Can Zlob be removed by using a restore point?

  • Thread starter Thread starter rod
  • Start date Start date
Re: Can Zlob be removed by using a restore point?

From: "rod" <pookiethai@NOSPAMiprimus.com.au>


| Restore failed in safe mode on 4 dates.
| It would run through to reboot, as soon a I typed
| in the administrators password, the fail pop up screen arrived.

Like I wrote, malware can corrupt the System Restore cache.

Either the following or a wipe and OS reinstall...


Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Then post the contents of the HJT log in your post in one of the below expert forums...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13




--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Re: Can Zlob be removed by using a restore point?



Then you way is a clean install, don't hang about for more experments unless
you want to do so!
Step-By-Step Windows XP: Installation
http://www.microsoft.com/windowsxp/using/setup/winxp/install.mspx
Step-By-Step Windows Vista: Installation
http://www.w-tweaks.com/html/windows_vista_setup__step_by_s.html

HTH,
nass
---
http://www.nasstec.co.uk


"rod" wrote:

>
> Restore failed in safe mode on 4 dates.
> It would run through to reboot, as soon a I typed
> in the administrators password, the fail pop up screen arrived.
>
> I found the quick launch bar.
>
>
> >> If you *must* do a system restore, I suggest performing it in Safe Mode.
> >> Doing it in Safe Mode has a greater chance that it will succeed.
> >> Dave
> >> http://www.claymania.com/removal-trojan-adware.html
> >> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
>
 
Re: Can Zlob be removed by using a restore point?


Thank you for your continued support.

Look, I honestly don't know how it occurred,
but my computer seems stable and there have been no further
pop up screens, I feel I have actually nailed the bugger.

I used Rootkit revealer, unhackme, hijack this, along with others,
and pcbutts , I followed the advice to the letter and it seems shot.

The only thing I feel left to do, is to follow "Spycachers" advice
and cleanse my "restore folder" and make a new restore point.

Thanks to everybody, this thing is a real nasty, AFAIK I got it when
executing a Codec exe, for a supposed clip upgrade.
I wont be going anywhere near those again thank you.

You fellas (and lady) do a great job.
Rodney



"nass" <nass@discussions.microsoft.com> wrote in message
news:A4A28AEA-6DCB-44B7-86D7-C59F6F597592@microsoft.com...
>
>
> Then you way is a clean install, don't hang about for more experments
> unless
> you want to do so!
> Step-By-Step Windows XP: Installation
> http://www.microsoft.com/windowsxp/using/setup/winxp/install.mspx
> Step-By-Step Windows Vista: Installation
> http://www.w-tweaks.com/html/windows_vista_setup__step_by_s.html
>
> HTH,
> nass
> ---
> http://www.nasstec.co.uk
>
>
> "rod" wrote:
>
>>
>> Restore failed in safe mode on 4 dates.
>> It would run through to reboot, as soon a I typed
>> in the administrators password, the fail pop up screen arrived.
>>
>> I found the quick launch bar.
>>
>>
>> >> If you *must* do a system restore, I suggest performing it in Safe
>> >> Mode.
>> >> Doing it in Safe Mode has a greater chance that it will succeed.
>> >> Dave
>> >> http://www.claymania.com/removal-trojan-adware.html
>> >> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>>
>>
>>
 
Re: Can Zlob be removed by using a restore point?

From: "rod" <pookiethai@NOSPAMiprimus.com.au>


| Thank you for your continued support.

| Look, I honestly don't know how it occurred,
| but my computer seems stable and there have been no further
| pop up screens, I feel I have actually nailed the bugger.

| I used Rootkit revealer, unhackme, hijack this, along with others,
| and pcbutts , I followed the advice to the letter and it seems shot.

| The only thing I feel left to do, is to follow "Spycachers" advice
| and cleanse my "restore folder" and make a new restore point.

| Thanks to everybody, this thing is a real nasty, AFAIK I got it when
| executing a Codec exe, for a supposed clip upgrade.
| I wont be going anywhere near those again thank you.

| You fellas (and lady) do a great job.
| Rodney


The fact that you could NOT perform a restoration from a system Restore point even in Safe
mode and the fact that you still note problems goes back to what I previously posted.
That is post to an Expert Forum or wipe the PC and reinstall the OS.

As for Butts software. It is plagiarized and stitched software that uses simple
constructs to delete files and registry entries. Its ability to remove malware that
integrates malware into the OS is poor at best. Since it is plagiarized Butts has no
comprehension of its abilities and disabilities. If you allow it to install a etc/hosts
file it will also BLOCK legitimate anti malware sites.

I'll post this one last time in case you are willing to work at removing the malware and
in fixing any problems created by the malware.


Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Then post the contents of the HJT log in your post in one of the below expert forums...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13





--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Re: Can Zlob be removed by using a restore point?

Thanks David, understood.


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23pv2gnQGJHA.1456@TK2MSFTNGP03.phx.gbl...
> From: "rod" <pookiethai@NOSPAMiprimus.com.au>
> The fact that you could NOT perform a restoration from a system Restore
> point even in Safe
> mode and the fact that you still note problems goes back to what I
> previously posted.
> That is post to an Expert Forum or wipe the PC and reinstall the OS.
 
Re: Can Zlob be removed by using a restore point?

rod wrote:
>
you cant remove trojans/viruses using system restore
 
Re: Can Zlob be removed by using a restore point?

OK. thanks


"Plato" <|@|.|> wrote in message
news:48d47d47$0$85713$bb4e3ad8@newscene.com...
> rod wrote:
>>
> you cant remove trojans/viruses using system restore
>
>
 
Re: Can Zlob be removed by using a restore point?

From: "Plato" <|@|.|>

| rod wrote:

| you cant remove trojans/viruses using system restore


That is a misleading statement.

It is not a black and white issue. There are greay areas.

While there are some viruses like Parite and Virut that can not be removed via a
restoration from a System Restore point, there are others such as email borne viruses that
can.

Likewise with trojans.
A RootKit or strongly embedded one can not be removed via a restoration from a System
Restore point, but a simple Dialer or BHO can.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Re: Can Zlob be removed by using a restore point?

On Sat, 20 Sep 2008 18:52:37 +0800, "rod"
<pookiethai@NOSPAMiprimus.com.au> wrote:

>OK. thanks
>
>
>"Plato" <|@|.|> wrote in message
>news:48d47d47$0$85713$bb4e3ad8@newscene.com...
>> rod wrote:
>>>
>> you cant remove trojans/viruses using system restore
>>
>>
>

Yes you can! Any files will not be deleted BUT the crap that autoloads
it **will**l be gone. The virus/trojan will not be active and will not
reinitialise. You can then delete their files.
--

Cheers,

DrT

** Stress - the condition brought about by having to
** resist the temptation to beat the living daylights
** out of someone who richly deserves it.
 
Re: Can Zlob be removed by using a restore point?

David H. Lipman wrote:
> From: "Plato" <|@|.|>
>
> | rod wrote:
>
> | you cant remove trojans/viruses using system restore
>
>
> That is a misleading statement.
>
> It is not a black and white issue. There are greay areas.
>
> While there are some viruses like Parite and Virut that can not be removed via a
> restoration from a System Restore point, there are others such as email borne viruses that
> can.
>
> Likewise with trojans.
> A RootKit or strongly embedded one can not be removed via a restoration from a System
> Restore point, but a simple Dialer or BHO can.
>

First thing I do when cleaning an XP box is to disable system restore to
flush out anything that might be lurking there.

Alias
 
Re: Can Zlob be removed by using a restore point?

On Sat, 20 Sep 2008 14:28:17 +0200, Alias <iamalias@REMOVEgmail.com>
wrote:

>First thing I do when cleaning an XP box is to disable system restore to
>flush out anything that might be lurking there.

Why? Nothing can get out unless you let it.
--

Cheers,

DrT

** Stress - the condition brought about by having to
** resist the temptation to beat the living daylights
** out of someone who richly deserves it.
 
Re: Can Zlob be removed by using a restore point?

From: "Alias" <iamalias@REMOVEgmail.com>


| First thing I do when cleaning an XP box is to disable system restore to
| flush out anything that might be lurking there.

| Alias

I used to recommend that approach.

However, through communication with peers and experience, I no longer suggest this as a
first approach.

The reason is the System Restore is a valuable fall-back position.

If you remove malware and the OS becomes unstable or somehow corrupted, you can restore
the PC to its previous (albeit infected) condition and then change the motive operandi in
cleaning the system. After thorough examination and cleansing of the PC and you are
greatly assured the system is clean and operating in a stable manner, then dump the System
Restore cache. Reboot re-enable and then create a clean new restore point.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Re: Can Zlob be removed by using a restore point?

DrTeeth wrote:
> On Sat, 20 Sep 2008 14:28:17 +0200, Alias <iamalias@REMOVEgmail.com>
> wrote:
>
>> First thing I do when cleaning an XP box is to disable system restore to
>> flush out anything that might be lurking there.
>
> Why? Nothing can get out unless you let it.

Yeah, sure, keep telling yourself that.

Alias
 
Re: Can Zlob be removed by using a restore point?

David H. Lipman wrote:
> From: "Alias" <iamalias@REMOVEgmail.com>
>
>
> | First thing I do when cleaning an XP box is to disable system restore to
> | flush out anything that might be lurking there.
>
> | Alias
>
> I used to recommend that approach.
>
> However, through communication with peers and experience, I no longer suggest this as a
> first approach.
>
> The reason is the System Restore is a valuable fall-back position.
>
> If you remove malware and the OS becomes unstable or somehow corrupted, you can restore
> the PC to its previous (albeit infected) condition and then change the motive operandi in
> cleaning the system. After thorough examination and cleansing of the PC and you are
> greatly assured the system is clean and operating in a stable manner, then dump the System
> Restore cache. Reboot re-enable and then create a clean new restore point.
>

If it gets to that point, I stop chasing ghosts and reinstall XP.

Alias
 
Re: Can Zlob be removed by using a restore point?

On Sat, 20 Sep 2008 15:07:56 +0200, just as I was about to take a
herb,Alias <iamalias@REMOVEgmail.com> disturbed my reverie and wrote:

>Yeah, sure, keep telling yourself that.

Instead of being sarcastic and infantile, why not post a like so that
I can be proven wrong and actually learn something?
--

Cheers,

DrT

** Stress - the condition brought about by having to
** resist the temptation to beat the living daylights
** out of someone who richly deserves it.
 
Re: Can Zlob be removed by using a restore point?

David H. Lipman wrote:
> From: "Alias" <iamalias@REMOVEgmail.com>
>
> | If it gets to that point, I stop chasing ghosts and reinstall XP.
>
> | Alias
>
> Well there is always the Cost-Benefit Analysis (CBA).
>
> However, the point is...
> Dumping the System restore cache should be the last item on the list, not the first.
>

Right. That way the blue meanies can keep raising their ugly heads out
of SR even though you've nuked them in Normal, Safe Mode or a boot scan.

Alias
 
Re: Can Zlob be removed by using a restore point?

DrTeeth wrote:
> On Sat, 20 Sep 2008 15:07:56 +0200, just as I was about to take a
> herb,Alias <iamalias@REMOVEgmail.com> disturbed my reverie and wrote:
>
>> Yeah, sure, keep telling yourself that.
>
> Instead of being sarcastic and infantile, why not post a like so that
> I can be proven wrong and actually learn something?

How does one post "a like"?

You can take my word for it or not. I am not going to do your research
for you and I don't really care if you believe me or not.

Alias
 
Re: Can Zlob be removed by using a restore point?


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:uGibxSyGJHA.456@TK2MSFTNGP06.phx.gbl...
> From: "Alias" <iamalias@REMOVEgmail.com>
>
> | If it gets to that point, I stop chasing ghosts and reinstall XP.
>
> | Alias
>
> Well there is always the Cost-Benefit Analysis (CBA).
>
>

And that would be to restore from the last known good backup that would take
maybe an hour, (depending on machine specs of course).
 
Back
Top