System Restore

Avast Free Antivirus / Premium Security
1

[b]I cannot go back to any prior month on System Restore.[b] ???

I also had to extract alot of system files, including regedit and wininit. This was addressed in a thread earlier today.

Any ideas on a virus affecting these files, as well as System Restore?I did a thorough scan, including archives, and all reports clean.

2

It could be a number of viruses, trying to stop you getting rid of them. Stop you deleting their entries in registry and stopping you ending the process in TaskManager, etc.

It is too difficult (and possibly wasted effort) to try and guess what a virus was after its removal.

System Restore is not IMO, as great a tool as MS make it out and I’m not alone thinking this.

SYSTEM RESTORE - Info - Troubleshooting There are many, many reasons why a System Restore may fail. For example, see "Why are previous restore points not working?" in the "Troubleshooting" section of this official Microsoft page: http://www.microsoft.com/technet/prodtechnol/winxppro/plan/faqsrwxp.mspx

There’s lots more on that page that’s worth reading too. Note especially the sections on “Does System Restore protect personal data files?” (the short answer: no); “What should I do if System Restore does not work?”; “Why are my restore points missing or deleted?”; “Why does the System Restore Wizard lockup?”; and so on. Just a few minutes on that page ought to convince just about anyone that System Restore is not intended for heavy-duty system protection!

More info:
http://www.kellys-korner-xp.com/xp_restore.htm
http://www.experts-exchange.com/Operating_Systems/WinME/Q_20718080.html
http://www.google.com/search?q=system+restore+fail

3

As said, it could be a number of viri, however it sounds like Trojan/Nettroj.

Troj/Nettroj-A is a configurable and extensible backdoor Trojan. Infected hosts form a decentralised network that can be controlled by a malicious user.

When first executed the Trojan modifies several registry entries and INI files to become resident on the system.

The system files Autoexec.bat, win.ini, system.ini, wininit.ini and winstart.bat are modified to start the Trojan.

You will find recovery instructions here at Sophos:
http://www.sophos.com/virusinfo/analyses/trojnettroja.html