System Restore - system checkpoints

[shirley hogan]

My husband has an HP Computer running Windows XP SP2, AVG antivirus. I am
it's "caretaker". It was attacked by a rogue security program. I turned
system restore off while I was cleaning up the mess and back on when I was
finished. Since then, it does not create restore points (system
checkpoints) automatically.
I called a tech support person at HP and he told me that they are not
created on a regular basis, only when a change was made. That is contrary
to everything I have read and to the behaviour of my computer. Mine does it
everyday around the same time but I don't know how it knows if, and when, it
should do it.
Can anytone shed any light on this subject?

 

[Ken Blake, MVP]

On Tue, 8 Sep 2009 22:01:01 -0700, shirley hogan <shirley

My husband has an HP Computer running Windows XP SP2, AVG antivirus. I am
it's "caretaker". It was attacked by a rogue security program.

*What* "rogue security program"?

I turned
system restore off while I was cleaning up the mess

Exactly how did you clean up the mess?

and back on when I was
finished. Since then, it does not create restore points (system
checkpoints) automatically.
I called a tech support person at HP and he told me that they are not
created on a regular basis, only when a change was made. That is contrary
to everything I have read and to the behaviour of my computer. Mine does it
everyday around the same time but I don't know how it knows if, and when, it
should do it.
Can anytone shed any light on this subject?

Your "tech support person" doesn't know what he's talking about. A
restore point is normally created every day.

 

[Ǝиçεl]

Hello Shirley,

To add to Ken B's posting

If you must, then read....System Restore: frequently asked question
<http://windowshelp.microsoft.com/Windows/en-US/Help/517d3b8e-3379-46c1-b479-05b30d6fb3f01033.mspx>


Good luck

Ǝиçεl
-=-

 

[Jose]

My husband has an HP Computer running Windows XP SP2, AVG antivirus.  Iam
it's "caretaker".  It was attacked by a rogue security program.  I turned
system restore off while I was cleaning up the mess and back on when I was
finished.   Since then, it does not  create restore points (system
checkpoints) automatically.  
I called a tech support person at HP and he told me that they are not
created on a regular basis, only when a change was made.    That is contrary
to everything I have read and to the behaviour of my computer.  Mine does it
everyday around the same time but I don't know how it knows if, and when,it
should do it.  
Can anytone shed any light on this subject?

A automatic System Checkpoint hopes to be generated every 86400
seconds (24 hours), but the system must be "idle". This is a default
and changeable value (among other things).

That constitutes a regular basis, it is the default and if it is not
working, you have a problem.

Idle means, not keyboard or mouse activity, no email, no surfing, no
downloading, no virus scans - it means idle.

It is not unusual to see days (at least for me) when there is no
System Checkpoint. You turn your machine on, do your thing, turn the
machine off. No System Checkpoint that day, which makes sense - never
idle long enough.

How long is idle? I don't know the exact figure, but I have
determined for me it is about 20 minutes. If you use your computer
all day, go to lunch, come back and you will probably have a System
Checkpoint.

Some significant system change (installing/removing software) might
also trigger a RP generation, so you could have several in the day.

You could have some days with nothing, some days with no System
Checkpoint but other RPs, some days with just a single System
Checkpoint, some days with a System Checkpoint and other RPs... it
depends. But it must make sense.

The important thing is to understand it and fix it if it is broken.

Call your HP person and give him an education.

 

[Jim]

*What* "rogue security program"?




Exactly how did you clean up the mess?




Your "tech support person" doesn't know what he's talking about. A
restore point is normally created every day.

Ken , if an RP is created every day , why can only the BOLD dates be
used ?

 

[Ken Blake, MVP]

Ken , if an RP is created every day , why can only the BOLD dates be
used ?

Because the computer has to be on and not be in use for the restore
point to be created. Because that isn't always the case for everyone,
I said it "is *normally* created every day."

On days when it's not created, the date isn't bold.

 

[Jose]

Because the computer has to be on and not be in use for the restore
point to be created. Because that isn't always the case for everyone,
I said it "is *normally* created every day."

On days when it's not created, the date isn't bold.

Correct. It is possible to have a day(s) with no RP (System
Checkpoint).

XP would like to, but it may not have a chance.

 

[Ken Blake, MVP]

Correct. It is possible to have a day(s) with no RP (System
Checkpoint).

And especially for those people who turn of their computer when it's
not being used, there are typically a lot of such days.

 

[shirley hogan]

On Tue, 8 Sep 2009 22:01:01 -0700, shirley hogan <shirley



*What* "rogue security program"?




Exactly how did you clean up the mess?




Your "tech support person" doesn't know what he's talking about. A
restore point is normally created every day.

Thanks Ken. In answer to your questions,
We had PC_Antispyware2010, Nortel (not to be confused with Norton)
Anti-virus, a couple of dozen trojans - Vundo, BHO.H, Adware.Coupons,
FakeAlert.H, Agent, Downloader, Malware.Trace, PCTCFHook.dll,
Rogue.Antivirus1, Backdoor.Bot, Rogue.Adware Pro.

To clean it up, I ran Malawarebytes' Anti-Malware. Spybot, and CCleaner.
Nortel woudn't go away so I googled "how to remove Nortel Antivirus Rogue
Spyware" and followed the instructions to manually remove it. I deleted
Files wox.exe, mrgdll.exe, and NOL files. I was chicken to mess with the
registry so I waited for my son to come visit and he took care of that part
of the instructions.

It's been several days now. I still run Malawarebytes, Spybot, CCleaner, &
AVG scan every day and and nothing else has showed up. I am creating a
Restore Point manually every day.

Sorry to be so long winded.

 

[Ken Blake, MVP]

Thanks Ken.

You're welcome, but...

In answer to your questions,
We had PC_Antispyware2010, Nortel (not to be confused with Norton)
Anti-virus, a couple of dozen trojans - Vundo, BHO.H, Adware.Coupons,
FakeAlert.H, Agent, Downloader, Malware.Trace, PCTCFHook.dll,
Rogue.Antivirus1, Backdoor.Bot, Rogue.Adware Pro.

That's a lot, and includes some very bad ones. Unfortunately, the idea
that a virus, or other malware, is just a nuisance, and one that can
be eliminated by running an anti-virus program and/or an anti-spyware
program, is completely false. A virus is a piece of software designed
to do irreparable damage to your computer.

Does that mean that viruses can never be removed? No, of course not.
In practice it is often possible to remove a virus, especially if you
haven't been infected with it very long. However, you say you had
a couple of dozen infections. The more you have, the less likely it is
that they can all be properly removed, and with several, it's highly
likely that your situation was bad enough to be uncorrectable.

To clean it up, I ran Malawarebytes' Anti-Malware. Spybot, and CCleaner.
Nortel woudn't go away so I googled "how to remove Nortel Antivirus Rogue
Spyware" and followed the instructions to manually remove it. I deleted
Files wox.exe, mrgdll.exe, and NOL files. I was chicken to mess with the
registry so I waited for my son to come visit and he took care of that part
of the instructions.

It's been several days now. I still run Malawarebytes, Spybot, CCleaner, &
AVG scan every day and and nothing else has showed up. I am creating a
Restore Point manually every day.

Sorry to be so long winded.

My guess is that you are still infected and with so many and such bad
infections, you will never clean it up perfectly. You very likely need
to reinstall Windows cleanly, and that's what I advise you to do.

 

[JD]

Thanks Ken. In answer to your questions,
We had PC_Antispyware2010, Nortel (not to be confused with Norton)
Anti-virus, a couple of dozen trojans - Vundo, BHO.H, Adware.Coupons,
FakeAlert.H, Agent, Downloader, Malware.Trace, PCTCFHook.dll,
Rogue.Antivirus1, Backdoor.Bot, Rogue.Adware Pro.

To clean it up, I ran Malawarebytes' Anti-Malware. Spybot, and CCleaner.
Nortel woudn't go away so I googled "how to remove Nortel Antivirus Rogue
Spyware" and followed the instructions to manually remove it. I deleted
Files wox.exe, mrgdll.exe, and NOL files. I was chicken to mess with the
registry so I waited for my son to come visit and he took care of that part
of the instructions.

It's been several days now. I still run Malawarebytes, Spybot, CCleaner, &
AVG scan every day and and nothing else has showed up. I am creating a
Restore Point manually every day.

Sorry to be so long winded.

Better to be long winded than not tell us enough.

Run the free version of SAS:

http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

Check for updates before you run it.

Before you start over with a clean install.

And are you sure you turned system restore back on?

 

[Andy]

not totally correct some pcs are configured not to create them daily.
I have seen some that do it weekly or only when updates are installed

 

[Ken Blake, MVP]

not totally correct some pcs are configured not to create them daily.
I have seen some that do it weekly or only when updates are installed

It *is* totally correct. Please reread what I wrote. It says "A
restore point is *normally* created every day."Note the Word
"normally." Yes, there are situations when it doesn't happen every
day.

 

[Unknown]

Perhaps you should explain how to configure system restore to create a
restore point
once a week.

not totally correct some pcs are configured not to create them daily.
I have seen some that do it weekly or only when updates are installed

 

[Jose]

Perhaps you should explain how to configure system restore to create a
restore point

Do you mean to replace the 24 hour thing or in addition to the 24 hour
thing?

In this parlance, 24 hours is measured by the system uptime in
seconds, which may not be equal to one day of calendar time.

You can change the time of the automatic System Checkpoint from 86400
seconds to whatever you want, or you could set up a scheduled task to
run once a week, or every boot up (some people think this is a good
thing to do) or every 5 minutes.

Define what you want and then make it so.

 

[shirley hogan]

Thanks to all of you for your replys. I got a weird error message when I
tried to download Superantispy that one of you suggested. There was nothing
wrong with the link because I was able to successfully download it to my
computer.

But then my husband's computer went absolutely insane. I was bombarded with
popups for bogus antivirus products; all the Restore Points that I had
manually created disappeared; and disgusting icons showed up on my desktop, I
deleted them, and they came back every time I turned the computer on.
Finally I removed the wireless adapter so there would be no contact with the
internet but the popups kept coming.

To make a long story short, I did a system reocovery, (actually I did three
but who's counting.) First I did the kind that retains your data files but,
as I expected, the garbage files - including the disgusting pctures - were
still there. So I did two destructive recoveries. Now all seems well. And
I learned a few things along the way.

Thanks again.

Shirley

 

[Jose]

Thanks to all of you for your replys.   I got a weird error message when I
tried to download Superantispy that one of you suggested.  There was nothing
wrong with the link because  I was able to successfully download it to my
computer.

But then my husband's computer went absolutely insane.  I was bombardedwith
popups for bogus antivirus products; all the Restore Points that I had
manually created disappeared; and disgusting icons showed up on my desktop, I
deleted them, and they came back every time I turned the computer on.  
Finally I removed the wireless adapter so there would be no contact with the
internet but the popups kept coming.  

To make a long story short, I did a system reocovery,  (actually I did three
but who's counting.)  First I did the kind that retains your data filesbut,
as I expected, the garbage files - including the disgusting pctures - were
still there.  So I did two destructive recoveries.  Now all seems well.   And
I learned a few things along the way.  

Thanks again.

Shirley          

Those kinds of messages are from the malware. The malware does not
want you to download, run, install anything that it has been
programmed to know about that will help you remove it. Or it will
take you to sites they want you to visit, talk you into buying things.

Sometimes (often) you can outsmart it by renaming the "good" AV
installation files or executables to something like shirley.exe - it
doesn't know about shirley.exe, but it does know about the WWW sites
where malware removal tools are, recognizes file names like mbam.exe
and SUPERAntiSpyware.exe and will not let them run or keep you away
with scary messages.

That is what it does (among other things).

Just be smarter!