Repair Restore Function
Moderators: DllAdmin, DLLADMIN ONLY
Repair Restore Function
Windows XP Home, 2002 version, SP3
Recently I found a trojan on my machine and haver been working to make
sure it's entirely removed. One of the infected locations was in one of
the restore files. In the process, I found that I was unable to access
the System Restore function in System Properties. When I click the
System Restore, I get an error window named "Run a DLL as an App" that
tells me that it has encountered a problem and needs to close...etc.
When I looked into the location using my dual-booted Linux OS, I found
that the only restore point was the one that had contained the infection
which was subsequently quarantined by my AV program. Incidentally, my AV
program had initially missed it because it turned out to be a new
variant that wasn't in their virus db yet.
Questions...
1) how do I fix that error so I can use the restore function in the
future - I need a simple, step-by-step process since I'm not very
experienced in this kind of thing.
2) is it safe to simply delete that restore point from its location -
I'll probably do it from Linux since I'm not experienced enough to know
how to do admin things in safe mode.
Thanks!
Optiker
Recently I found a trojan on my machine and haver been working to make
sure it's entirely removed. One of the infected locations was in one of
the restore files. In the process, I found that I was unable to access
the System Restore function in System Properties. When I click the
System Restore, I get an error window named "Run a DLL as an App" that
tells me that it has encountered a problem and needs to close...etc.
When I looked into the location using my dual-booted Linux OS, I found
that the only restore point was the one that had contained the infection
which was subsequently quarantined by my AV program. Incidentally, my AV
program had initially missed it because it turned out to be a new
variant that wasn't in their virus db yet.
Questions...
1) how do I fix that error so I can use the restore function in the
future - I need a simple, step-by-step process since I'm not very
experienced in this kind of thing.
2) is it safe to simply delete that restore point from its location -
I'll probably do it from Linux since I'm not experienced enough to know
how to do admin things in safe mode.
Thanks!
Optiker
Re: Repair Restore Function
Optiker wrote:
> Windows XP Home, 2002 version, SP3
>
> Recently I found a trojan on my machine and haver been working to make
> sure it's entirely removed. One of the infected locations was in one of
> the restore files. In the process, I found that I was unable to access
> the System Restore function in System Properties. When I click the
> System Restore, I get an error window named "Run a DLL as an App" that
> tells me that it has encountered a problem and needs to close...etc.
> When I looked into the location using my dual-booted Linux OS, I found
> that the only restore point was the one that had contained the infection
> which was subsequently quarantined by my AV program. Incidentally, my AV
> program had initially missed it because it turned out to be a new
> variant that wasn't in their virus db yet.
>
> Questions...
>
> 1) how do I fix that error so I can use the restore function in the
> future - I need a simple, step-by-step process since I'm not very
> experienced in this kind of thing.
>
> 2) is it safe to simply delete that restore point from its location -
> I'll probably do it from Linux since I'm not experienced enough to know
> how to do admin things in safe mode.
You can't fix the error. If you are sure the computer is clean, disable
System Restore (Control Panel>System>System Restore) by unchecking the
monitoring and reboot. Now the old System Restore point(s) will be cleared
out. Now go back and enable System Restore again. Make a new, clean System
Restore Point if you like. If you are still unable to create a System
Restore Point then the malware damaged system files. Running the System
File Checker may fix it.
Start>Run>cmd [enter]
At the command prompt, type: sfc /scannow [enter]
No, you should not mess about with deleting system files from Linux.
Certainly if you feel you aren't experienced enough to work in Windows Safe
Mode, you shouldn't be trying to change things in Windows from Linux.
And of course, I assume that your Windows system really *is* clean and you
have determined that by doing scanning with more than just your antivirus
program. If you haven't, then it would be wise to do so.
http://www.elephantboycomputers.com/pag ... ng_Malware
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ
> Windows XP Home, 2002 version, SP3
>
> Recently I found a trojan on my machine and haver been working to make
> sure it's entirely removed. One of the infected locations was in one of
> the restore files. In the process, I found that I was unable to access
> the System Restore function in System Properties. When I click the
> System Restore, I get an error window named "Run a DLL as an App" that
> tells me that it has encountered a problem and needs to close...etc.
> When I looked into the location using my dual-booted Linux OS, I found
> that the only restore point was the one that had contained the infection
> which was subsequently quarantined by my AV program. Incidentally, my AV
> program had initially missed it because it turned out to be a new
> variant that wasn't in their virus db yet.
>
> Questions...
>
> 1) how do I fix that error so I can use the restore function in the
> future - I need a simple, step-by-step process since I'm not very
> experienced in this kind of thing.
>
> 2) is it safe to simply delete that restore point from its location -
> I'll probably do it from Linux since I'm not experienced enough to know
> how to do admin things in safe mode.
You can't fix the error. If you are sure the computer is clean, disable
System Restore (Control Panel>System>System Restore) by unchecking the
monitoring and reboot. Now the old System Restore point(s) will be cleared
out. Now go back and enable System Restore again. Make a new, clean System
Restore Point if you like. If you are still unable to create a System
Restore Point then the malware damaged system files. Running the System
File Checker may fix it.
Start>Run>cmd [enter]
At the command prompt, type: sfc /scannow [enter]
No, you should not mess about with deleting system files from Linux.
Certainly if you feel you aren't experienced enough to work in Windows Safe
Mode, you shouldn't be trying to change things in Windows from Linux.
And of course, I assume that your Windows system really *is* clean and you
have determined that by doing scanning with more than just your antivirus
program. If you haven't, then it would be wise to do so.
http://www.elephantboycomputers.com/pag ... ng_Malware
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ
Re: Repair Restore Function
Optiker wrote:
> Windows XP Home, 2002 version, SP3
>
> Recently I found a trojan on my machine and haver been working to make
.
.
.
.
.
Malke, Twayne...Gentlemen...thank you both! That sounds like something I
can do. As for my system, my AV program no longer picks anything up,
searching for the various files shows nothing, scanning the Registry
shows nothing. I've cleared temp files, caches, etc. and anything else
various replies on the grc.security forum suggested. At this point, it
appears to be clean. I'll do as y'all suggest.
Thanks again!
Optiker
> Windows XP Home, 2002 version, SP3
>
> Recently I found a trojan on my machine and haver been working to make
.
.
.
.
.
Malke, Twayne...Gentlemen...thank you both! That sounds like something I
can do. As for my system, my AV program no longer picks anything up,
searching for the various files shows nothing, scanning the Registry
shows nothing. I've cleared temp files, caches, etc. and anything else
various replies on the grc.security forum suggested. At this point, it
appears to be clean. I'll do as y'all suggest.
Thanks again!
Optiker
Re: Repair Restore Function
Malke wrote:
> You can't fix the error. If you are sure the computer is clean, disable
> System Restore (Control Panel>System>System Restore) by unchecking the
> monitoring and reboot. Now the old System Restore point(s) will be cleared
> out. Now go back and enable System Restore again. Make a new, clean System
> Restore Point if you like.
When I try to access the System Restore tab, I get an error window
entitled RUNDLL, with the message "An exception occurred while trying to
run "C:\windoes\system32\shell32.dll,Control_RunDLL
"C:\windows\system32\sysdm.cpl",system"
If you are still unable to create a System
> Restore Point then the malware damaged system files. Running the System
> File Checker may fix it.
>
> Start>Run>cmd [enter]
> At the command prompt, type: sfc /scannow [enter]
Did that, but it ran, then showed no results after running, and trying
to access the System Restore tab had the same result.
Comments?
Thanks!
Optiker
> You can't fix the error. If you are sure the computer is clean, disable
> System Restore (Control Panel>System>System Restore) by unchecking the
> monitoring and reboot. Now the old System Restore point(s) will be cleared
> out. Now go back and enable System Restore again. Make a new, clean System
> Restore Point if you like.
When I try to access the System Restore tab, I get an error window
entitled RUNDLL, with the message "An exception occurred while trying to
run "C:\windoes\system32\shell32.dll,Control_RunDLL
"C:\windows\system32\sysdm.cpl",system"
If you are still unable to create a System
> Restore Point then the malware damaged system files. Running the System
> File Checker may fix it.
>
> Start>Run>cmd [enter]
> At the command prompt, type: sfc /scannow [enter]
Did that, but it ran, then showed no results after running, and trying
to access the System Restore tab had the same result.
Comments?
Thanks!
Optiker
Re: Repair Restore Function
Optiker wrote:
> Malke, Twayne...Gentlemen...thank you both! That sounds like something I
> can do. As for my system, my AV program no longer picks anything up,
My mistake...can't do that after all. See my reply to Malke's first
reply. Can't access System Restore tab...RUNDLL error window.
Optiker
> Malke, Twayne...Gentlemen...thank you both! That sounds like something I
> can do. As for my system, my AV program no longer picks anything up,
My mistake...can't do that after all. See my reply to Malke's first
reply. Can't access System Restore tab...RUNDLL error window.
Optiker
Re: Repair Restore Function
Optiker wrote:
> Optiker wrote:
>
>> Malke, Twayne...Gentlemen...thank you both! That sounds like something I
>> can do. As for my system, my AV program no longer picks anything up,
>
> My mistake...can't do that after all. See my reply to Malke's first
> reply. Can't access System Restore tab...RUNDLL error window.
Then your system is still infected and/or too damaged. Either do more
thorough virus/malware scanning per the link I already gave you or back up
your data (you can do this from Linux) and do a clean install of Windows. I
don't think a Repair Install is going to help.
If you are dual-booting and put Grub in the MBR, then after you reinstall
Windows you'll need to repair Grub.
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ
> Optiker wrote:
>
>> Malke, Twayne...Gentlemen...thank you both! That sounds like something I
>> can do. As for my system, my AV program no longer picks anything up,
>
> My mistake...can't do that after all. See my reply to Malke's first
> reply. Can't access System Restore tab...RUNDLL error window.
Then your system is still infected and/or too damaged. Either do more
thorough virus/malware scanning per the link I already gave you or back up
your data (you can do this from Linux) and do a clean install of Windows. I
don't think a Repair Install is going to help.
If you are dual-booting and put Grub in the MBR, then after you reinstall
Windows you'll need to repair Grub.
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ
Re: Repair Restore Function
Malke wrote:
> Then your system is still infected and/or too damaged. Either do more
> thorough virus/malware scanning per the link I already gave you or back up
> your data (you can do this from Linux) and do a clean install of Windows. I
> don't think a Repair Install is going to help.
OK - will continue to scan using the link you gave. I'd sure like to
avoid a reinstall if possible.
> If you are dual-booting and put Grub in the MBR, then after you reinstall
> Windows you'll need to repair Grub.
Yup...understand that.
Thanks!
Optiker
> Then your system is still infected and/or too damaged. Either do more
> thorough virus/malware scanning per the link I already gave you or back up
> your data (you can do this from Linux) and do a clean install of Windows. I
> don't think a Repair Install is going to help.
OK - will continue to scan using the link you gave. I'd sure like to
avoid a reinstall if possible.
> If you are dual-booting and put Grub in the MBR, then after you reinstall
> Windows you'll need to repair Grub.
Yup...understand that.
Thanks!
Optiker
Re: Repair Restore Function
"Optiker" <optiker_crb@hotmail.com> wrote in message
news:OAN$$E%23$JHA.4496@TK2MSFTNGP02.phx.gbl
> Windows XP Home, 2002 version, SP3
>
> Recently I found a trojan on my machine and haver been working to make
> sure it's entirely removed. One of the infected locations was in one
> of the restore files. In the process, I found that I was unable to
> access the System Restore function in System Properties. When I click
> the System Restore, I get an error window named "Run a DLL as an App"
> that tells me that it has encountered a problem and needs to
> close...etc. When I looked into the location using my dual-booted
> Linux OS, I found that the only restore point was the one that had
> contained the infection which was subsequently quarantined by my AV
> program. Incidentally, my AV program had initially missed it because
> it turned out to be a new variant that wasn't in their virus db yet.
>
> Questions...
>
> 1) how do I fix that error so I can use the restore function in the
> future - I need a simple, step-by-step process since I'm not very
> experienced in this kind of thing.
>
> 2) is it safe to simply delete that restore point from its location -
> I'll probably do it from Linux since I'm not experienced enough to
> know how to do admin things in safe mode.
It would be, except it might screw things up if you try to do it from
Linux.
The thing to do is turn OFF System Restore Points; Restart; turn ON
System Restore Points. Then, all restore points will be gone and you
start collecting them anew.
It sounds like this addresses both issues above. If there is a
Restore Point you needed, then you'll have to turn to your
archives/backups instead.
HTH,
Twayne`
>
> Thanks!
> Optiker
news:OAN$$E%23$JHA.4496@TK2MSFTNGP02.phx.gbl
> Windows XP Home, 2002 version, SP3
>
> Recently I found a trojan on my machine and haver been working to make
> sure it's entirely removed. One of the infected locations was in one
> of the restore files. In the process, I found that I was unable to
> access the System Restore function in System Properties. When I click
> the System Restore, I get an error window named "Run a DLL as an App"
> that tells me that it has encountered a problem and needs to
> close...etc. When I looked into the location using my dual-booted
> Linux OS, I found that the only restore point was the one that had
> contained the infection which was subsequently quarantined by my AV
> program. Incidentally, my AV program had initially missed it because
> it turned out to be a new variant that wasn't in their virus db yet.
>
> Questions...
>
> 1) how do I fix that error so I can use the restore function in the
> future - I need a simple, step-by-step process since I'm not very
> experienced in this kind of thing.
>
> 2) is it safe to simply delete that restore point from its location -
> I'll probably do it from Linux since I'm not experienced enough to
> know how to do admin things in safe mode.
It would be, except it might screw things up if you try to do it from
Linux.
The thing to do is turn OFF System Restore Points; Restart; turn ON
System Restore Points. Then, all restore points will be gone and you
start collecting them anew.
It sounds like this addresses both issues above. If there is a
Restore Point you needed, then you'll have to turn to your
archives/backups instead.
HTH,
Twayne`
>
> Thanks!
> Optiker
-
- Posts: 117
- Joined: 01 Mar 2009, 00:00
Re: Repair Restore Function
Optiker wrote:
>> Malke, Twayne...Gentlemen...thank you both! That sounds like something I
>> can do. As for my system, my AV program no longer picks anything up,
>
> My mistake...can't do that after all. See my reply to Malke's first
> reply. Can't access System Restore tab...RUNDLL error window.
Then you have (much) more work to do.
NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!
1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwa ... fault.mspx
NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.
2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm
3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.
Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/pag ... ng_Malware
**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachines ... board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums as well.**
If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> Malke, Twayne...Gentlemen...thank you both! That sounds like something I
>> can do. As for my system, my AV program no longer picks anything up,
>
> My mistake...can't do that after all. See my reply to Malke's first
> reply. Can't access System Restore tab...RUNDLL error window.
Then you have (much) more work to do.
NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!
1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwa ... fault.mspx
NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.
2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm
3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.
Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/pag ... ng_Malware
**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachines ... board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums as well.**
If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002