is system restore enough?

what should i do? can anybody explain what really happens in system restore?

i found out that doing a system restore can remove the virus

after deleting all restore points and turning it off, i made a new restore point and run system restore. now i did a full computer scan and boot-time scan and the virus is not detected anymore.

should i worry? ???

Restore only replaces main system system files within windows so the virus/malware files may still be present on your system just not active

System Restore works a lot like the Undo command in Microsoft Word. You can use System Restore to remove any system changes that were made since the last time you remember your computer working correctly. System Restore does not affect your personal data files (such as Microsoft Word documents, browsing history, drawings, favorites, or e–mail) so you won’t lose changes made to these files.

Run Malwarebytes to see if any remain

Please download Malwarebytes’ Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[
]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

It’s a pity Malwarebytes’ Anti-Malware isn’t promoted more - I’m not sure I’d heard of it before coming here. It found what the others missed - and fixed my machine - including access to the Avast forum.

Check out what your fellow enthusiasts are downloading from PCWorld.com this week

  1. WinRAR 6. Windows XP Service Pack 2
  2. Ad-Aware 2008 Free 7. Any Video Converter Free Version
  3. Quake III: Arena 8. Online TV Player Basic
  4. Windows Movie Maker 9. HP USB Disk Storage Format Tool
  5. Spybot Search & Destroy

----------and this was with the ‘old’ data base installed with the program, as the malware would not let me update from the net.

Malwarebytes’ Anti-Malware 1.30
Database version: 1306
Windows 6.0.6001 Service Pack 1

9/11/2008 11:18:36 PM
mbam-log-2008-11-09 (23-18-36).txt

Scan type: Quick Scan
Objects scanned: 46310
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 8
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) → Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) → Bad: (“regedit.exe” “%1”) Good: (regedit.exe “%1”) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{f6a7ccb9-cdbf-4f92-810e-284f0785d6c0}\DhcpNameServer (Trojan.DNSChanger) → Data: 85.255.112.201;85.255.112.169 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{f6a7ccb9-cdbf-4f92-810e-284f0785d6c0}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.201;85.255.112.169 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces{f6a7ccb9-cdbf-4f92-810e-284f0785d6c0}\DhcpNameServer (Trojan.DNSChanger) → Data: 85.255.112.201;85.255.112.169 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces{f6a7ccb9-cdbf-4f92-810e-284f0785d6c0}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.201;85.255.112.169 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces{f6a7ccb9-cdbf-4f92-810e-284f0785d6c0}\DhcpNameServer (Trojan.DNSChanger) → Data: 85.255.112.201;85.255.112.169 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces{f6a7ccb9-cdbf-4f92-810e-284f0785d6c0}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.201;85.255.112.169 → Quarantined and deleted successfully.

Folders Infected:
C:\resycled (Trojan.DNSChanger) → Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\TDSScrrx.dll (Rootkit.Agent) → Delete on reboot.
C:\Windows\System32\TDSSdotf.dll (Rootkit.Agent) → Delete on reboot.
C:\Windows\System32\TDSSfopt.dll (Rootkit.Agent) → Delete on reboot.
C:\Windows\System32\TDSSntlv.dll (Rootkit.Agent) → Delete on reboot.
C:\Windows\System32\TDSSnyfn.log (Trojan.TDSS) → Delete on reboot.
C:\Windows\System32\TDSSrfpp.dll (Rootkit.Agent) → Delete on reboot.
C:\Windows\System32\TDSStmei.dll (Rootkit.Agent) → Delete on reboot.
C:\Windows\System32\drivers\TDSSnbcb.sys (Rootkit.Agent) → Delete on reboot.

:-X

You only need to browse these forums to see that it is actively being promoting here and no doubt on other such forums (along with many other tools). Now for the most part MBAM is promoted by word of mouth and now it is your turn to pass it on :smiley: :stuck_out_tongue:

Viral (excuse the pun) is the pest from of marketing not to mention the least expensive. For a prominently free product (donation and Pro version), there isn’t much in the way of funds for marketing ;D

I promoted it here …

http://thevistaforums.com/index.php?s=&showtopic=17588&view=findpost&p=306318

The Vista Forums ;D