Cannot enable system restore

Something has disabled my system restore and now whenever I try to enable system restore I get the error message system restore encountered a error when trying to enable system restore on one or more drives please restart your machine and try again I have disabled avast to play a game is my computer infected Please Help :frowning:

Check out this link, http://www.kellys-korner-xp.com/xp_tweaks.htm, item number 278.

Might be something to do with the trojans you recently removed.
http://support.microsoft.com/kb/302796/

That is likely, the Kellys-Korner tweak si a fix to enable it.

When I clicked on the link to kelly’s Korner and click on 278 I see some text on a white page I can’t download it :slight_smile:

Right click on the link and select default name b[/b] or name the prefix sysrestoreenable to whatever you want and Save Link As suggest you use the default save name. There are 2 reg files available. Locate the saved .reg files Double click on .reg files to use.

sysrestoreenable.reg= Enable

disablesystemrestore.reg = Undo

When I clicked on the link to kelly’s korner from DavidR’s reply I am getting the error message content encoding error because firfox thinks it uses a invalid or unsupported form of compression :slight_smile:

By ‘Left’ clicking it you are asking it to load and that will fail as you are effectively trying to run a registry merge that can only be run from your system.

Follow tednelly’s instructions (right click), hover your mouse pointer over the links and look at the status bar at the bottom of the browser window it will show the file name. There are two links on that line, you want the one on the left not the Undo one.

I cannot visit kelly’s korner I am getting the following error message
Content Encoding Error

The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression.

The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression.

* Please contact the website owners to inform them of this problem.

Save this into a .reg file and import it (double click it):


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"=dword:00000000
"DisableSR"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
"Type"=dword:00000002
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,72,00,2e,00,73,00,79,00,73,\
  00,00,00
"DisplayName"="System Restore Filter Driver"
"Group"="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters]
"FirstRun"=dword:00000000
"DontBackup"=dword:00000000
"MachineGuid"="{EAAFAEEC-4AFE-42BE-83D9-C12FDD4942A6}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Enum]
"0"="Root\\LEGACY_SR\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"=dword:00000000

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]

What version of FF are you using as I don’t get a problem in visiting kellys-korner ?

What is strange to me is that you have previously been able to get into kellys-korner ???

When I clicked on the link to kelly's Korner and click on 278 I see some text on a white page I can't download it

I am using firefox 3.0.1 yes I was able to visit the site before but not now I am able to visit other sites could my computer infected with spyware :slight_smile:

That is always a possibility as you were before, the consequence the disabling of system restore probably.

However, that error from firefox doesn’t conform from the usual way of blocking security based sited using the HOSTS file.

HOSTS file redirect - 127.0.0.1 check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there. http://en.wikipedia.org/wiki/Hosts_file

Have you not tried creating the .reg file as suggested by Tech ?

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

  1. SUPERantispyware On-Demand only in free version. Or Spyware Terminator Resident scanner (if you use this don’t install the toolbar or crawler or the anti-virus module). I suggest trying then in order as the order that represents the better detection and clean-up. Some elements of the programs might not work if you have an older OS like win9x or winME, this is namely the resident protection in SpywareTerminator.

I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

After adding the information to the registry System restore has been enabled
Thank you everyone for helping :slight_smile:

You’re welcome.

You’re welcome. Don’t forget the other steps to be sure your computer is clean :wink:

My problem is still not solved when I click on system restore from system tools I get the error message system restore is not able to protect your computer please restart your computer and then run system restore again but when I click on my computer>Properties it still shows system restore is monitoring all drives :o Is there a way of solving this problem I am thinking of formatting my computer :slight_smile:

If you haven’t rebooted after enabling system restore then it isn’t available despite the monitoring status.

You may also have to create a clean restore point, assuming your system is clean.

Create Clean Restore Point - Clear old Restore Points.

Now you are clear of infection create a clean System Restore point:

  1. Click Start, All Programs, Accessories, System tools, System Restore.
  2. In the pop-up that appears fill in the radio button to Create a Restore Point
  3. Click NEXT
  4. Enter a useful name that you will remember if you need to find this again (Clean Restore Point)
  5. Click CREATE

You now have a clean restore point, you should clear the old ones:

  1. Click Start, All Programs, Accessories, System tools, Disk Clean Up
  2. Click OK on the C: drive
  3. Click the More Options tab
  4. In the System Restore section click the Clean Up button

when I click on start>programs>accesories>system tools>system restore then I get the error message system restore is not able to protect your computer please restart your computer and run sytem restore again :o and when I try to disable system restore I get the error message system restore has encountered a error when disabling system restore on one or more drives ???