System Restore and Virus removal

  [email protected] 21:15 19 Jan 2009

I am in the process of trying to remove virus from a friends PC. As a result of a lot of reading on the net, there appears mixed conclusion with regard to de-activating System Restore in order to run deep scans. Some say it should not be switched off before the infection is removed and others say you can't remove the infection if it's in the "restore" area.
I would welcome any comments, thanks.
PS: Vista by the way but need not be in the Vista Forum.

  woodchip 21:21 19 Jan 2009

Do not de-activate it may be the only way back. Try running a scan in Safe Mode. But it true that one you have sorted the computer System Restore should be turned off to remove all Restore Points Then Turned back on to create a new Clean Restore Point

  [email protected] 21:26 19 Jan 2009

That's what I read and erred on the side of caution, so thanks for that woodchip.
Unfortunately, this particular virus has removed the ability to start in safe mode and I am not going to mess with the boot.ini file.
It's Trojan.DNSChanger-Codec by the way.
SuperAntiSpyware detects it and quarantines it but it's back after re-boot. A2 and AVG don't detect it. I am currently running a scan with Vipre AV & AS and it has been detected but whether it will remove it remains to be seen after the scan.

  woodchip 21:34 19 Jan 2009

Don't know if it will remove it, click here

But this should remove it click here

  [email protected] 21:37 19 Jan 2009

I have been surfing for hours and never saw either of the two links woodchip. TVM - I will try the latter ASAP :-)

  [email protected] 21:45 19 Jan 2009

I won't have time for another scan this evening so I will post back sometime tomorrow. Thanks again for the links ;-)

  gazzaho 22:34 19 Jan 2009

I just posted this on the other thread about system restore.

Restore can actually retain a virus. I got a virus warning while using kaspersky quite a few years ago and no matter how many times I tried to remove it, on reboot it kept re-detecting the damn thing. Eventually, after a lot of hair and sanity loss I realised the file was residing inside the system restore. If I remember correctly I had to switch restore off and then do the scan in order to remove it, then switch restore back on.

As far as I can remember, the virus was removed but the file that carried the payload was being detected in the system restore. To be honest I can't remember if kaspersky removed it or if I did a search for the file and deleted it myself.

I always turn off restore before scanning for viruses because of my experience.

  [email protected] 13:12 20 Jan 2009

I have run several free softwares which claim to remove it but no go, so it looks like a dedicated virus removal forum and HJT logs with a 1 on 1 advisor.
I have learned the virus is very early in the boot.ini folder so when you re-boot "in order for the virus cleaning process to be complete" - the virus re-activates before the AV software can do it's job.
I am currently running Malwarebytes which is the last I will try before HighjackThis.

  [email protected] 16:58 20 Jan 2009

Thread closed but unresolved.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Best Amazon Echo: What’s the best Alexa speaker?

Kano Computer Kit Complete review: A fun DIY 'laptop' that teaches kids to code

Best pro photo editors for Mac 2018

TV & streaming : comment regarder les Jeux olympiques d’hiver 2018 ?