Trojan horse in restore

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.newusers (More info?)

My AV seems to have trapped the trojan horse "Startpage.12.V" in the System
Volume Information\-restore{ }rp457\a0088659.exe . The AV can
recognize it but apperently can't access the folder (I can't either) to
remove it. It doesn't seem to be affecting the computer in any way
other than giving the message that the trojan is there several times a day.

I assume this is in one of my restore points and if so will it be
automatically deleted as that restore point runs out or do I need to
disable restore points reboot and reenable restore points.

Thanks

Chas
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Charles Swenson wrote:
> My AV seems to have trapped the trojan horse "Startpage.12.V" in the
> System Volume Information\-restore{ }rp457\a0088659.exe . The
> AV can recognize it but apperently can't access the folder (I can't
> either) to remove it. It doesn't seem to be affecting the
> computer in any way other than giving the message that the trojan is
> there several times a day.
> I assume this is in one of my restore points and if so will it be
> automatically deleted as that restore point runs out or do I need to
> disable restore points reboot and reenable restore points.

Faster if you just disable/enable/set a manual restore point.

(This, of course, will erase any previous restore point you have.)

Turn off System Restore.
http://support.microsoft.com/?kbid=310405

Reboot.

Turn on System Restore.
http://support.microsoft.com/?kbid=310405

Make a Manual Restoration Point.
http://snipurl.com/68nx

--
<- Shenan ->
--
The information is provided "as is", it is suggested you research for
yourself before you take any advice - you are the one ultimately
responsible for your actions/problems/solutions. Know what you are
getting into before you jump in with both feet.
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Hi Chas

You will need to stop/start System Restore - this will, however, delete all
existing checkpoints:

Right click on My Computer, select Properties and then the System Restore
tab. Enable 'Turn off System Restore on all drives' and click Apply>OK.
Then reboot your PC. After that first reboot go back into System Restore,
disable 'Turn off System Restore on all drives' and click Apply>OK. Then
reboot your PC again. After this second reboot the virus would have been
deleted and you will have a newly created checkpoint.

--

Will Denny
MS-MVP - Windows Shell/User
Please reply to the News Groups


"Charles Swenson" <nospam@nospam.com> wrote in message
news:B58hd.24293$lM1.13122@fe2.texas.rr.com...
> My AV seems to have trapped the trojan horse "Startpage.12.V" in the
> System Volume Information\-restore{ }rp457\a0088659.exe . The AV
> can recognize it but apperently can't access the folder (I can't either)
> to remove it. It doesn't seem to be affecting the computer in any way
> other than giving the message that the trojan is there several times a
> day.
>
> I assume this is in one of my restore points and if so will it be
> automatically deleted as that restore point runs out or do I need to
> disable restore points reboot and reenable restore points.
>
> Thanks
>
> Chas
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Thanks Will and Shenen,

Kinda hate to lose those restore points, makes me feel kinda naked for a few
days , but I'd rather be free of the trojan so here goes.


Chas

"Charles Swenson" <nospam@nospam.com> wrote in message
news:B58hd.24293$lM1.13122@fe2.texas.rr.com...
> My AV seems to have trapped the trojan horse "Startpage.12.V" in the
> System Volume Information\-restore{ }rp457\a0088659.exe . The AV
> can recognize it but apperently can't access the folder (I can't either)
> to remove it. It doesn't seem to be affecting the computer in any way
> other than giving the message that the trojan is there several times a
> day.
>
> I assume this is in one of my restore points and if so will it be
> automatically deleted as that restore point runs out or do I need to
> disable restore points reboot and reenable restore points.
>
> Thanks
>
> Chas
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Charles,

As long as you do not utilize that specific restore point then the
trojan CAN NOT infect the system. If you can determine that the
date of the RP then you *may* be able to flush it by using
Disk Cleanup to delete all but the most recent ones . There is NO
need to flush the entire restore hierarchy .

If you can determine it's date and it IS an older restore point, go
to Start, Program , Accessories, System Tools, Disk Cleanup. Choose
the drive to be cleaned up, click the More Options button, then
click the Clean up button under System Restore.


MowGreen [MVP]
===============
*-343-* FDNY
Never Forgotten
===============


Charles Swenson wrote:

> My AV seems to have trapped the trojan horse "Startpage.12.V" in the System
> Volume Information\-restore{ }rp457\a0088659.exe . The AV can
> recognize it but apperently can't access the folder (I can't either) to
> remove it. It doesn't seem to be affecting the computer in any way
> other than giving the message that the trojan is there several times a day.
>
> I assume this is in one of my restore points and if so will it be
> automatically deleted as that restore point runs out or do I need to
> disable restore points reboot and reenable restore points.
>
> Thanks
>
> Chas
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Thanks MowGreen for your response,

I have deleted all restore points and made a new one , but it is nice to
have the info you gave me and maybe at some point in the future it will save
me having to lose all restore points.

I see many people on here complaining about restore points , there disk
usage , and seem to think they are useless , but as far as I'm concerned it
is one of the best features ever incorporated into Windows.

Chas



"MowGreen [MVP]" <mowgreen@nowandzen.com> wrote in message
news:uxK58eFwEHA.3108@TK2MSFTNGP14.phx.gbl...
> Charles,
>
> As long as you do not utilize that specific restore point then the trojan
> CAN NOT infect the system. If you can determine that the date of the RP
> then you *may* be able to flush it by using
> Disk Cleanup to delete all but the most recent ones . There is NO need to
> flush the entire restore hierarchy .
>
> If you can determine it's date and it IS an older restore point, go to
> Start, Program , Accessories, System Tools, Disk Cleanup. Choose the drive
> to be cleaned up, click the More Options button, then click the Clean up
> button under System Restore.
>
>
> MowGreen [MVP]
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>
> Charles Swenson wrote:
>
>> My AV seems to have trapped the trojan horse "Startpage.12.V" in the
>> System Volume Information\-restore{ }rp457\a0088659.exe . The AV
>> can recognize it but apperently can't access the folder (I can't either)
>> to remove it. It doesn't seem to be affecting the computer in any
>> way other than giving the message that the trojan is there several times
>> a day.
>>
>> I assume this is in one of my restore points and if so will it be
>> automatically deleted as that restore point runs out or do I need to
>> disable restore points reboot and reenable restore points.
>>
>> Thanks
>>
>> Chas
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Mon, 01 Nov 2004 21:43:44 GMT, "Charles Swenson" <nospam@nospam.com> wrote:

It's a weighted fix. The alternative is a complete reinstall of the OS, all
programs that need reinstalling, activating everything it screws up.

vs. whatever's currently screwed up.

My last restore I had to go back an entire month to fix things. Even being a
slow month of installing new stuff, I'll probably be repairing what the restore
screwed up well into next year.

Simply because even though new programs aren't the problems, data in the past
month got written, and a restore actually moved some of that stuff and I'm
still finding it.

I would say a restore point from a month is an actual waste of time. Better to
find what the current problem is and forget about restore points altogether.

Restore points should actually be restore points ala Norton Ghost. This attempt
by M$ is just one more bug gone berserk in the M$ OS.

>I see many people on here complaining about restore points , there disk
>usage , and seem to think they are useless , but as far as I'm concerned it
>is one of the best features ever incorporated into Windows.
>
>Chas
>
>
>
>"MowGreen [MVP]" <mowgreen@nowandzen.com> wrote in message
>news:uxK58eFwEHA.3108@TK2MSFTNGP14.phx.gbl...
>> Charles,
>>
>> As long as you do not utilize that specific restore point then the trojan
>> CAN NOT infect the system. If you can determine that the date of the RP
>> then you *may* be able to flush it by using
>> Disk Cleanup to delete all but the most recent ones . There is NO need to
>> flush the entire restore hierarchy .
>>
>> If you can determine it's date and it IS an older restore point, go to
>> Start, Program , Accessories, System Tools, Disk Cleanup. Choose the drive
>> to be cleaned up, click the More Options button, then click the Clean up
>> button under System Restore.
>>
>>
>> MowGreen [MVP]
>> ===============
>> *-343-* FDNY
>> Never Forgotten
>> ===============
>>
>>
>> Charles Swenson wrote:
>>
>>> My AV seems to have trapped the trojan horse "Startpage.12.V" in the
>>> System Volume Information\-restore{ }rp457\a0088659.exe . The AV
>>> can recognize it but apperently can't access the folder (I can't either)
>>> to remove it. It doesn't seem to be affecting the computer in any
>>> way other than giving the message that the trojan is there several times
>>> a day.
>>>
>>> I assume this is in one of my restore points and if so will it be
>>> automatically deleted as that restore point runs out or do I need to
>>> disable restore points reboot and reenable restore points.
>>>
>>> Thanks
>>>
>>> Chas
>>
>

--
more pix @ http://members.toast.net/cbminfo/index.html
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.newusers (More info?)

> My last restore I had to go back an entire month to fix things.

What utter nonsense.
Restore should be used for any software install that goes South.
IMMEDIATELY. To say it's a "bug gone beserk" just shows how little
you know concerning it.

The problem is the restore hierarchy is usually way too large to be
a dependable tool. Unless one is installing a huge bloated software
package ( MS Office ) than setting the hierarchy to 200MB provides a
reliable safey net for the past 3 or 4 days. And, that's all it
should be used for. It's NOT a backup program.


MowGreen [MVP]
===============
*-343-* FDNY
Never Forgotten
===============

Husky wrote:

> On Mon, 01 Nov 2004 21:43:44 GMT, "Charles Swenson" <nospam@nospam.com> wrote:
>
> It's a weighted fix. The alternative is a complete reinstall of the OS, all
> programs that need reinstalling, activating everything it screws up.
>
> vs. whatever's currently screwed up.
>
> My last restore I had to go back an entire month to fix things. Even being a
> slow month of installing new stuff, I'll probably be repairing what the restore
> screwed up well into next year.
>
> Simply because even though new programs aren't the problems, data in the past
> month got written, and a restore actually moved some of that stuff and I'm
> still finding it.
>
> I would say a restore point from a month is an actual waste of time. Better to
> find what the current problem is and forget about restore points altogether.
>
> Restore points should actually be restore points ala Norton Ghost. This attempt
> by M$ is just one more bug gone berserk in the M$ OS.
>
>
>>I see many people on here complaining about restore points , there disk
>>usage , and seem to think they are useless , but as far as I'm concerned it
>>is one of the best features ever incorporated into Windows.
>>
>>Chas
>>
>>
>>
>>"MowGreen [MVP]" <mowgreen@nowandzen.com> wrote in message
>>news:uxK58eFwEHA.3108@TK2MSFTNGP14.phx.gbl...
>>
>>>Charles,
>>>
>>>As long as you do not utilize that specific restore point then the trojan
>>>CAN NOT infect the system. If you can determine that the date of the RP
>>>then you *may* be able to flush it by using
>>>Disk Cleanup to delete all but the most recent ones . There is NO need to
>>>flush the entire restore hierarchy .
>>>
>>>If you can determine it's date and it IS an older restore point, go to
>>>Start, Program , Accessories, System Tools, Disk Cleanup. Choose the drive
>>>to be cleaned up, click the More Options button, then click the Clean up
>>>button under System Restore.
>>>
>>>
>>>MowGreen [MVP]
>>>===============
>>> *-343-* FDNY
>>>Never Forgotten
>>>===============
>>>
>>>
>>>Charles Swenson wrote:
>>>
>>>
>>>>My AV seems to have trapped the trojan horse "Startpage.12.V" in the
>>>>System Volume Information\-restore{ }rp457\a0088659.exe . The AV
>>>>can recognize it but apperently can't access the folder (I can't either)
>>>>to remove it. It doesn't seem to be affecting the computer in any
>>>>way other than giving the message that the trojan is there several times
>>>>a day.
>>>>
>>>>I assume this is in one of my restore points and if so will it be
>>>>automatically deleted as that restore point runs out or do I need to
>>>>disable restore points reboot and reenable restore points.
>>>>
>>>>Thanks
>>>>
>>>>Chas
>>>
>