can increase the space available for restore points but this won't solve your current problem
Guest Mick Murphy Posted October 29, 2008 Posted October 29, 2008 RE: Cannot restore before August Download, install, update and scan your System with Malwarebytes, and Spybot Search & Destroy. Do it in Safe mode if necessary, and do it with your Anti-virus as well, while in Safe Mode.. All info below. http://www.spybot.info/en/index.html Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program. Download, install, update, and immunize your System with it. Then SCAN with it. Update it, and scan your System once a fortnight. http://www.malwarebytes.org/mbam.php Malwarebytes is as the name says, a Malware Remover! For the Free version scroll down their page to either download from Download.com, or Major Geeks.com Download, install, and update. Important re: Safe Mode If you happen to find a problem that you can’t uninstall / delete, reboot the computer, and go into Safe Mode. To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode from list of options, then hit ENTER. RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D while in Safe Mode. -- Mad Mike "E. T." wrote: > On June 15th, my ZAP log mentions some: > OSFW,2008/06/15,11:04:32 -7:00 GMT,UNKNOWN(0),Microsoft Windows Malicious > Software Removal > Tool,C:\WINDOWS\system32\MRT.exe,PROCESS,OPENPROCESS,DST,\SystemRoot\System32\smss.exe > I realise it now, looking into my ZAP logs file. > > Later in the summer this line multiplied dozens of times in the log and I > realize that too now, but before, I started having ZAP alerts, the violet > ones saying > Generic Host Program for win32 services is trying to act as a server > and red alerts saying > LSA Shell Export Version is trying to communicate with > C:\Windows\system32\Zonelabs\UpdClient.exe by opening its process, > application Isass.exe. > among other things. > I always denied them but did not find the time to check this problem. > I have lots of problems in my p/c's function and today I tried to restore > before this date (June 16th) basically in order to avoid those alerts and > eventual trojan provoking them but I cannot restore before August (when I > press the left arrow of restore system calendar being in August it does not > function to lead me to July). > Why is that? > Tks for immediate response. >
Guest PA Bear [MS MVP] Posted October 29, 2008 Posted October 29, 2008 Re: Cannot restore before August Even if you had an earlier Restore Point available, using it prolly wouldn't address your problems. Unexplained computer behavior may be caused by deceptive software http://support.microsoft.com/kb/827315 Run a /thorough/ check for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/page2.html#Removing_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in conjunction with some other utilities). HijackThis will NOT fix anything on its own, but it will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, http://forums.spybot.info/forumdisplay.php?f=22, http://aumha.net/viewforum.php?f=30, or another appropriate forum for review by an expert in such matters, not here.** If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ E. T. wrote: > On June 15th, my ZAP log mentions some: > OSFW,2008/06/15,11:04:32 -7:00 GMT,UNKNOWN(0),Microsoft Windows Malicious > Software Removal > Tool,C:\WINDOWS\system32\MRT.exe,PROCESS,OPENPROCESS,DST,\SystemRoot\System32\smss.exe > I realise it now, looking into my ZAP logs file. > > Later in the summer this line multiplied dozens of times in the log and I > realize that too now, but before, I started having ZAP alerts, the violet > ones saying > Generic Host Program for win32 services is trying to act as a server > and red alerts saying > LSA Shell Export Version is trying to communicate with > C:\Windows\system32\Zonelabs\UpdClient.exe by opening its process, > application Isass.exe. > among other things. > I always denied them but did not find the time to check this problem. > I have lots of problems in my p/c's function and today I tried to restore > before this date (June 16th) basically in order to avoid those alerts and > eventual trojan provoking them but I cannot restore before August (when I > press the left arrow of restore system calendar being in August it does > not > function to lead me to July). > Why is that? > Tks for immediate response.
Recommended Posts