Help-System Restore problem

  The Mountaineer 01:46 07 Nov 2009

Still in Kathmandu running in circles chasing trojans but now having a problem with system restore.
I finally gave up on trying to rid three computers and three usb flash drives of a trojan killvirus.vbs today which basically hijacks IE homepage to a "goggleonline" webpage! I'd succeeed once with this a couple of weeks ago with System Restore in safe mode, restoring to a set point on October 10th which I know is/was clean, but now I can't get restore to work, constantly getting the usual message "your computer cannot be restored ....". I'm running on XP Home. I'm baffled and would appreciate any help.

  birdface 08:52 07 Nov 2009

Have you tried updating and running the free version of this.

click here it gets rid of most problems.

Another good one is this.

click here

That is a pay for program but you get 30 day trial and it will remove anything that it finds.

Running scan with malwarebytes is better if you can run it in safe mode.

  Fruit Bat /\0/\ 10:10 07 Nov 2009

If malwarebytes won't run due to the infection, rename the mabam.exe file to something like rabbit.exe and then try running it.

  The Mountaineer 10:43 07 Nov 2009

Buteman and Fruitbat, thanks for replying. Sorry I didnt give more information last time as follows:
So far I have run Malwarebytes, superantispyware, spybot etc., a-squared, and my Panda 2010 suite, all in Safe mode as well as normal. Only a-squared detected and "removed" the trojan, but it keeps coming back, and strangely it no longer can be seen in the Sys32 folder where it originally resided. How do I know I've still got it? Because IE home page keeps getting hijacked to this damned goggleonline.blogspot false page! As I said in my first post an earlier success I had was to roll back via system restore to Oct 10th, the day before I flew out here, but that has now stopped working. I've tried using superantispyware's system restore repair feature, but that hasn't cured it.
I'm about to try two things: I'm currently downloading Trojan Remover from Simply Super Software as you recommend Buteman, then failing that I'm going to switch off system restore in case the trojan is "hiding" in some restore points.
Unless that works I'm going to put the netbook in my suitcase, get home next Thursday and do a clean reinstall of Windows. Failing that, a large hammer .....
Unless further suggestions received which it would be discourteous to reject!

  birdface 11:17 07 Nov 2009

Maybe you have to open your hidden files before you run the scan the next time.
Not on XP anymore and cannot quite remember how it is done.
maybe someone can tell you how to do it just in case it is hiding in there.

  User-312386 11:21 07 Nov 2009

I havent read all your posts, but have you tried switching off system restore then running all tests?
I have a feeling the virus is locked in system restore and unfortunately the only way to eradicate it is by turning off the restore and deleting the restore points - which by turning it off will do so!

  The Mountaineer 11:33 07 Nov 2009

Buteman, the Trojan Remover found it, blocked it and renamed it. I hope these were the correct options. IE now opens with the correct home page (though I mostly use Firefox and Chrome).
Still a bit concerned about it returning from hidden system restore folders since Panda is regularly blocking hijack attempts so deleting these is my next step as per your advice Madboy. Got about 20mins before nightly power cut for an hour so I may be a while before I can post feedback, but I will.
Thanks everyone so far.

  birdface 11:53 07 Nov 2009

If you would like to download Winpatrol it will stop anything from changing your Home page.

click here

It will warn you if anything tries to change your computer settings.If it is anything that you have not tried to download or you are not sure what it is just deny it you can always allow it again later if you find out it is needed.

click here

You want the free version.

  birdface 11:54 07 Nov 2009

Sorry for the double click here.

  The Mountaineer 16:09 07 Nov 2009

System Restore still didnt allow me to go back to Oct 10th so switched off and all points deleted. Switched System Restore back on again and saved a "clean" restore point but noticed that Panda has a System Volume Information folder (with restore points information" in it listed as a "dont scan" folder which seems highly suspicious.
IE Homepage is still OK though but living for a month in Trojan City has been a real eye opener and I will never be so smug about my Panda/CCleaner/Malwarebytes trio ever again. I wont be taking a hammer to my little Eee PC but I WILL be doing a clean reinstall when I get home.
Buteman, Winpatrol looks interesting and I will download and install it, once I have removed Superantispyware, a-squared, Spybot, Spywareblaster, Malwarebytes, ....... from my little netbook which is creaking and groaning under the strain!
Thanks for your help everyone, safe for 5 days now till I can get home.
Marked as resolved

  Sea Urchin 17:50 07 Nov 2009

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

See mcbess's iconic style animated for Mercedes-Benz

iPhone X news: Release date, price, new features & specs

Black Friday 2017 : date, sites participants & bonnes affaires