In the context of system restore, a virus is just for xmas, but a rootkit is for life
Typed frustratingly slowly on my BlackBerry® wireless device -----Original Message----- From: "Maglinger, Paul" <pmaglin...@scvl.com> Date: Fri, 20 May 2011 15:03:46 To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com> Reply-To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com>Subject: RE: System Restore and Scareware I've had some good luck with system restores, but it doesn't seem to reliably work against a root kit. Those that didn't I took care of with combofix. From: Rankin, James R [mailto:kz2...@googlemail.com] Sent: Friday, May 20, 2011 2:51 PM To: NT System Admin Issues Subject: Re: System Restore and Scareware Some of these little beasties are easy to beat - I've seen ones where deleting a file did the trick. Unfortunately at the other end of the scale live some crafty process-injection nasties that are a veritable nightmare to find. Fortunately MalwareBYtes has a good track record of pulling them out for you. Typed frustratingly slowly on my BlackBerry(r) wireless device ________________________________ From: "Bob Hartung" <bhart...@wiscoind.com> Date: Fri, 20 May 2011 14:47:23 -0500 To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com> ReplyTo: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> Subject: System Restore and Scareware I've had a couple of recent cases of scareware infecting some Windows XP Pro systems here. One reported lots of virus infestations and prevented the user from accessing the internet and, for a low price, would fix all. The other reported that the hard drive had tons of errors and the boot sector was gone, etc. And for a small fee, their utility could fix it. This system was unusable. Maybe this is pretty basic but I haven't seen mention of it but in both cases, Window's System Restore easily removed both. I've seen descriptions of fixing infected systems involving fairly complex procedures and multiple utilities. I guess I just wanted to recommend giving System Restore a try first before resorting to the heavy artillery. On the system that had the failed hard drive scareware, it was impossible to access System Restore in normal windows. I figured Safe Mode was the way to go but I discovered System Restore is not available in Safe Mode. I did learn that you can run System Restore in Safe Mode with Command Prompt. Just enter "%systemroot%\system32\restore\rstrui.exe" at the command prompt and you're in System Restore. Not sure why regular Safe Mode wouldn't have that command available. Hope that's of help to someone else. ---------------------- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin