Can Zlob be removed by using a restore point?

[nass]

Then you way is a clean install, don't hang about for more experments unless
you want to do so!
Step-By-Step Windows XP: Installation
http://www.microsoft.com/windowsxp/using/setup/winxp/install.mspx
Step-By-Step Windows Vista: Installation
http://www.w-tweaks.com/html/windows_vista_setup__step_by_s.html

HTH,
nass

 

[rod]

Thank you for your continued support.

Look, I honestly don't know how it occurred,
but my computer seems stable and there have been no further
pop up screens, I feel I have actually nailed the bugger.

I used Rootkit revealer, unhackme, hijack this, along with others,
and pcbutts , I followed the advice to the letter and it seems shot.

The only thing I feel left to do, is to follow "Spycachers" advice
and cleanse my "restore folder" and make a new restore point.

Thanks to everybody, this thing is a real nasty, AFAIK I got it when
executing a Codec exe, for a supposed clip upgrade.
I wont be going anywhere near those again thank you.

You fellas (and lady) do a great job.
Rodney

 

[David H. Lipman]

From: "rod" <[email protected]>


| Thank you for your continued support.

| Look, I honestly don't know how it occurred,
| but my computer seems stable and there have been no further
| pop up screens, I feel I have actually nailed the bugger.

| I used Rootkit revealer, unhackme, hijack this, along with others,
| and pcbutts , I followed the advice to the letter and it seems shot.

| The only thing I feel left to do, is to follow "Spycachers" advice
| and cleanse my "restore folder" and make a new restore point.

| Thanks to everybody, this thing is a real nasty, AFAIK I got it when
| executing a Codec exe, for a supposed clip upgrade.
| I wont be going anywhere near those again thank you.

| You fellas (and lady) do a great job.
| Rodney


The fact that you could NOT perform a restoration from a system Restore point even in Safe
mode and the fact that you still note problems goes back to what I previously posted.
That is post to an Expert Forum or wipe the PC and reinstall the OS.

As for Butts software. It is plagiarized and stitched software that uses simple
constructs to delete files and registry entries. Its ability to remove malware that
integrates malware into the OS is poor at best. Since it is plagiarized Butts has no
comprehension of its abilities and disabilities. If you allow it to install a etc/hosts
file it will also BLOCK legitimate anti malware sites.

I'll post this one last time in case you are willing to work at removing the malware and
in fixing any problems created by the malware.


Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Then post the contents of the HJT log in your post in one of the below expert forums...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

 

[rod]

Thanks David, understood.

 

[David H. Lipman]

From: "rod" <[email protected]>

| Thanks David, understood.

YW and Good Luck !

 

[Plato]

you cant remove trojans/viruses using system restore

 

[rod]

OK. thanks

you cant remove trojans/viruses using system restore

 

[David H. Lipman]

From: "Plato" <|@|.|>

| rod wrote:

| you cant remove trojans/viruses using system restore


That is a misleading statement.

It is not a black and white issue. There are greay areas.

While there are some viruses like Parite and Virut that can not be removed via a
restoration from a System Restore point, there are others such as email borne viruses that
can.

Likewise with trojans.
A RootKit or strongly embedded one can not be removed via a restoration from a System
Restore point, but a simple Dialer or BHO can.

 

[DrTeeth]

OK. thanks

Yes you can! Any files will not be deleted BUT the crap that autoloads
it **will**l be gone. The virus/trojan will not be active and will not
reinitialise. You can then delete their files.
--

Cheers,

DrT

** Stress - the condition brought about by having to
** resist the temptation to beat the living daylights
** out of someone who richly deserves it.

 

[Alias]

From: "Plato" <|@|.|>

| rod wrote:

| you cant remove trojans/viruses using system restore


That is a misleading statement.

It is not a black and white issue. There are greay areas.

While there are some viruses like Parite and Virut that can not be removed via a
restoration from a System Restore point, there are others such as email borne viruses that
can.

Likewise with trojans.
A RootKit or strongly embedded one can not be removed via a restoration from a System
Restore point, but a simple Dialer or BHO can.

First thing I do when cleaning an XP box is to disable system restore to
flush out anything that might be lurking there.

Alias

 

[DrTeeth]

First thing I do when cleaning an XP box is to disable system restore to
flush out anything that might be lurking there.

Why? Nothing can get out unless you let it.
--

Cheers,

DrT

** Stress - the condition brought about by having to
** resist the temptation to beat the living daylights
** out of someone who richly deserves it.

 

[David H. Lipman]

From: "Alias" <[email protected]>


| First thing I do when cleaning an XP box is to disable system restore to
| flush out anything that might be lurking there.

| Alias

I used to recommend that approach.

However, through communication with peers and experience, I no longer suggest this as a
first approach.

The reason is the System Restore is a valuable fall-back position.

If you remove malware and the OS becomes unstable or somehow corrupted, you can restore
the PC to its previous (albeit infected) condition and then change the motive operandi in
cleaning the system. After thorough examination and cleansing of the PC and you are
greatly assured the system is clean and operating in a stable manner, then dump the System
Restore cache. Reboot re-enable and then create a clean new restore point.

 

[Alias]

Why? Nothing can get out unless you let it.

Yeah, sure, keep telling yourself that.

Alias

 

[Alias]

From: "Alias" <[email protected]>


| First thing I do when cleaning an XP box is to disable system restore to
| flush out anything that might be lurking there.

| Alias

I used to recommend that approach.

However, through communication with peers and experience, I no longer suggest this as a
first approach.

The reason is the System Restore is a valuable fall-back position.

If you remove malware and the OS becomes unstable or somehow corrupted, you can restore
the PC to its previous (albeit infected) condition and then change the motive operandi in
cleaning the system. After thorough examination and cleansing of the PC and you are
greatly assured the system is clean and operating in a stable manner, then dump the System
Restore cache. Reboot re-enable and then create a clean new restore point.

If it gets to that point, I stop chasing ghosts and reinstall XP.

Alias

 

[David H. Lipman]

From: "Alias" <[email protected]>

| If it gets to that point, I stop chasing ghosts and reinstall XP.

| Alias

Well there is always the Cost-Benefit Analysis (CBA).

However, the point is...
Dumping the System restore cache should be the last item on the list, not the first.

 

[DrTeeth]

Yeah, sure, keep telling yourself that.

Instead of being sarcastic and infantile, why not post a like so that
I can be proven wrong and actually learn something?
--

Cheers,

DrT

** Stress - the condition brought about by having to
** resist the temptation to beat the living daylights
** out of someone who richly deserves it.

 

[Alias]

From: "Alias" <[email protected]>

| If it gets to that point, I stop chasing ghosts and reinstall XP.

| Alias

Well there is always the Cost-Benefit Analysis (CBA).

However, the point is...
Dumping the System restore cache should be the last item on the list, not the first.

Right. That way the blue meanies can keep raising their ugly heads out
of SR even though you've nuked them in Normal, Safe Mode or a boot scan.

Alias

 

[Alias]

Instead of being sarcastic and infantile, why not post a like so that
I can be proven wrong and actually learn something?

How does one post "a like"?

You can take my word for it or not. I am not going to do your research
for you and I don't really care if you believe me or not.

Alias

 

[Onsokumaru]

From: "Alias" <[email protected]>

| If it gets to that point, I stop chasing ghosts and reinstall XP.

| Alias

Well there is always the Cost-Benefit Analysis (CBA).

And that would be to restore from the last known good backup that would take
maybe an hour, (depending on machine specs of course).

 

[David H. Lipman]

From: "Alias" <[email protected]>



| Right. That way the blue meanies can keep raising their ugly heads out
| of SR even though you've nuked them in Normal, Safe Mode or a boot scan.

| Alias

Nope, not true. The System Restore cache is akin to a quarantine.

Please provide any facts (i.e., URLs) to any malware that actually runs from the System
Restore cache.