My machine is infected with AntiVirXP08. McAfee Antivirus was unable to
remove it. I've read that this virus can make it impossible to install other
virus removal tools.



It appears that the virus also deleted all my system restore points.
However, I have some system state backups made using the MS Backup Utility
on an external hard drive. The MS Win XP guidebook describes it as making
"copies of your registry hives".



What are registry hives? Would it be reasonable to try to restore a recent
system state backup using the backup utility under these circumstances? What
other parts of the system might need to be restored separately?
(MSCONFIG/Startup, etc.). How is the system state backup different from
creating a restore point?



I appreciate all guidance and references to explanatory material.



Bobbi

Registry hives control virtually every aspect of your operating system. From
the hardware that's installed, per user and machine wide settings.
Restoring to a completely infection free set of registry hives can be of
help, but you may lose functionality if hardware drivers were changed since
then, and there are always other startup vectors, such as the Startup folder
in the Start Menu for malware to execute.

Your best bets are:

1) Boot the computer in Safe Mode to run your malware removal tools. Safe
Mode stops the vast majority of exploitable startup vectors from executing,
so most malware won't be running.

2) In conjunction with step 1, locate a good anti-virus/malware package
that doesn't require installation (can be run from a single command prompt)
to clean your system.

3) Use offline tools such as Bart's PE or Ultimate Boot CD to boot your
system. Then you can still access tools like Regedit and various
anti-virus/malware tools that can be added as add-ins to clean your system
of infections.

4) Back up your data that you can't afford to lose, format and start over,
ensuring that you have reputable anti-virus/malware tools installed, as well
as the use of either the built-in XP firewall, all security patches to date
and that you practice "safe hex". Simply put, make damned sure you know
what a file does, where it came from and scan it before you even think about
runnig it.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart
Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Bobbi" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>
>
> My machine is infected with AntiVirXP08. McAfee Antivirus was unable to
> remove it. I've read that this virus can make it impossible to install
> other virus removal tools.
>
>
>
> It appears that the virus also deleted all my system restore points.
> However, I have some system state backups made using the MS Backup Utility
> on an external hard drive. The MS Win XP guidebook describes it as making
> "copies of your registry hives".
>
>
>
> What are registry hives? Would it be reasonable to try to restore a recent
> system state backup using the backup utility under these circumstances?
> What other parts of the system might need to be restored separately?
> (MSCONFIG/Startup, etc.). How is the system state backup different from
> creating a restore point?
>
>
>
> I appreciate all guidance and references to explanatory material.
>
>
>
> Bobbi
>
>

<Bobbi>wrote:
> My machine is infected with AntiVirXP08. McAfee Antivirus was unable
> to remove it. I've read that this virus can make it impossible to
> install other virus removal tools.
>
> It appears that the virus also deleted all my system restore points.
> However, I have some system state backups made using the MS Backup
> Utility on an external hard drive. The MS Win XP guidebook describes
> it as making "copies of your registry hives".
>
> What are registry hives? Would it be reasonable to try to restore a
> recent system state backup using the backup utility under these
> circumstances? What other parts of the system might need to be
> restored separately? (MSCONFIG/Startup, etc.). How is the system
> state backup different from creating a restore point?
>
> I appreciate all guidance and references to explanatory material.
>
> Bobbi

Download and install then run Malwarebytes' Anti-Malware application:
http://www.malwarebytes.org/products.php

--
Regards, Yokenny
Change is inevitable except from a vending machine.

Looks like option #4. My hard drive letters have disappeared from "My
Computer", all of my restore points were reset, catastrophic failure error
when I try to do a backup, blah, blah, blah. As I take my medicine, how can I
save my entire set of drivers? I have a backup I performed a couple of weeks
ago. I backed up the drivers folder under dell. Is that enough to save all
the device drivers? Is the free AGP, spybot, ad-aware and XP software enough
to protect me (when I don't go stupid and open the app myself)?
Thanks for your time.

Tim
--
Don''t get fooled again?


"Doug Knox - [MS-MVP]" wrote:

> Registry hives control virtually every aspect of your operating system. From
> the hardware that's installed, per user and machine wide settings.
> Restoring to a completely infection free set of registry hives can be of
> help, but you may lose functionality if hardware drivers were changed since
> then, and there are always other startup vectors, such as the Startup folder
> in the Start Menu for malware to execute.
>
> Your best bets are:
>
> 1) Boot the computer in Safe Mode to run your malware removal tools. Safe
> Mode stops the vast majority of exploitable startup vectors from executing,
> so most malware won't be running.
>
> 2) In conjunction with step 1, locate a good anti-virus/malware package
> that doesn't require installation (can be run from a single command prompt)
> to clean your system.
>
> 3) Use offline tools such as Bart's PE or Ultimate Boot CD to boot your
> system. Then you can still access tools like Regedit and various
> anti-virus/malware tools that can be added as add-ins to clean your system
> of infections.
>
> 4) Back up your data that you can't afford to lose, format and start over,
> ensuring that you have reputable anti-virus/malware tools installed, as well
> as the use of either the built-in XP firewall, all security patches to date
> and that you practice "safe hex". Simply put, make damned sure you know
> what a file does, where it came from and scan it before you even think about
> runnig it.
>
> --
> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart
> Display\Security
> Win 95/98/Me/XP Tweaks and Fixes
> http://www.dougknox.com
> --------------------------------
> Per user Group Policy Restrictions for XP Home and XP Pro
> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
> --------------------------------
> Please reply only to the newsgroup so all may benefit.
> Unsolicited e-mail is not answered.
>
> "Bobbi" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> >
> >
> > My machine is infected with AntiVirXP08. McAfee Antivirus was unable to
> > remove it. I've read that this virus can make it impossible to install
> > other virus removal tools.
> >
> >
> >
> > It appears that the virus also deleted all my system restore points.
> > However, I have some system state backups made using the MS Backup Utility
> > on an external hard drive. The MS Win XP guidebook describes it as making
> > "copies of your registry hives".
> >
> >
> >
> > What are registry hives? Would it be reasonable to try to restore a recent
> > system state backup using the backup utility under these circumstances?
> > What other parts of the system might need to be restored separately?
> > (MSCONFIG/Startup, etc.). How is the system state backup different from
> > creating a restore point?
> >
> >
> >
> > I appreciate all guidance and references to explanatory material.
> >
> >
> >
> > Bobbi
> >
> >
>

If you mean AVG for the antivirus, then that combination should be ok. Just
make sure you're religious about updating them. As for the drivers, as long
as you know they're the right ones for you hardware, then you should be ok,
but if you're restoring your system from the Recovery partition or a
Recovery CD/DVD then they should already be installed when you restore your
system.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart
Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Timmy T" <(E-Mail Removed)> wrote in message
news:C59E119F-99C5-4DF2-AC05-(E-Mail Removed)...
> Looks like option #4. My hard drive letters have disappeared from "My
> Computer", all of my restore points were reset, catastrophic failure error
> when I try to do a backup, blah, blah, blah. As I take my medicine, how
> can I
> save my entire set of drivers? I have a backup I performed a couple of
> weeks
> ago. I backed up the drivers folder under dell. Is that enough to save all
> the device drivers? Is the free AGP, spybot, ad-aware and XP software
> enough
> to protect me (when I don't go stupid and open the app myself)?
> Thanks for your time.
>
> Tim
> --
> Don''t get fooled again?
>
>
> "Doug Knox - [MS-MVP]" wrote:
>
>> Registry hives control virtually every aspect of your operating system.
>> From
>> the hardware that's installed, per user and machine wide settings.
>> Restoring to a completely infection free set of registry hives can be of
>> help, but you may lose functionality if hardware drivers were changed
>> since
>> then, and there are always other startup vectors, such as the Startup
>> folder
>> in the Start Menu for malware to execute.
>>
>> Your best bets are:
>>
>> 1) Boot the computer in Safe Mode to run your malware removal tools.
>> Safe
>> Mode stops the vast majority of exploitable startup vectors from
>> executing,
>> so most malware won't be running.
>>
>> 2) In conjunction with step 1, locate a good anti-virus/malware package
>> that doesn't require installation (can be run from a single command
>> prompt)
>> to clean your system.
>>
>> 3) Use offline tools such as Bart's PE or Ultimate Boot CD to boot your
>> system. Then you can still access tools like Regedit and various
>> anti-virus/malware tools that can be added as add-ins to clean your
>> system
>> of infections.
>>
>> 4) Back up your data that you can't afford to lose, format and start
>> over,
>> ensuring that you have reputable anti-virus/malware tools installed, as
>> well
>> as the use of either the built-in XP firewall, all security patches to
>> date
>> and that you practice "safe hex". Simply put, make damned sure you know
>> what a file does, where it came from and scan it before you even think
>> about
>> runnig it.
>>
>> --
>> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart
>> Display\Security
>> Win 95/98/Me/XP Tweaks and Fixes
>> http://www.dougknox.com
>> --------------------------------
>> Per user Group Policy Restrictions for XP Home and XP Pro
>> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> --------------------------------
>> Please reply only to the newsgroup so all may benefit.
>> Unsolicited e-mail is not answered.
>>
>> "Bobbi" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>> >
>> >
>> > My machine is infected with AntiVirXP08. McAfee Antivirus was unable to
>> > remove it. I've read that this virus can make it impossible to install
>> > other virus removal tools.
>> >
>> >
>> >
>> > It appears that the virus also deleted all my system restore points.
>> > However, I have some system state backups made using the MS Backup
>> > Utility
>> > on an external hard drive. The MS Win XP guidebook describes it as
>> > making
>> > "copies of your registry hives".
>> >
>> >
>> >
>> > What are registry hives? Would it be reasonable to try to restore a
>> > recent
>> > system state backup using the backup utility under these circumstances?
>> > What other parts of the system might need to be restored separately?
>> > (MSCONFIG/Startup, etc.). How is the system state backup different from
>> > creating a restore point?
>> >
>> >
>> >
>> > I appreciate all guidance and references to explanatory material.
>> >
>> >
>> >
>> > Bobbi
>> >
>> >
>>

Thanks, Doug

I'm confident that there have been no system changes since my last backup.
But I'd like to know about the other "startup vectors". I could try
unchecking startup items using Run | MSConfig | Startup tab. I can also
seach folders in Program Files and manually delete them. Can you think of
other manual changes I can make? Are there KB articles on this subject?

PC Magazine highly recommends Spyware Doctor for thoroughness of virus
removal, but I don't know if it can be downloaded and run without
installing.

McAfee offers some agent-assisted and/or agent-direct remote virus removal.
The most expensive option if $89, where the victim is on the phone with the
agent and the agent remotely takes control of the computer and removes
viruses. Have you heard of any good or bad reports of this service?

Bobbi Gold





"Doug Knox - [MS-MVP]" <(E-Mail Removed)> wrote in message
news:627D0594-8A02-45E0-B37E-(E-Mail Removed)...
> Registry hives control virtually every aspect of your operating system.
> From the hardware that's installed, per user and machine wide settings.
> Restoring to a completely infection free set of registry hives can be of
> help, but you may lose functionality if hardware drivers were changed
> since then, and there are always other startup vectors, such as the
> Startup folder in the Start Menu for malware to execute.
>
> Your best bets are:
>
> 1) Boot the computer in Safe Mode to run your malware removal tools. Safe
> Mode stops the vast majority of exploitable startup vectors from
> executing, so most malware won't be running.
>
> 2) In conjunction with step 1, locate a good anti-virus/malware package
> that doesn't require installation (can be run from a single command
> prompt) to clean your system.
>
> 3) Use offline tools such as Bart's PE or Ultimate Boot CD to boot your
> system. Then you can still access tools like Regedit and various
> anti-virus/malware tools that can be added as add-ins to clean your system
> of infections.
>
> 4) Back up your data that you can't afford to lose, format and start
> over, ensuring that you have reputable anti-virus/malware tools installed,
> as well as the use of either the built-in XP firewall, all security
> patches to date and that you practice "safe hex". Simply put, make damned
> sure you know what a file does, where it came from and scan it before you
> even think about runnig it.
>
> --
> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart
> Display\Security
> Win 95/98/Me/XP Tweaks and Fixes
> http://www.dougknox.com
> --------------------------------
> Per user Group Policy Restrictions for XP Home and XP Pro
> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
> --------------------------------
> Please reply only to the newsgroup so all may benefit.
> Unsolicited e-mail is not answered.
>
> "Bobbi" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>>
>>
>> My machine is infected with AntiVirXP08. McAfee Antivirus was unable to
>> remove it. I've read that this virus can make it impossible to install
>> other virus removal tools.
>>
>>
>>
>> It appears that the virus also deleted all my system restore points.
>> However, I have some system state backups made using the MS Backup
>> Utility on an external hard drive. The MS Win XP guidebook describes it
>> as making "copies of your registry hives".
>>
>>
>>
>> What are registry hives? Would it be reasonable to try to restore a
>> recent system state backup using the backup utility under these
>> circumstances? What other parts of the system might need to be restored
>> separately? (MSCONFIG/Startup, etc.). How is the system state backup
>> different from creating a restore point?
>>
>>
>>
>> I appreciate all guidance and references to explanatory material.
>>
>>
>>
>> Bobbi
>>
>>
>

No one utility or combinaton of utilities is going to fix this.

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://aumha.net/viewforum.php?f=30,
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Bobbi wrote:
> My machine is infected with AntiVirXP08. McAfee Antivirus was unable to
> remove it. I've read that this virus can make it impossible to install
> other
> virus removal tools.
>
>
>
> It appears that the virus also deleted all my system restore points.
> However, I have some system state backups made using the MS Backup Utility
> on an external hard drive. The MS Win XP guidebook describes it as making
> "copies of your registry hives".
>
>
>
> What are registry hives? Would it be reasonable to try to restore a recent
> system state backup using the backup utility under these circumstances?
> What
> other parts of the system might need to be restored separately?
> (MSCONFIG/Startup, etc.). How is the system state backup different from
> creating a restore point?
>
>
>
> I appreciate all guidance and references to explanatory material.
>
>
>
> Bobbi