Tech Support Guy banner
Cancel

system restore cannot protect your computer

Jump to Latest Follow
Status
Not open for further replies.
1 - 8 of 8 Posts
O

· Registered
Joined
·
10 Posts
Discussion Starter · #1 ·
System info: Dell dimension 2800 cpu 2.4ghz, 512ram, win xp sp2, currently running norton antivirus and etrust pest patrol.
Here's the story, (I will try to make it short).
Just about 5 days ago my son downloaded what he thought was a game hack for some stupid game he plays online
(you can immagine what I had to go through to pull the truth out of him...) needless to say we discovered it was a virus:
BKDR_SDBOT.BN.
This stupid virus was not cought by any of the above mentioned (norton/pest patrol). I had to manually remove some entries
from the registry and run a online scanner from trend micro.
Anyway we finally get rid of the stupid f. but now I have a problem. When I try to open system restore this will happen:


Any idea what's going on? i would like to have my system restore back!
ps: when i go in the system properties menu and click system restore option it says the system restore is monitoring the drives! help
 
O

· Registered
Joined
·
10 Posts
Discussion Starter · #3 ·
Usually I do this - Start > All programs > Accessories > System tools > System Restore.

But I also tried going into the control panel, then performance and maintenance, then click on 'System restore' in the left pane.
the result is the same
 
J

· Registered
Joined
·
1,959 Posts
#4 ·
Check the registry values that enable/disable System Restore

An alternative to the usual method of enabling and disabling Windows XP's System Restore feature is to use the registry. To use this alternative, perform the following steps: Start the registry editor (regedit.exe).

Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore.
If a "DisableSR" value doesn't exist, go to the Edit menu, select New, DWORD value, and create the value.
Set the value to 1 to disable System Restore or 0 to enable System Restore.

Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr to prevent the System Restore service from starting.
Double-click D_WORD Start, and set the value to 4 to stop the service from starting or to 0 for normal startup. Close the registry editor.

Reference: http://www.kellys-korner-xp.com/xp_restore.htm
 
O

· Registered
Joined
·
10 Posts
Discussion Starter · #5 ·
tanx for answering me jack, i looked the registry values and everything check out.
so for now i'm screwed.
i've took advice from somebody us and they told me:
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Make sure the Service is being started:
Procedure 1:
Click Start, click Control Panel.
On the left hand side of control Panel, click Switch to Classic View.
Double click Administrative Tools, and double click Services.
-In the right pane, find the entry for System Restore Service.
Right click System Restore Service, click on Properties.
Under the General Tab, make sure that "Startup Type" is set to (Automatic).
Click the Log On tab, click Local System account, and then click OK.
Once that is done, close all open Windows and reboot the system.
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
it sounde great exept for the fact that the entry for system restore services....
does not exist in my Administrative Tools!
my only other question is :
is there a way to search for the files that system restore saved and install them without system restore?
in other words when i creted restore points before this happened the system restore put them somewhere .how do i find them and how do i restore them?
do i make any sense?
 
valis

· Super Moderator
Joined
·
80,181 Posts
#6 ·
if you are infected, it is quite possible that whatever got you infected is disabling your abilty to restore to a new point, as well as hiding itself from your current av. I would recommend posting a hjt log. As follows:

Please do this:

· Click here to download HJTsetup.exe
· Save HJTsetup.exe to your desktop.
· Doubleclick on the HJTsetup.exe icon on your desktop.
· By default it will install to C:\Program Files\Hijack This.
· Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
· Put a check by Create a desktop icon then click Next again.
· Continue to follow the rest of the prompts from there.
· At the final dialogue box click Finish and it will launch Hijack This.
· Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
· Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
· Come back here to this thread and Paste the log in your next reply.
· DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Be patient and a security expert will be along to assist you with this shortly. They can be identified by the gold badge next to their name.
 
Save Share
bicycle bill

· Banned
Joined
·
2,118 Posts
#7 ·
ozne64 said:
System info: Dell dimension 2800 cpu 2.4ghz, 512ram, win xp sp2, currently running norton antivirus and etrust pest patrol.
Here's the story, (I will try to make it short).
Just about 5 days ago my son downloaded what he thought was a game hack for some stupid game he plays online
(you can immagine what I had to go through to pull the truth out of him...) needless to say we discovered it was a virus:
BKDR_SDBOT.BN.
This stupid virus was not cought by any of the above mentioned (norton/pest patrol). I had to manually remove some entries
from the registry and run a online scanner from trend micro.
Anyway we finally get rid of the stupid f. but now I have a problem. When I try to open system restore this will happen:


Any idea what's going on? i would like to have my system restore back!
ps: when i go in the system properties menu and click system restore option it says the system restore is monitoring the drives! help
Click to expand...
This worked for a poster at another forum.

Then try doing a search for sr.inf and when found, right click it and select "Install" You may be asked for the XP install disk.
 
dvk01

· Retired Moderator Retired Malware Specialist
Joined
·
56,593 Posts
First Name -
Derek
#8 ·
1 - 8 of 8 Posts
Status
Not open for further replies.
About this Discussion
7 Replies
6 Participants
Last post:
dvk01
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top