Problems with system restore failure after trojan attack.

[Guest]

Greetings wise ones, I recently was struck by a trojan downloader, small.26,
and about 4 other variations, 6,9,17. I am finally clean of those, but my
recurring nightnare is, after completing a scan in safe mode with system
restore turned off I returned to my computer/properties/system restore, as I
was uncheckling the tickbox /turnoff system restore, the screen jumped and
the system restore tab disappeared, this is exactly what took place. and now
on the properties screen, there is no tab for system restore, All the files
for restore points also disappeared in system volume info, system volume info
is empty!!! I have tried start ing from admin tools/system/systemrestore
start, and the loading dialog comes on and then an error message, COULD NOT
START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS IS DENIED.
This is not a registry group policy/disable access denial. I have been
there, I have also loaded the complete set of registry keys for system
restore from Kellys Korner, tweaks etc.
I have also attempted to start from a command prompt, nothing, I know this
all sounds like the opening scene from an outer limits episode, or Doony
Darko, and I need help, is there any way to reload the system restore snap
in, complete??? help and thanks,
Munka

 

[Guest]

Greetings wise ones, I recently was struck by a trojan downloader, small.26,
and about 4 other variations, 6,9,17. I am finally clean of those, but my
recurring nightnare is, after completing a scan in safe mode with system
restore turned off I returned to my computer/properties/system restore, as I
was uncheckling the tickbox /turnoff system restore, the screen jumped and
the system restore tab disappeared, this is exactly what took place. and now
on the properties screen, there is no tab for system restore, All the files
for restore points also disappeared in system volume info, system volume info
is empty!!! I have tried start ing from admin tools/system/systemrestore
start, and the loading dialog comes on and then an error message, COULD NOT
START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS IS DENIED.
This is not a registry group policy/disable access denial. I have been
there, I have also loaded the complete set of registry keys for system
restore from Kellys Korner, tweaks etc.
I have also attempted to start from a command prompt, nothing, I know this
all sounds like the opening scene from an outer limits episode, or Doony
Darko, and I need help, is there any way to reload the system restore snap
in, complete??? help and thanks, I forgot to metion I have also tried to copy across the core filed and I get a error message: ERROR IN ADVPACK.DLL

MISSING ENTRY : LAUNCH INFSECTIONC:\WINDOWS\INF\SR.INF.

 

[Ramesh, MS-MVP]

The rundll32.exe parameters are case-sensitive. Use this exactly:

"rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf"

 

[Guest]

Hi Ramesh, yes I tried as you said, and got this error message error could
not locate INF file C:\windows \inf\sr, Munka

 

[Ramesh, MS-MVP]

C:\windows \inf\sr

C:\windows\inf\sr.inf

If you have Windows installed in any other drive than C:\, alter the path
accordingly.

 

[Guest]

I only have 1 drive C:\, I do however have a second partition with linux
loaded, would that make a differance?

 

[Ramesh, MS-MVP]

Have you tried the command exactly as given?

"rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf"

 

[Guest]

Let me be clear, that file is copied across from the installation cd or is
existing on
C:\ because I get a type the path dialog, so I went ahead and copied across,
sr.sys, file from the cd, Hmm I had already tried that only described through
a different context on a tip from Aumha forum and it didnt work, I will
however reboot and come back in 5, meanwhile thankyou for your patience

 

[Guest]

Hi Ramesh, still no sys restore tab and the error message again when triying
to start from admin tools, I should also mention I did a repair upgrade
about a week ago, thinking naively that that would resolve this issue, it
didnt!

 

[Guest]

Although I only used this function (sys restore) mabe twice in five years, I
still wish to have it functional again, otherwise the bad guys win. I
appreciate your help Ramesh. Munka

 

[WTC]

Greetings wise ones, I recently was struck by a trojan downloader,
small.26,
and about 4 other variations, 6,9,17. I am finally clean of those, but
my
recurring nightnare is, after completing a scan in safe mode with
system
restore turned off I returned to my computer/properties/system
restore, as I
was uncheckling the tickbox /turnoff system restore, the screen jumped
and
the system restore tab disappeared, this is exactly what took place.
and now
on the properties screen, there is no tab for system restore, All the
files
for restore points also disappeared in system volume info, system
volume info
is empty!!! I have tried start ing from admin
tools/system/systemrestore
start, and the loading dialog comes on and then an error message,
COULD NOT
START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS IS
DENIED.
This is not a registry group policy/disable access denial. I have been
there, I have also loaded the complete set of registry keys for system
restore from Kellys Korner, tweaks etc.
I have also attempted to start from a command prompt, nothing, I know
this
all sounds like the opening scene from an outer limits episode, or
Doony
Darko, and I need help, is there any way to reload the system restore
snap
in, complete??? help and thanks,
Munka

Do me a favour and scan the registry for "DisableSR" without the quotes.
I have seen this DWord in other policy settings in the registry.

 

[Guest]

Hi William, thanks for responding, and sorry for the delayed response (I had
to sleep) Until I reloaded all registry keys, (from Kellys Korner) related to
system restore that dword was not present on my system and on a tip from
AumHa, I set them to delete, so it is not a group policy denial. Munka

 

[Guest]

Well I now have a restore point in System volume info folder, there were none
before, that folder was emty, maybe when I reloaded the core system files
from the cd, but system restore still comes up with a error 5 message as
above. and still no system restore tab on the system properties screen, I
will try a reboot and return soon.

 

[WTC]

Hi William, thanks for responding, and sorry for the delayed response
(I had
to sleep) Until I reloaded all registry keys, (from Kellys Korner)
related to
system restore that dword was not present on my system and on a tip
from
AumHa, I set them to delete, so it is not a group policy denial.
Munka

Worth a try.

Have you tried to reinstall System Restore? I don't know if Ramesh is
going this route. If you want to try then go to the Start>Run and type

inf

The "inf" folder should open, once open locate "sr.inf". Highlight
"sr.inf" and right-click and select install.

 

[Guest]

Yes I did the install again, also with Ramesh, and rebooted, still will not
start, same error message, nothing. Munka

 

[Guest]

When I run "C:\WINDOWS\system32\Restore\rstrui.exe" I get the error
message, "System restore not able to protect your computer, please restart
your computer and then run system restore again." Of course I do that and get
the same message. Hmmm, I wish to persue this issue, and now I need to go
offline foe a coulple of hours, any assistance gets a warm reception.
Thanks Munka

 

[Guest]

I have also tryed " C:\WINDOWS\system32\Restore\rstrui.exe " and get the
message, " System restore is not able to protect your computer, Please
restart your computer and run system restore again." Which I did and had no
sucess,
I would appreciate any support on this matter.

 

[Guest]

Whoops sorry abou the duplicate post. Munka

:

 

[Guest]

Well it looks like I either live without system restore or I do a clean
install.

 

[Ramesh, MS-MVP]

Hi Munka,

For the error "COULD NOT START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER
ERROR:5 ACCESS IS DENIED.", one of the previous posts by [MS] techs tells to
check the Permissions for the System Volume Information folder. Make sure
that the SYSTEM account has Full Permissions for this folder.

You can try purging the contents using this way:
http://windowsxp.mvps.org/resetsr.htm