Can't disable system restore

[Robert36]

I've got a trojan virus I'm trying to remove and I've been running McAfee and
Anti-Malware several times to try to clean it out. Everytime I restart my
computer I'll run a virus scan and everytime I have to delete about 30
detections. I've been told I need to disable my system restore feature and
run a full system scan with it disabled, and then enable it after the scan.
If I go in to disable my system restore feature I get an error message saying
"system restore is unable to protect your computer. Please restart your
computer, and then run system restore again." Is there another way I can go
about this?

 

[Malke]

I've got a trojan virus I'm trying to remove and I've been running McAfee
and
Anti-Malware several times to try to clean it out. Everytime I restart my
computer I'll run a virus scan and everytime I have to delete about 30
detections. I've been told I need to disable my system restore feature
and run a full system scan with it disabled, and then enable it after the
scan. If I go in to disable my system restore feature I get an error
message saying
"system restore is unable to protect your computer. Please restart your
computer, and then run system restore again." Is there another way I can
go about this?

It's time to either get guided help at one of the specialty forums below, or
take the machine to a competent local computer tech (not a
BigComputerStore/GeekSquad type of place) or back up your data and clean-
install Windows.

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

http://aumha.net/viewtopic.php?t=4075 - Posting FAQ
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-
f37.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7

Malke

 

[Don Phillipson]

I've got a trojan virus I'm trying to remove and I've been running McAfee and
Anti-Malware several times to try to clean it out. Everytime I restart my
computer I'll run a virus scan and everytime I have to delete about 30
detections. I've been told I need to disable my system restore feature and
run a full system scan with it disabled, and then enable it after the scan.
If I go in to disable my system restore feature I get an error message saying
"system restore is unable to protect your computer. Please restart your
computer, and then run system restore again." Is there another way I can go
about this?

Presumably you were using the Sys. Restore Wizard, which at this
point in its sequence offers only the choices
-- Restore an earlier Registry
-- Create a new set point
when what you wanted #3 = set Sys. Restore off (unavailable
by the Wizard -- which is perhaps understandable.)

System Restore also appears on one of the / Control Panel / System
panels. You may be able to turnn it off there and reboot.

Most WinXP functions are what MS calls "Services," which have
their own control window (roughly 100 items.) Each isi documented
and nearly all can be toggled on or off. You may recognize a
Service required by System Restore and turn it off, which ought
to disable System Restore.

 

[Ken Blake, MVP]

I've got a trojan virus I'm trying to remove

There's no such thing as a "trojan virus." It could either be a trojan
or a virus, but not both.

Please tell the name of whatever it is you are infected with.

and I've been running McAfee and

Unfortunately, McAfee is one of the poorest antivirus programs
available. I recommend NOD32 if you are willing to pay for one, or
Avast, if you want a free anti-virus product.

 

[Twayne]

I've got a trojan virus I'm trying to remove and I've been running
McAfee and Anti-Malware several times to try to clean it out.
Everytime I restart my computer I'll run a virus scan and everytime I
have to delete about 30 detections. I've been told I need to disable
my system restore feature and run a full system scan with it
disabled, and then enable it after the scan. If I go in to disable my
system restore feature I get an error message saying "system restore
is unable to protect your computer. Please restart your computer,
and then run system restore again." Is there another way I can go
about this?

MS has a lot of strange messages. Since that's what you want, do it.
The "not protecting" part simply means that it's not creating restore
points. Which is what you want to do - turn them off. It's a
meaningless message when that is what you want to do. <g>

Here's how I do it when I'm chasing a virus:
Go to the System Restore dialog; start; programs; accessories; system
tools; system restore.
There, in the LEFT pane you'll see "System Restore Settings" or
something like that.
Click that.
In the resulting window, tick the box in the upper area that says to
Turn Off System Restore on All Drives.

BTW, since System REstore only works on system drives, when you go back
to re-engage the restore points, you ONLY need to monitor your system
drive (usually C). There is nothing to monitor in a normal system on
other, non-system drives. SR only works on system files so it's wasted
on non-system drives.
After you re-engage the SR, create a new restore point, just to be
sure you did everything correctly. Done.

All that said, the reason to get rid of system restore points is to
prevent you from ever using an infected restore point that would bring
back the virus/trojan/worm/ whatever. It is not necessarily the reason
you keep getting it back again right now. But, it's still something
that needs to be done so go ahead with it, and then continue your
trouble-shooting.

If removing the system restore points doesn't help anything:
From the symptoms you describe, what you actually have might be a
different one than is being found. Something else may be the root of
the problem. It's "smart" enough sometimes to realize that part of it
has been removed and simply reinstalls the malware on you. You should
try looking a description of the manual fixes for the virus you found
and the details on its name at Symantec or any good AV program's web
site.

After that, come back and give as much relevent detail about what's
happening as you can, including naming any malware that it finds and
that reinstalls itself. There ARE ways to track it down.

HTH,

Twayne`

 

[Twayne]

Presumably you were using the Sys. Restore Wizard, which at this
point in its sequence offers only the choices
-- Restore an earlier Registry
-- Create a new set point
when what you wanted #3 = set Sys. Restore off (unavailable
by the Wizard -- which is perhaps understandable.)

That same window with those choices includes a Settings link which lets
you kill one or all disk restore points. Please verify things before
posting and confusing things.

HTH,

Twayne`

 

[Twayne]

There's no such thing as a "trojan virus." It could either be a trojan
or a virus, but not both.

Groan, does it really matter? BTW, there ARE some that will fit the
definitions of both.

Please tell the name of whatever it is you are infected with.




Unfortunately, McAfee is one of the poorest antivirus programs
available. I recommend NOD32 if you are willing to pay for one, or
Avast, if you want a free anti-virus product.

McAfee certainly is not one of the poorest, although not as good as they
used to be. It's silly to post opinions like that as a fact. If you
wish to spam for NOD-32, then do so but don't disguise it as a fact
because you saw some unknown reviewer somewhere say something negative
about it. Either that or back up your claim with verifiable data.
Opinions are a dime a dozen these days and of little worth, especially
when couched as facts. And Avast, IMO, is mediocre at best and slow
with catchups, based on personal experience.

HTH,

Twayne`