XP Pro system restore blocked by malware

[Online Traveller]

I inadvertently left my anti-virus disabled the other day on my Windows XP
Pro computer and downloaded malware from a web page. This malware installed
itself on my PC without my permission.

I was able to remove most of it by running the anti-virus scanner with XP in
safe mode.

However one file is particularly stubborn and will not be removed.

So I restarted in safe mode and attempted to do a System Restore to an
earlier point prior to my malware infection.

I restarted in safe mode and logged in as Administrator however the restore
continues to fail. It seems like a portion of the malware loads even in
safe mode and interferes with the System Restore function.

My question: how can I boot XP Pro system into safe mode to run the system
restore successfully? Can I do it from the (writeprotected) XP setup discs
or an XP start up disc? I would just like to restore the system back to the
state of last Thursday I got this problem this morning around 7 am and
this has turned out to be a rather long and tiring day

Thanks a lot

 

[Harry Ohrn]

You might be able to run System Restore before Safe Mode completely loads by
using the following:
1 Re-boot your PC
2 As the PC is booting up keep tapping the F8 button
3 When the Option Menu appears on screen select the Safe Mode with Command
prompt option
4 At the safe mode command prompt type:
%systemroot%\System32\restore\rstrui.exe
5 System Restore will now open and you can choose the relevant restore point

 

[Online Traveller]

Thanks for your suggestion but it didn't work. I used your method and
systematically tried every restore point I had. I went right back to April
1st

I keep getting Restoration Incomplete.

I really don't want to re-install XP as I'm so busy right now. Having to
reinstall XP now and all my programs would really be a great hardship for me
at this point, but I guess that is what the virus writers do only hope for


Is there any way around this?

Thanks a lot

PS:

The folder causing me all this heartache is in the windows folder and the
name of it is isrvs. My anti-virus program says to delete it but I refuses
to be deleted. The two dll files that refuse to leave my life are
mfiltis.dll and clientax.dll. This is bad and very virulent stuff, it would
appear.

You might be able to run System Restore before Safe Mode completely loads by
using the following:
1 Re-boot your PC
2 As the PC is booting up keep tapping the F8 button
3 When the Option Menu appears on screen select the Safe Mode with Command
prompt option
4 At the safe mode command prompt type:
%systemroot%\System32\restore\rstrui.exe
5 System Restore will now open and you can choose the relevant restore point

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp

I inadvertently left my anti-virus disabled the other day on my Windows XP
Pro computer and downloaded malware from a web page. This malware
installed
itself on my PC without my permission.

I was able to remove most of it by running the anti-virus scanner with XP
in
safe mode.

However one file is particularly stubborn and will not be removed.

So I restarted in safe mode and attempted to do a System Restore to an
earlier point prior to my malware infection.

I restarted in safe mode and logged in as Administrator however the
restore
continues to fail. It seems like a portion of the malware loads even in
safe mode and interferes with the System Restore function.

My question: how can I boot XP Pro system into safe mode to run the
system
restore successfully? Can I do it from the (writeprotected) XP setup
discs
or an XP start up disc? I would just like to restore the system back to
the
state of last Thursday I got this problem this morning around 7 am and
this has turned out to be a rather long and tiring day

Thanks a lot

 

[Shenan Stanley]

Thanks for your suggestion but it didn't work. I used your method and
systematically tried every restore point I had. I went right back to
April 1st

I keep getting Restoration Incomplete.

I really don't want to re-install XP as I'm so busy right now.
Having to reinstall XP now and all my programs would really be a
great hardship for me at this point, but I guess that is what the
virus writers do only hope for

Is there any way around this?

Thanks a lot

PS:

The folder causing me all this heartache is in the windows folder and
the name of it is isrvs. My anti-virus program says to delete it but
I refuses to be deleted. The two dll files that refuse to leave my
life are mfiltis.dll and clientax.dll. This is bad and very virulent
stuff, it would appear.

Use HijackThis to remove it.

 

[Mike Hall \(MS-MVP\)]

Some nasties prevent System Restore from running properly.. others allow
System Restore to complete only because they have embedded into SR ready to
propagate at the first available opportunity..

You would do well to remove all restore points..

--
Mike Hall
MVP - Windows Shell/user

Thanks for your suggestion but it didn't work. I used your method and
systematically tried every restore point I had. I went right back to
April
1st

I keep getting Restoration Incomplete.

I really don't want to re-install XP as I'm so busy right now. Having to
reinstall XP now and all my programs would really be a great hardship for
me
at this point, but I guess that is what the virus writers do only hope for


Is there any way around this?

Thanks a lot

PS:

The folder causing me all this heartache is in the windows folder and the
name of it is isrvs. My anti-virus program says to delete it but I
refuses
to be deleted. The two dll files that refuse to leave my life are
mfiltis.dll and clientax.dll. This is bad and very virulent stuff, it
would
appear.

You might be able to run System Restore before Safe Mode completely loads by
using the following:
1 Re-boot your PC
2 As the PC is booting up keep tapping the F8 button
3 When the Option Menu appears on screen select the Safe Mode with
Command
prompt option
4 At the safe mode command prompt type:
%systemroot%\System32\restore\rstrui.exe
5 System Restore will now open and you can choose the relevant restore point

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp

I inadvertently left my anti-virus disabled the other day on my Windows XP
Pro computer and downloaded malware from a web page. This malware
installed
itself on my PC without my permission.

I was able to remove most of it by running the anti-virus scanner with XP
in
safe mode.

However one file is particularly stubborn and will not be removed.

So I restarted in safe mode and attempted to do a System Restore to an
earlier point prior to my malware infection.

I restarted in safe mode and logged in as Administrator however the
restore
continues to fail. It seems like a portion of the malware loads even
in
safe mode and interferes with the System Restore function.

My question: how can I boot XP Pro system into safe mode to run the
system
restore successfully? Can I do it from the (writeprotected) XP setup
discs
or an XP start up disc? I would just like to restore the system back
to
the
state of last Thursday I got this problem this morning around 7 am and
this has turned out to be a rather long and tiring day

Thanks a lot

 

[Harry Ohrn]

Unfortunately once System Restore points are corrupt there is no way to
repair them. You may wish to visit one of the sites dedicated to removal of
spyware/malware and the likes. An excellent resource is found here
http://aumha.org/win5/a/parasite.htm Jim Eshelman also has a forum which
really should be helpful to you
http://aumha.net/viewforum.php?f=28&sid=af5cda8b56e8f372951fcc1c73ba5e1b

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp

Thanks for your suggestion but it didn't work. I used your method and
systematically tried every restore point I had. I went right back to
April
1st

I keep getting Restoration Incomplete.

I really don't want to re-install XP as I'm so busy right now. Having to
reinstall XP now and all my programs would really be a great hardship for
me
at this point, but I guess that is what the virus writers do only hope for


Is there any way around this?

Thanks a lot

PS:

The folder causing me all this heartache is in the windows folder and the
name of it is isrvs. My anti-virus program says to delete it but I
refuses
to be deleted. The two dll files that refuse to leave my life are
mfiltis.dll and clientax.dll. This is bad and very virulent stuff, it
would
appear.

You might be able to run System Restore before Safe Mode completely loads by
using the following:
1 Re-boot your PC
2 As the PC is booting up keep tapping the F8 button
3 When the Option Menu appears on screen select the Safe Mode with
Command
prompt option
4 At the safe mode command prompt type:
%systemroot%\System32\restore\rstrui.exe
5 System Restore will now open and you can choose the relevant restore point

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp

I inadvertently left my anti-virus disabled the other day on my Windows XP
Pro computer and downloaded malware from a web page. This malware
installed
itself on my PC without my permission.

I was able to remove most of it by running the anti-virus scanner with XP
in
safe mode.

However one file is particularly stubborn and will not be removed.

So I restarted in safe mode and attempted to do a System Restore to an
earlier point prior to my malware infection.

I restarted in safe mode and logged in as Administrator however the
restore
continues to fail. It seems like a portion of the malware loads even
in
safe mode and interferes with the System Restore function.

My question: how can I boot XP Pro system into safe mode to run the
system
restore successfully? Can I do it from the (writeprotected) XP setup
discs
or an XP start up disc? I would just like to restore the system back
to
the
state of last Thursday I got this problem this morning around 7 am and
this has turned out to be a rather long and tiring day

Thanks a lot

 

[Online Traveller]

Thank you very much for your help, I do appreciate it I will
investigate those links.

Unfortunately once System Restore points are corrupt there is no way to
repair them. You may wish to visit one of the sites dedicated to removal of
spyware/malware and the likes. An excellent resource is found here
http://aumha.org/win5/a/parasite.htm Jim Eshelman also has a forum which
really should be helpful to you
http://aumha.net/viewforum.php?f=28&sid=af5cda8b56e8f372951fcc1c73ba5e1b

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp

Thanks for your suggestion but it didn't work. I used your method and
systematically tried every restore point I had. I went right back to
April
1st

I keep getting Restoration Incomplete.

I really don't want to re-install XP as I'm so busy right now. Having to
reinstall XP now and all my programs would really be a great hardship for
me
at this point, but I guess that is what the virus writers do only hope for


Is there any way around this?

Thanks a lot

PS:

The folder causing me all this heartache is in the windows folder and the
name of it is isrvs. My anti-virus program says to delete it but I
refuses
to be deleted. The two dll files that refuse to leave my life are
mfiltis.dll and clientax.dll. This is bad and very virulent stuff, it
would
appear.

You might be able to run System Restore before Safe Mode completely

loads
by

using the following:
1 Re-boot your PC
2 As the PC is booting up keep tapping the F8 button
3 When the Option Menu appears on screen select the Safe Mode with
Command
prompt option
4 At the safe mode command prompt type:
%systemroot%\System32\restore\rstrui.exe
5 System Restore will now open and you can choose the relevant restore point

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp


I inadvertently left my anti-virus disabled the other day on my

Windows
XP

Pro computer and downloaded malware from a web page. This malware
installed
itself on my PC without my permission.

I was able to remove most of it by running the anti-virus scanner

with
XP

in
safe mode.

However one file is particularly stubborn and will not be removed.

So I restarted in safe mode and attempted to do a System Restore to an
earlier point prior to my malware infection.

I restarted in safe mode and logged in as Administrator however the
restore
continues to fail. It seems like a portion of the malware loads even
in
safe mode and interferes with the System Restore function.

My question: how can I boot XP Pro system into safe mode to run the
system
restore successfully? Can I do it from the (writeprotected) XP setup
discs
or an XP start up disc? I would just like to restore the system back
to
the
state of last Thursday I got this problem this morning around 7

am
and

this has turned out to be a rather long and tiring day

Thanks a lot

 

[Harry Ohrn]

You're welcome and good luck.

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp

Thank you very much for your help, I do appreciate it I will
investigate those links.

Unfortunately once System Restore points are corrupt there is no way to
repair them. You may wish to visit one of the sites dedicated to removal of
spyware/malware and the likes. An excellent resource is found here
http://aumha.org/win5/a/parasite.htm Jim Eshelman also has a forum which
really should be helpful to you
http://aumha.net/viewforum.php?f=28&sid=af5cda8b56e8f372951fcc1c73ba5e1b

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp

Thanks for your suggestion but it didn't work. I used your method and
systematically tried every restore point I had. I went right back to
April
1st

I keep getting Restoration Incomplete.

I really don't want to re-install XP as I'm so busy right now. Having to
reinstall XP now and all my programs would really be a great hardship for
me
at this point, but I guess that is what the virus writers do only hope for


Is there any way around this?

Thanks a lot

PS:

The folder causing me all this heartache is in the windows folder and the
name of it is isrvs. My anti-virus program says to delete it but I
refuses
to be deleted. The two dll files that refuse to leave my life are
mfiltis.dll and clientax.dll. This is bad and very virulent stuff, it
would
appear.




You might be able to run System Restore before Safe Mode completely loads
by
using the following:
1 Re-boot your PC
2 As the PC is booting up keep tapping the F8 button
3 When the Option Menu appears on screen select the Safe Mode with
Command
prompt option
4 At the safe mode command prompt type:
%systemroot%\System32\restore\rstrui.exe
5 System Restore will now open and you can choose the relevant restore
point

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp


I inadvertently left my anti-virus disabled the other day on my Windows
XP
Pro computer and downloaded malware from a web page. This malware
installed
itself on my PC without my permission.

I was able to remove most of it by running the anti-virus scanner with
XP
in
safe mode.

However one file is particularly stubborn and will not be removed.

So I restarted in safe mode and attempted to do a System Restore to an
earlier point prior to my malware infection.

I restarted in safe mode and logged in as Administrator however the
restore
continues to fail. It seems like a portion of the malware loads
even
in
safe mode and interferes with the System Restore function.

My question: how can I boot XP Pro system into safe mode to run the
system
restore successfully? Can I do it from the (writeprotected) XP
setup
discs
or an XP start up disc? I would just like to restore the system
back
to
the
state of last Thursday I got this problem this morning around 7 am
and
this has turned out to be a rather long and tiring day

Thanks a lot

 

[Online Traveller]

Thanks again for the links to the spyware removal tools. I was able to
remove everything in this trojan infestation but not paytime.exe and
clientax.dll Adware 180 Search so these 2 files appear to be the most
virulent pests

If anyone has any experience removing these two criters, please share your
experience with me

When I right click paytime.exe and choose scan with Norton anti-virus Norton
anti-virus doesn't seem to know that this is a virus file. My virus
definitions are up-to-date. Then when I do a full system scan Norton
anti-virus tells me it needs to delete clientax.dll so I choose to delete it
within Norton and Norton then says file delete failed.

The path to clientax.dll is "c:\Windows\Downloaded Program Files" however
this dll file is not visible in that folder when I open the folder.

So I'm thinking my next step should be to highlight the
"c:\!Submit\paytime.exe" file in the Killbox program and check "delete on
reboot" and also check "end explorer shell while killing file". I'm hoping
this will do the trick. Does this sound reasonable?

Thanks a lot

You're welcome and good luck.

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp

Thank you very much for your help, I do appreciate it I will
investigate those links.

Unfortunately once System Restore points are corrupt there is no way to
repair them. You may wish to visit one of the sites dedicated to

removal
of

spyware/malware and the likes. An excellent resource is found here
http://aumha.org/win5/a/parasite.htm Jim Eshelman also has a forum which
really should be helpful to you
http://aumha.net/viewforum.php?f=28&sid=af5cda8b56e8f372951fcc1c73ba5e1b

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp


Thanks for your suggestion but it didn't work. I used your method and
systematically tried every restore point I had. I went right back to
April
1st

I keep getting Restoration Incomplete.

I really don't want to re-install XP as I'm so busy right now.

Having
to

reinstall XP now and all my programs would really be a great hardship for
me
at this point, but I guess that is what the virus writers do only

hope
for

Is there any way around this?

Thanks a lot

PS:

The folder causing me all this heartache is in the windows folder and the
name of it is isrvs. My anti-virus program says to delete it but I
refuses
to be deleted. The two dll files that refuse to leave my life are
mfiltis.dll and clientax.dll. This is bad and very virulent stuff, it
would
appear.




You might be able to run System Restore before Safe Mode completely loads
by
using the following:
1 Re-boot your PC
2 As the PC is booting up keep tapping the F8 button
3 When the Option Menu appears on screen select the Safe Mode with
Command
prompt option
4 At the safe mode command prompt type:
%systemroot%\System32\restore\rstrui.exe
5 System Restore will now open and you can choose the relevant restore
point

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp


I inadvertently left my anti-virus disabled the other day on my Windows
XP
Pro computer and downloaded malware from a web page. This malware
installed
itself on my PC without my permission.

I was able to remove most of it by running the anti-virus scanner with
XP
in
safe mode.

However one file is particularly stubborn and will not be removed.

So I restarted in safe mode and attempted to do a System Restore

to
an

earlier point prior to my malware infection.

I restarted in safe mode and logged in as Administrator however the
restore
continues to fail. It seems like a portion of the malware loads
even
in
safe mode and interferes with the System Restore function.

My question: how can I boot XP Pro system into safe mode to run the
system
restore successfully? Can I do it from the (writeprotected) XP
setup
discs
or an XP start up disc? I would just like to restore the system
back
to
the
state of last Thursday I got this problem this morning around

7
am

and
this has turned out to be a rather long and tiring day

Thanks a lot