John Mead said:
I was hit with a Trojan that got by my anti-spyware and virus systems
(don't ask me how).
That's actually pretty common.
I've managed to get my system running again, but my IE is seriously having
problems (ver 6).
What exactly are the problems? Do they persist after clearing out
temporary files, as listed below?
I tried to perform a restore, but the system keeps saying it can't do it
(no error code/explanation).
OK, so here are my questions:
1) Can I "restore" my restore function, and if not -
The function itself probably works, but it sounds like the restore points
are invalid, corrupt and/or infected.
2) Can I delete all my restore points?
Yes. Simply turn off System Restore on the drives, and the restore points
will be deleted.
If your system has been infected, and the restore points are also infected,
this is the thing to do.
System restore isn't a backup system.
3) Can I "fix" my IE (I'm not sure I need to fix my XP Pro)?
First, clear *all* the temporary file folders. Use ccleaner for an easy
way to do this -
www.ccleaner.com
Use this regularly. Notice the Recycle Bin extension: right click on the
Recycle Bin, and choose Run Ccleaner. This will do the work without
running the window. Very fast, easy to do, inobtrusive. After you
install ccleaner, open it and examine the options, then run it. I suggest
using all the options the first time, which will also remove all cookies.
It's not unusual for it to take a while the first time; it can find hundreds
of megabytes of temporary files.
You must run it for each account to get everything.
Second, reduce the cache size in IE. By default, it is often very large.
Next, examine the Browser Helpers - in IE, go to Tools, Manage Add-ons.
This can help you identify BHO's that you don't want or need.
Once you've done this, HijackThis can be an extremely helpful tool. Note
that it is an advanced tool, and you will need to spend some time
interpreting the results. Google is your great friend in this. Use both
the Web and Groups sections.
4) Does ANYONE have any suggestions?
Run a command window (start, run, CMD) and in the Windows and
windows\system32 folders, type dir /ah. This shows only files marked as
hidden. There are a fair number of files that *should* be there and marked
as hidden, but if you see ones that look like the names have been randomly
generated, it's a good clue that malicious debris is still on your system.
Always do google searches, both on the Web and Groups sections, for
filenames before you take any further action. Also, in Explorer, turn on
the view of all files, and locate the file you've found. Right-click on it
and choose Properties. Generally, Microsoft files will list details and
have Microsoft as the author. Malware generally does not.
To get rid of such files - and you must be sure that you know what you're
doing and why - you change the file attributes to not hidden or system, with
this command:
attrib <filename> -as -ah
Then, you can attempt to delete that specific file. Often, you can't
because it is in use, which means that something malicious is still running
(or that it is, in fact, a legitimate system file in use). To actually
delete such a file, you must reboot in Safe Mode.
You may find that a repair install is necessary in the end, but note that it
will remove all service packs and updates, and will not remove malicious
extra files. So, try to do that last.
HTH
-pk