System Restore Won't Respond

[August]

I've got some type of virus or malware infection. I ran my anti-virus unit
and it showed the virus infection but it wouldn't clear it. I tried to run
my anti-malware unit but it won't open. I then tried to use System Restore
(both within windows and from rebooting and pushing the F8 button), but it
won't respond. I appreciate any help.

 

[Gerry]

Malwarebytes' Anti-Malware
1.32 -freeware (if you upgrade you pay).
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Run Malwarebytes' in safe mode and turn off your current anti-virus
before you do to avoid a conflict. Disregard the invitation on the web
site regarding the Registry Optimiser -a Registry Optimiser is not a
helpful utility.


--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[August]

Thank you for responding Gerry. I have Malwarebytes' Anti-Malware already
installed on the computer. I rebooted in safe mode, but I still couldn't get
Malwarebytes' Anti-Malware to open.

 

[Buffalo]

Thank you for responding Gerry. I have Malwarebytes' Anti-Malware
already installed on the computer. I rebooted in safe mode, but I
still couldn't get Malwarebytes' Anti-Malware to open.

Find mbam.exe (the Malwarebytes AntiMalware executable usually under
\Program Files\ Malwarebytes) and rename it to something like 'august.exe'
or 'test.exe' or whatever you want and then try to run it again by double
left clicking on it.
Buffalo

 

[August]

Thank you Buffalo for responding. I renamed mbam.exe to test.exe and double
clicked it. It still would not open.

 

[Gerry]

August

Back up your data files, format the drive and reinstall Windows XP.

--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[August]

I was hoping I wouldn't have to do that. Any other suggestions???

 

[Gerry]

August

You might try this way to get System Restore to run.

Try System Restore -see link
http://bertk.mvps.org/html/safemode.html


--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[August]

System Restore acts the same in Safe Mode. It lets me get to the point of
initiating the action and then won't do anything.

 

[Gerry]

August

Do you have a second computer?


--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[SC Tom]

Try booting to Safe Mode with Command Prompt and type in
c:\windows\system32\restore\rstrui.exe and follow the instructions. It will
allow you to (possibly) restore when other methods may not.

SC Tom

 

[smlunatick]

System Restore acts the same in Safe Mode.  It lets me get to the pointof
initiating the action and then won't do anything.

Your system is "too far" infested. Seek a computer repair
technician. They should be able to connect your hard drive" to
another PC and then scan / clean off the malware.

 

[Elmo]

I've got some type of virus or malware infection. I ran my anti-virus unit
and it showed the virus infection but it wouldn't clear it. I tried to run
my anti-malware unit but it won't open. I then tried to use System Restore
(both within windows and from rebooting and pushing the F8 button), but it
won't respond. I appreciate any help.

Burn one of these to a CD (using a working machine) and boot the
infected machine with it:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

 

[Jose]

Thank you Buffalo for responding.  I renamed mbam.exe to test.exe and double
clicked it.  It still would not open.

What anti virus unit are you already using? It could be very
defective. You may need to uninstall it temporarily to get going or
maybe forever if it let this happen to you.

Get to a command prompt in safe mode and navigate to where your
duplicate copy of mbam.exe is.

If you can't get Start, Run, cmd to work, try Start, Run, command

In the MBAM directory type in: dir *.exe <enter> Be sure that
mbam.exe and test.exe are the same except in name.

From the CMD prompt, try to start test.exe or whatever you called the
duplicate.

If test.exe does not start, describe what does not start means (error,
comes back to command prompt, etc.). Sometimes you can see more from
the CMD window that double clicking some icon. It doesn't work is not
much to go on!

Is there anything interesting in the Windows event log after the start
attempt?

What is in the event log after you try to run rstrui.exe from the CMD
prompt? Make a copy and try that as well.

Can you download the Super Anti Spyware and try that? It is free and
update it first. You may have to rename the executable also. What
does it do from a CMD prompt?

Some malicious software will not let processes run just by their name
you see in Task Manager - mbam.exe, regedit.ext, cmd.exe, rstrui.exe,
etc. They think they know all the tricks. That is why renaming
sometimes will work enough to get you going. Try copying to something
besides test.exe. Maybe they already thought about test.exe.

If regedit.exe won't work either, let us know. Make a copy of
regedit.exe and try to run the copy and let us know if that works.

Jose

 

[August]

Thank you Jose for your response. I did try copying to something besides
test.exe and it worked! Thank you for your help.

 

[August]

Thank you to all who responded. I finally got the malwarebytes unit running
and the computer is on it's way to being rid of the infection.

 

[Gerry]

That's a good result Jose

Is there any further details on this trick!

"Some malicious software will not let processes run just by their name
you see in Task Manager - mbam.exe, regedit.ext, cmd.exe, rstrui.exe,
etc. They think they know all the tricks. That is why renaming
sometimes will work enough to get you going. Try copying to something
besides test.exe. Maybe they already thought about test.exe."


--


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Jose]

That's a good result Jose

Is there any further details on this trick!

"Some malicious software will not let processes run just by their name
you see in Task Manager - mbam.exe, regedit.ext, cmd.exe, rstrui.exe,
etc.  They think they know all the tricks.   That is why renaming
sometimes will work enough to get you going.  Try copying to something
besides test.exe.  Maybe they already thought about test.exe."

--

Gerry
 ~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

I made that up all by myself.

I learned this trick while trying to figure out how to fix the problem
of regedit(.exe) and cmd(.exe) not working. I have that down to a
science and a single post reply the next time I see somebody with that
problem. But you must be MBAM (or maybe SAS) first. No format/
reinstall, no last know good configuration, no going back to possible
already corrupted restore point, no safe mode, no boot disk, no "try
this", and thankfully no 25 posts back and forth. At least for the
problem I have become so intimate with.

To finish solving the problem above you have to get regedit working
somehow. The infestation will not allow regedit.exe or cmd.exe to
appear as a Process in Task Manager. If you copy regedit.exe to
copy.exe, copy.exe is allowed to run, so then you can then fix it for
good. I have learned that it is not smart enough to know about
command.exe (yet). regedt32.exe won't run either because it is just
regedit.exe in disguise (in XP) and that is what shows up in Task
Manager (try it) - not allowed to run!

The malicious software (I reckoned) has gotten smart enough to look
for things that might help remove it, like mbam.exe,
superantispyware.exe, cmd.exe, regedit.exe, rstrui.exe - and now I
figure it also won't let something like test.exe run either (what a
good name for a copy), but I have never tried test.exe before.

So, maybe the OP used something like august.exe for MBAM. No way it
would know about that. It doesn't seem to know about copy.exe yet
either. This is my first encounter with test.exe not working, but now
we know.