Jump to content

xp restore virus


Recommended Posts

This morning I turned on my computer and found that I have been hit with the XP Restore virus.

All icons are gone from the desktop. Almost all entries are missing from the start menu.

I can only get to some programs by clicking Start, My Computer and then searching for a program I want to run.

I started firefox and tried to go to the malwarebytes forum for advice but the PC rebooted (tried this twice).

I am writing this from another PC that we have.

What is the best way to get rid of this virus?

I was able to run malwarebytes before the virus hide all my files. It found several viruses and wrote the log but I can't remember the name of the log to retrieve it and post here.

Thanks for your help.

Link to post
Share on other sites

Just tried to run malwarebytes again and noticed that when I tried to do an update to the latest virus checking files the program returned the following error:

Program_Error_Updating(5,0,createfile)

Access denied.

I am assuming that the virus is keeping malwarebytes from doing this update by somehow locking the file it is attempting to update.

How do I get around this?

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Chris,

thanks for your reply.

I have good news and bad news :-)

The good or almost good:

while I was waiting to hear from someone I downloaded another version of malwarebytes into a different directory and that worked with the latest virus definitions. I then ran it and it found an additional 7 infections (mostly trojans).

I also downloaded TDSSKILLER.exe and then rebooted.

The XP Recover screen from the virus is gone. But I noticed that several icons on the desktop were missing and also almost all the programs under the Start button.

I noticed in another post a mention of unhide.exe which I downloaded and executed. It appears to have restored all icons and programs under the start button. The only thing that was not restored was the background jpg on the desktop which I just did manually.

The not so good and still need help with:

I am also still getting some Delayed Write Failed messages: "Windows was unable to save all the data for a particular file. The data was lost. This error may be caused by a failure of your computer hadware or network connection...." I thought this was an error from the virus because it came up while the virus was displaying that Restore screen.

Is this still part of the virus? or another problem?

One other curious thing is that I tried to execute TDSSKILLER and it will not run. Nothing happens when I click on the icon on the desktop. Also tried to open it by right clicking on the icon and selecting open, nothing.

And the latest and still an indication of some virus is that I now have a redirect problem.

Once everything looked normal I tried to do a search in Google and first found that it was much slower than before but it also redirects my searches to ad pages (not pop-ups). I tried this in IE8, Chrome, Firefox and Safari and all have the same problem. I also tried in in Yahoo search and it happens there too.

I ran Malwarebytes again and it didn't find anything. I also ran Spybot and it cleared out about 11 adware entries. But no help with these problems.

So I still eed help. Tried running TDSSKILLER after rebooting again but it still doe not run.

Link to post
Share on other sites

I continued to try to resolve this and it looks like I may have done it.

I read a few other posts and decided to download combofix.exe since I could not get TDSSKILLER to execute.

I ran combofix and it found some problems that it resolved. I then tried TDSSKILLER again and it now worked. So I ran that too. It did not find anything.

I then re-booted and all the outstanding problems seem to be resolved.

I hope it stays this way. It took me about 7 hours to get here :-)

Link to post
Share on other sites

I still seem to have a small problem.

Everything seems to be restored with the exception of the list of programs that appears when I click the start button.

A list of the folders for the programs appears when I click on All Programs but when I click on one of the folders the actual programs that should appear in the folder do not appear. It just says Empty.

Any suggests on how to recover the programs in this list?

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.