System restore has taken over my pc

  4styw 18:36 19 Jul 2009
Locked

I've read loads of useful advice in the forum about how to remove this malware (eg Sanjay's detailed approach on comprolive.com) but nothing has worked because the virus is preventing me accessing any programmes, files or folders. I've tried unHookExec and a VBS script but I cannot start the pc in safe mode. I have some files on the pc that are very important to me and hate the thought that I might have to do a clean install and lose it all. Anyone any ideas, please?

  mfletch 18:51 19 Jul 2009

Use this it looks complicated but just take your time and hopfully it will remove the virus,

DrWeb-LiveCD

Download click here

User Guide click here

Make sure that your computer is set up to boot from the CD drive, in
which the disk with Dr.Web LiveCD is inserted,

Using the arrow keys on your keyboard select one of the following
items and press ENTER:

To launch the GUI version of Dr.Web LiveCD, select
DrWeb-LiveCD.

To launch the command line version (the Console Scanner),
select DrWeb-LiveCD (Safe Mode).

Select standard GUI mode;

The standard mode is preferable because of its pictorial view and better
functionality.

You can start the main components by.

Double-clicking the icon of the respective component on the
desktop (by default, basic components are represented on the
desktop);

To open the system menu, click the system menu button in the
taskbar.

Click on DrWeb Scanner

The Scanner allows to check all types of Windows partitions (FAT,
FAT32, NTFS) for viruses. By default, all partitions of the hard drive are
selected for scanning.

To add an object to or remove an object from the list of objects to
scan, either click Add or Delete, or press INSERT or DELETE
respectively.

To start scanning the selected objects, click Start (it will turn to the
Stop button and scanning will start).

Scan results are shown as a table in the bottom of the Scanner main
window.

Below the report field is a row of buttons where you can select the
desired action for every object in the list: Cure or Delete. The Cure
action is not available for archives, containers, and mail files.

Exit the scanner and eject the CD

Restart the computer

  lotvic 23:28 19 Jul 2009

"System restore has taken over my pc"

since when has 'system restore' been malware?

  woodchip 23:36 19 Jul 2009

try this, check tools that will be on the cd after you have created it click here

  4styw 12:56 20 Jul 2009

Thanks for the suggestions. I tried downloading the Dr Web Live CD and was confronted with a list of files which I tried saving but they appear to be identical. When I tried burning one to a disc I was told to start with a different file. Very confused. Haven't got beyond that point yet. Then tried downloading Ultimate Boot, which has worked but before I run it on the infected PC, what exactly am looking for, as it seems to contain many different programmes. All I'm trying to do is boot in safe mode.

  tullie 14:10 20 Jul 2009

What is the virus name?

  4styw 14:32 20 Jul 2009

It's System Security. I've managed to start the pc in safe mode and run through a sequence recommended by Sanjay (see message above) which enabled my virus checker (AVG) to find and quarantine many Trojans. I used CCleaner to clean the registry and all the usual basic cleaning tasks. I went through all the actions he described, restarted and was back where I started - still infected. I've tried running Trojan removal programmes but when I try to run them, I get a message asking me what programme I want to open them with - and I don't know. You don't normally get asked that.

  brundle 14:44 20 Jul 2009

System Security 2009?
click here

  woodchip 14:46 20 Jul 2009

After booting run AntiVirus thats on the CD

  4styw 14:58 20 Jul 2009

The problem is now that I can't get any antivirus programmes on disc or on the hard drive to run - I just get a prompt asking me what programme I want to open it with. It looks as though the virus is now infecting the pc even in safe mode.

As far as I know its System Security 2009.

  brundle 15:04 20 Jul 2009

You need to create the CD mfletch posted, on another PC. The list of files is in date order, the newest is at the bottom - for example, today's is in

click here

and the file is always called minDrWebLiveCD-5.0.0.iso

You need to burn that to a CD as an image, using something like ImgBurn - click here

Here's a guide; click here

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 hack: How secure is your Wi-Fi?

Microsoft Surface Book 2 hands-on review – bigger and 5x faster

Best kids apps for iPhone & iPad

Que faire si son iPhone ou iPad est tombé dans de l'eau ?