Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

File recovery after Worm Infection.

by Villa May 16, 2004 7:53AM PDT

My PC was recentely infested with the W32 misodene worm and on the process to eliminate the infection the file C:\WINDOW\Win32 was delete without turning off te System Restore Utility.
Now, I can't use the System Restore. Every time that I try to restore my PC, at the end of the process there is a following message: "System restore can't make any chage in you computer".
1st Q: Is there any possibility to recover this important file?.
2nd Q: Why the Syst. Rest. can't work properly
3nd Q: Is there a possibility of re-infection if I use the System Restore.
Hope u will help me. I'm so confussed!

Discussion is locked

3 Posts
- Collapse + Expand Details
- Collapse -
Re:File recovery after Worm Infection.
by David Chan May 16, 2004 9:27AM PDT

1st Q: Is there any possibility to recover this important file?.

To repair System Restore try this:
1. Insert the XP CD in the CD-ROM drive.
2. Start | Run (type the following):
rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf
3. Press OK.

3nd Q: Is there a possibility of re-infection if I use the System Restore.
Yes. The System Check Points will harbor viruses/trojans if they are already present in the system.
So if you have virus infection over aperiod then it is not advisable to use System Restore.

- Collapse -
Re:Re:File recovery after Worm Infection.
by xcks May 16, 2004 10:18AM PDT

I have to disagree, System Restore is not broken!
Your antivirus is protecting you from useing system restore.
DISABLE IT AND REMOVE THE VIRUS

- Collapse -
Re:File recovery after Worm Infection.
by xcks May 16, 2004 10:14AM PDT

You did not say what av program you are useing.

I am sorry to say but you have misread how to remove the worm. Step 1 says to DISABLE System restore.
Why? Because antivirus programs or tools cannot remove threats in the System Restore folder. You antivirus knows that the worm is still in there!

Keep things simple and ignore what you have already done. Just redo the 3 steps with system restore disabled, and when you are done recheck system restore to work again.
..........
To disable and re-enable system restore have a look at the pictures on this page. You'll do fine.
Please be fully aware that you have NOT removed the worm from your machine, because you did not disable system restore.

http://support.microsoft.com/support/kb/articles/Q263/4/55.ASP

This page has pictures & will help you with restore
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam

If you are not useing Norton just pretend your antivirus is called Norton and the instructions will still be the same just be sure to enable the SCAN ALL FILES with whatever Antivirus you are useing.

If you do not have these 5 tools for your XP you need to download and use each one "as is" at least once.

I highly recommend you use spybot a minimum of 6 times (after useing the computer normaly) and say 1 time per weeek after that. AdAware I personally use about every 3 days as my Internet activities are somewhat predictable. 3 of these tools would have fixed the worm automatically had they been run. Haveing them will save you problems in the future.

http://reviews.cnet.com/5208-6132-0.html?forumID=32&threadID=1313&start=0

Back to Windows Legacy OS forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info