Trojan horse in restore

[Charles Swenson]

My AV seems to have trapped the trojan horse "Startpage.12.V" in the System
Volume Information\-restore{ }rp457\a0088659.exe . The AV can
recognize it but apperently can't access the folder (I can't either) to
remove it. It doesn't seem to be affecting the computer in any way
other than giving the message that the trojan is there several times a day.

I assume this is in one of my restore points and if so will it be
automatically deleted as that restore point runs out or do I need to
disable restore points reboot and reenable restore points.

Thanks

Chas

 

[Shenan Stanley]

My AV seems to have trapped the trojan horse "Startpage.12.V" in the
System Volume Information\-restore{ }rp457\a0088659.exe . The
AV can recognize it but apperently can't access the folder (I can't
either) to remove it. It doesn't seem to be affecting the
computer in any way other than giving the message that the trojan is
there several times a day.
I assume this is in one of my restore points and if so will it be
automatically deleted as that restore point runs out or do I need to
disable restore points reboot and reenable restore points.

Faster if you just disable/enable/set a manual restore point.

(This, of course, will erase any previous restore point you have.)

Turn off System Restore.
http://support.microsoft.com/?kbid=310405

Reboot.

Turn on System Restore.
http://support.microsoft.com/?kbid=310405

Make a Manual Restoration Point.
http://snipurl.com/68nx

 

[Will Denny]

Hi Chas

You will need to stop/start System Restore - this will, however, delete all
existing checkpoints:

Right click on My Computer, select Properties and then the System Restore
tab. Enable 'Turn off System Restore on all drives' and click Apply>OK.
Then reboot your PC. After that first reboot go back into System Restore,
disable 'Turn off System Restore on all drives' and click Apply>OK. Then
reboot your PC again. After this second reboot the virus would have been
deleted and you will have a newly created checkpoint.

 

[Charles Swenson]

Thanks Will and Shenen,

Kinda hate to lose those restore points, makes me feel kinda naked for a few
days , but I'd rather be free of the trojan so here goes.


Chas

 

[MowGreen [MVP]]

Charles,

As long as you do not utilize that specific restore point then the
trojan CAN NOT infect the system. If you can determine that the
date of the RP then you *may* be able to flush it by using
Disk Cleanup to delete all but the most recent ones . There is NO
need to flush the entire restore hierarchy .

If you can determine it's date and it IS an older restore point, go
to Start, Program , Accessories, System Tools, Disk Cleanup. Choose
the drive to be cleaned up, click the More Options button, then
click the Clean up button under System Restore.


MowGreen [MVP]
===============
*-343-* FDNY
Never Forgotten
===============

 

[Charles Swenson]

Thanks MowGreen for your response,

I have deleted all restore points and made a new one , but it is nice to
have the info you gave me and maybe at some point in the future it will save
me having to lose all restore points.

I see many people on here complaining about restore points , there disk
usage , and seem to think they are useless , but as far as I'm concerned it
is one of the best features ever incorporated into Windows.

Chas

 

[Husky]

It's a weighted fix. The alternative is a complete reinstall of the OS, all
programs that need reinstalling, activating everything it screws up.

vs. whatever's currently screwed up.

My last restore I had to go back an entire month to fix things. Even being a
slow month of installing new stuff, I'll probably be repairing what the restore
screwed up well into next year.

Simply because even though new programs aren't the problems, data in the past
month got written, and a restore actually moved some of that stuff and I'm
still finding it.

I would say a restore point from a month is an actual waste of time. Better to
find what the current problem is and forget about restore points altogether.

Restore points should actually be restore points ala Norton Ghost. This attempt
by M$ is just one more bug gone berserk in the M$ OS.

 

[MowGreen [MVP]]

My last restore I had to go back an entire month to fix things.

What utter nonsense.
Restore should be used for any software install that goes South.
IMMEDIATELY. To say it's a "bug gone beserk" just shows how little
you know concerning it.

The problem is the restore hierarchy is usually way too large to be
a dependable tool. Unless one is installing a huge bloated software
package ( MS Office ) than setting the hierarchy to 200MB provides a
reliable safey net for the past 3 or 4 days. And, that's all it
should be used for. It's NOT a backup program.


MowGreen [MVP]
===============
*-343-* FDNY
Never Forgotten
===============