Virus Alert in System restore

[TheSlaz]

Just removed a virus from my son's computer. Went to restore the
computer from a good clean point and I noticed that all the System
Restore points are named "Virus Alert: Software Distribution service
3:00 A.M."

Concerned about the "Virus Alert" part of the description. Can I safely
restore; or is this telling me that there is a virus in the restore point?

 

[David H. Lipman]

From: "TheSlaz" <[email protected]>

| Just removed a virus from my son's computer. Went to restore the
| computer from a good clean point and I noticed that all the System
| Restore points are named "Virus Alert: Software Distribution service
3::00 A.M."

| Concerned about the "Virus Alert" part of the description. Can I safely
| restore; or is this telling me that there is a virus in the restore point?

Interesting. I'll bet you removed some malware in the form of a fake anti virus but this
was never the case of a true "virus."

Does/Did the system show "Virus Alert!" in the system tray at the clock ?
If you view/viewed a folder using; view --> details did that date & time stamp show "Virus
Alert!".

 

[TheSlaz]

You are absolutely right on. There still is a "Virus Alert" in the
system tray and the "Virus Alert" does show after the date and time stamp.
I am doing another virus scan as we speak. Me thinks I have some work to
do! If I could do a system restore; that would make it easy!

 

[The Real Truth MVP]

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm

--
Ignore any posts made by the Stalker Leythos, he's still in love with me.
He started stalking me after I spurned his advances towards me.
He said he would stop Stalking me If I stopped mentioning his name.
As you can see that does not work. He is a sick obsessive STALKER.

 

[Flat Earth Society]

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm

Don't listen to this guy. If it really is a virus then play it safe and
wipe the HDD and reinstall.

 

[ArameFarpado]

Em Domingo, 5 de Outubro de 2008 00:41, The Real Truth MVP escreveu:

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm

do you know that you're runningnow.exe trips 3 anti-malware programs?
eSafe, F-Secure and Rising.

checkit out in www.virustotal.com

 

[David H. Lipman]

From: "TheSlaz" <[email protected]>

| You are absolutely right on. There still is a "Virus Alert" in the
| system tray and the "Virus Alert" does show after the date and time stamp.
| I am doing another virus scan as we speak. Me thinks I have some work to
| do! If I could do a system restore; that would make it easy!

I knew it.

Please do NOT visit PCBUTTS1.Com or use Remove-It. Besides that it is based upon at least
two plagiarized utilities (RogueFix and the MVP Hosts File) it is so simple that it fails
on the complex capabilities of the new fake anti virus scanners. The modified Hosts file
in Remove-It is malicious. It will block legitimate anti malware sites and other
legitimate sites.

Additionally, there is NO need to wipe the PC and re-install the OS after this.

Start by using Malwarebytes Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

If that does NOT correct the display of "Virus Alert!" on Time and Date stamps, it is EASY
to fix...

Go to; Control Panel --> Regional and Language Options --> Regional Options -->
Customize --> Time
Change "Time format:" to; h:mm:ss tt

Hit "Apply" and then "Ok"

Now all your Date and Time stamps will no longer show "Virus Alert!".

 

[David H. Lipman]

From: "Flat Earth Society" <[email protected]>

| Don't listen to this guy. If it really is a virus then play it safe and
| wipe the HDD and reinstall.

It is NOT a true virus !

 

[David H. Lipman]

From: "ArameFarpado" <[email protected]>

| do you know that you're runningnow.exe trips 3 anti-malware programs?
| eSafe, F-Secure and Rising.

| checkit out in www.virustotal.com

They are False Positive declarations based upon its checking of various registry entries.

The file is a ZIP file that holds a self extracting archive file that extracts and runs a
VBS script, runningnow.vbs.

It is NOT malicious. However it was plagiarized and stolen from Andrew Aronoff's "Silent
Runners" VBS script and is based upon a version of Silent Runners that is a year old.
http://www.silentrunners.org/

 

[The Real Truth MVP]

Those are false positives, but these are true.

The Troll has gone crazy
http://pcbutts1-therealtruth.blogspot.com/
The truth about the David Lipman Troll
http://www.google.com/search?source...US265&q=David+H.+Lipman+Troll+Extraordinaire+


--
Ignore any posts made by the Stalker Leythos, he's still in love with me.
He started stalking me after I spurned his advances towards me.
He said he would stop Stalking me If I stopped mentioning his name.
As you can see that does not work. He is a sick obsessive STALKER.

 

[The Real Truth MVP]

The Troll has gone crazy
http://pcbutts1-therealtruth.blogspot.com/
The truth about the David Lipman Troll
http://www.google.com/search?source...US265&q=David+H.+Lipman+Troll+Extraordinaire+

 

[ArameFarpado]

Em Domingo, 5 de Outubro de 2008 01:24, David H. Lipman escreveu:

The modified Hosts file in Remove-It is malicious. It will block
legitimate anti malware sites
and other legitimate sites.

so it might not be a virus, but it's something like a rootkit.

 

[The Real Truth MVP]

Something tells me that as*holes like you don't know what you are talking
about, you think you do but you don't. Please visit
http://pcbutts1.com/downloads/fu.htm you might learn more about yourself.


--
Ignore any posts made by the Stalker Leythos, he's still in love with me.
He started stalking me after I spurned his advances towards me.
He said he would stop Stalking me If I stopped mentioning his name.
As you can see that does not work. He is a sick obsessive STALKER.

 

[David H. Lipman]

From: "ArameFarpado" <[email protected]>

| Em Domingo, 5 de Outubro de 2008 01:24, David H. Lipman escreveu:

| so it might not be a virus, but it's something like a rootkit.

No. It is not like a RootKit.

 

[The Real Truth MVP]

It's nothing which is why he cannot give you a straight answer. My hosts
file is just like anybody else's hosts file except I've added the sites of
people who publicly tried to take down my website, or stolen from me and
lied about it, and who publicly have posted lies about me in these
newsgroups. As far as I am concerned there is no reason to visit any of
those sites. Despite what the lying troll Leythos has said before in another
post before my Remove-it program updates your host file you are told about
it and what it is getting ready to do and what a hosts file does. You are
then given a choice to say yes or no. Mine is the only one that does that,
it always has. Next time you have any questions about any of my programs
then please ask me and not anyone else because depending on who you ask they
will lie. I am the only one who will tell you the truth about it because I
wrote it.


--
Ignore any posts made by the Stalker Leythos, he's still in love with me.
He started stalking me after I spurned his advances towards me.
He said he would stop Stalking me If I stopped mentioning his name.
As you can see that does not work. He is a sick obsessive STALKER.

 

[ArameFarpado]

Em Domingo, 5 de Outubro de 2008 03:11, The Real Truth MVP escreveu:

It's nothing which is why he cannot give you a straight answer. My hosts
file is just like anybody else's hosts file except I've added the sites of
people who publicly tried to take down my website, or stolen from me and
lied about it, and who publicly have posted lies about me in these
newsgroups. As far as I am concerned there is no reason to visit any of
those sites. Despite what the lying troll Leythos has said before in
another post before my Remove-it program updates your host file you are
told about it and what it is getting ready to do and what a hosts file
does. You are then given a choice to say yes or no. Mine is the only one
that does that, it always has. Next time you have any questions about any
of my programs then please ask me and not anyone else because depending on
who you ask they will lie. I am the only one who will tell you the truth
about it because I wrote it.

it doesn't look right to block sites in other people computers. i know how
it's done, by assigning 127.0.0.1 to any domain you want to block. CCleaner
does this in hosts file and most of the sites it blocks are not malware
sites but music and video piracy mainly italian.
you are blocking your enemies sites in other people computers... man that is
wrong.
everyone should have the freedom to choose what sites to visit, and not
having other persons doing it for them... what you are doing is similar to
a rootkit job. you're imposing you're own TC, but many people don't see TC
as Trusting Computing, instead they see it as Treacherous Computing.
You're not a daddy setting parental controls to your kids, you are setting
you're rules in computers that are not your's and doing it to people that
came here with problems inocently asking for help...
from here until you to start infect others so you can use there botnets to
attack Leythos in a DOS attack is a small step.
Solve your problems with Leythos without recruting soldiers to fight your
war with him...

hope you stop doing what you are doing

regards

 

[The Real Truth MVP]

Maybe you missed the part in my post about being told about my host file
and what it does and especially about the part where you have a choice the
choose "Yes" to update the host file or "No" to leave it alone. You are not
told that when using the MVPS hosts file which blocks 2 of my sites. Then
you go on this rant about Leythos and botnets WTF you really are a lost
soul. I'm starting to feel sorry for you because of your lack of knowledge
and understanding what you read.


--
Ignore any posts made by the Stalker Leythos, he's still in love with me.
He started stalking me after I spurned his advances towards me.
He said he would stop Stalking me If I stopped mentioning his name.
As you can see that does not work. He is a sick obsessive STALKER.

 

[Mick Murphy]

Scan your System with Spybot Search & Destroy, and Malwarebytes, and your
Anti-virus while in Safe Mode.
When that is done, turn OFF system Restore, wait until that is done, then
turn it back ON to create a clean restore point.

Download links and Safe Mode info below


http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

 

[TheSlaz]

I have had Malwarebytes on my computer for some time now as I find it to
be very effective and fast. Used it; Hijackthis and Trend Micro's house
call to get the computer back to a working state. I then did a system
restore and it appears to be back to normal. Tomorrow evening I will do
a complete scan with BitDefender. When that is done and it does it's
cleaning; I will create a restore point.

Thanks for your input and suggestions mttc. As for everyone else
spouting of here; I've got one thing to say. Man; you obviously have
toooooo much time on your hands!!!

 

[Mick Murphy]

Just make sure that you do these scans in Safe Mode.
Windows has not got a lot started; it is running on bare bones.
Way to get rid of rubbish.

Cheers.