Just recently (in the last month or so) I have had a couple computer brought to me that have been very badly infected with Spyware/Malware/Virus. What ever it was is unlike any I have ever seen. It changed all sorts of permissions on the registry to where when to try and do just about anything it comes back with the error that it won't all the action because of the effects it will have on the computer.
I am sure several others have come across this. First, does anyone know the name of this particular malware? Second, is there a cure that will fix what it did to the registry?
Lastly, in all my years for ding XP I have never had to do a System Restore. Can anyone give me a quick rundown?
Thanks!
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
If the System Restore still works(a lot of nasties can turn off windows utilities including system restore) then sometimes that is an option, if you go far back before the infection started, a clean restore point.
A lot of nasties these days, change pernissions so we can't really pinpoint what infection it is, until we see some logs.
Here's another link on System Restore if it helps:
System Restore FAQs.
http://www.5starsupport.co
Business Accounts
Answer for Membership
by: IndiGenusPosted on 2007-12-08 at 15:28:04ID: 20435495
As far as the infections go. The nastiest and most common ones I'm seeing out there right now are Vundo trojan, smitfraud, and other various backdoor trojans and bots. And yes, they are going right after permissions in the registry for access to things like Control Panel, regedit, Start->Run. This is for the pretty obvious reason that it makes it more difficult to fix things if you can't get to the "tools" you need.
A tool called SDFix will automatically restore permissions much of the time now (not always but most). It also removes many of the nasty bots and backdoors that are out there right now.
The next tool we are usually implementing is combofix nowadays. CF goes after several infections including Vundo and also offers very powerful scripting capabilities to do file/folder/driver deletion and reg edits all in one shot. Here is a good example including the use of these tools and Smitfraudfix.
http://www.experts-exchang
This was a pretty severely infection machine that without these tools and the knowledge to use them would have been very difficult to clean.
Here is a link to instructions on using System Restore.
http://www.microsoft.com/w
One point I want to make though since this is a malware discussion. Most times system restore won't solve malware issues. Could even make it worse as most of the time the restore points are infected too.