Lost protection

[agibsonsw]

Hello. Vista Home Premium SP2.

I noticed that my Microsoft Security Essentials and the Security Centre weren't running. Then I found System Restore is disabled.

I ran Malware Anti-Malware Bytes and it found 3 items, Trojan and Spyware, and removed them.

Should I run any other anti-virus, spyware, etc. tool? How can I re-enable my protection please. Andy.

[StuartR]

If this happened to me then I would restore a backup from before the infection, but I guess that isn't an option for you.

Make sure you have the latest signature files for Malware Anti-Malware and run it again.
Then reinstall Microsoft Security Essentials and set it to do a full scan.

(I have moved this thread from the Windows Vista forum to the Security and Backup forum)

[HansV]

Assuming that you didn't turn off Microsoft Security Essentials yourself, it was probably done by the malware. This can only happen if you accidentally allowed it to - did you notice any unusual message box or dialog while browsing?

To enable System Restore:
- Select Start | Control Panel.
- Click System and Maintenance.
- Click System.
- Click System Protection.
- Tick the check box for your system disk (probably C:).
- Click OK.

[Roderunner]

Should I run any other anti-virus, spyware, etc. tool? How can I re-enable my protection please. Andy.

You could get http://www.superantispyware.com/portablescanner.html by downloading from a clean PC, then run it from a USB or disk.

[agibsonsw]

Thanks both.
I got system restore back and was able to restore to an earlier point. I had to re-install the anti-malware and when I ran it again it found one of the items from the three it found earlier. I then updated and ran Security Essentials without issue.
I used quick scans but I'll run full scans overnight - the Bytes anti-malware takes a couple of hours as I recall.
I should download that superanti-whatsit and keep it on a pen for 'emergencies', but I should update it regularly as well. Thanks again. Andy.

[Roderunner]

If I know my PC is clean, I D/L SAS portable weekly.

[Hey Jude]

Thanks both.
I got system restore back and was able to restore to an earlier point. I had to re-install the anti-malware and when I ran it again it found one of the items from the three it found earlier. I then updated and ran Security Essentials without issue.
I used quick scans but I'll run full scans overnight - the Bytes anti-malware takes a couple of hours as I recall.
I should download that superanti-whatsit and keep it on a pen for 'emergencies', but I should update it regularly as well. Thanks again. Andy.

I was introduced to running my AV/AM in safe mode if an infection had been found and the techie who introduced me to it cited this little snippet from CNET as to the reasoning behind it.

using safe mode to run AV AM.jpg

Since you plan to run full scans tonight, then might I suggest running them in Safe Mode. I had 2 different 'puters which had showed evidence of trojans; were quarantined then removed; scans showed CLEAN; when we ran the AV/AM in Safe Mode there were still traces left. So I disabled System Restore Points, ran AV/AM again and since all turned up clean, I then reactivated System Restore, if that makes any sense.

[Roderunner]

So I disabled System Restore Points, ran AV/AM again and since all turned up clean, I then reactivated System Restore, if that makes any sense.

Hi Hey Jude, your correct, restore points can get infected, thats why mine is disabled and I only use Acronis.

[Hey Jude]

Experience is a great teacher

Lots of nasties can hide in those points...my boss thanked me

[Argus]

For those using and relying on SR; I would just like to remind that it sometimes can be a very good idea to wait with purging the RPs, turning off & on SR, until after an AV scan & removal. If there happens to be anything infected in the RPs, they are not going to re-infect the PC, only if one use an infected RP (and the virus was operational when the RP was created).

But in Andy's case SR was already disabled, so that was a different situation. (Though I don't understand: "I got system restore back and was able to restore to an earlier point." since all RPs are deleted when it gets disabled.)

As for using Safe Mode; it can be a very good idea to try that before one needs it; i.e. running Windows in Safe Mode, and also running a scan in Safe Mode. Not all AV software works the same in Safe Mode; for example AVG is limited to command line use. Having to learn new things is the last thing one wants when dealing with malware.

Also, if working in Safe Mode, and using the above mentioned "safety net", SR, restoring the PC to a previous RP if something went wrong during scan & removal, remember: it will not automatically create an undo-RP, as it does in Normal Mode.

[HansV]

(Though I don't understand: "I got system restore back and was able to restore to an earlier point." since all RPs are deleted when it gets disabled.)

If malware disables the system restore service, that doesn't necessarily delete all restore points.

[agibsonsw]

Hello.

I'll disable system restore and switch to safe mode to run the AV/AM again.
I've lost my trial version of Dreamweaver CS5 (although huge folders are still present - but I can't see an install.exe?). Hopefully Adobe will let me download it again.
Thanks, Andy.

[Hey Jude]

I've lost my trial version of Dreamweaver CS5 (although huge folders are still present - but I can't see an install.exe?). Hopefully Adobe will let me download it again.

Do you find this D/L file "Adobe_Dreamweaver_CS5-AkamaiDLM.exe" I just registered to find out the install file name

I found this on FAQ "Can I extend the trial period longer than 30 days?

Unfortunately, you may not extend a trial version once it expires at the end of 30 days, nor can you install another copy of the same trial version onto the same computer to try again.

As for using Safe Mode; it can be a very good idea to try that before one needs it; i.e. running Windows in Safe Mode, and also running a scan in Safe Mode. Not all AV software works the same in Safe Mode; for example AVG is limited to command line use. Having to learn new things is the last thing one wants when dealing with malware.

Andy's AV/AM is MSE and not AVG so this is not a valid argument in this case. I am one who analytically explores possibilities for resolution; and have spent considerable time acquainting myself with using Safe Mode and the other Boot options to mitigate should the need arise. Point well taken
Mitigation of malware issues is akin to having a flat spare tire. It's great knowing you have one available, but if you don't know how to retrieve and put it on, it will do you no good. Keeping your definitions and programs up-to-date will provide positive 'puter time.

Also, if working in Safe Mode, and using the above mentioned "safety net"

Since you chose to define using Safe Mode and RP as a "safety net" then my "safety net" is creating back-up system images on my EHH as opposed to relying upon SM and RP. (I'd love to hear why "safety net" has a negative connotation.) However, one will discover that well-respected members of this forum as well as other well-known forums are strong advocates of using SR and launching SM to try to find resolution before taking the more drastic step of Reformation to factory settings.

Whatever your express opinions might be , what works for one will not always work for another. We are all at different stages of computing proficiency; otherwise the questions and response would be, "one size fits all" so-to-speak

[Argus]

Andy's AV/AM is MSE and not AVG so this is not a valid argument in this case.

Oh, I know that Hey Jude, I do read the posts; it was a general remark, as some of you did give general comments on how to handle SR when seeing an infection.

And I said "Not all AV software works the same in Safe Mode", and then just gave one example; perhaps I shouldn't have done that (since that part opened for nitpicking).

Also, if working in Safe Mode, and using the above mentioned "safety net"

Since you chose to define using Safe Mode and RP as a "safety net" then my "safety net" is creating back-up system images on my EHH as opposed to relying upon SM and RP. (I'd love to hear why "safety net" has a negative connotation.)

I do not understand this: "'why safety net' has a negative connotation"; I didn't say that, nor did I imply that or anything.

I just wanted to point out that, since I happen to know a thing or two about SR, it doesn't create undo-RPs when in Safe Mode (or if using the Command Prompt), that's all.

And if using my suggestion above that comment, in the first paragraph - that it could be a good idea waiting with purging RPs – (that’s the safety net) and working in Safe Mode when something goes wrong during a removal, then one should know that SR doesn't automatically create an undo-RP. So in fact, my suggestion has nothing negative implied; I just expanded the discussion at the end; if you do that, remember this.

Whatever your express opinions might be , what works for one will not always work for another. We are all at different stages of computing proficiency; otherwise the questions and response would be, "one size fits all" so-to-speak

I'm not interested in this thread, I don't think the OP is either, how different people set up their "safety nets"; it was just an expression to link my first paragraph to the last.

And finally, backup images can also get infected. Now, with this I do not say that one shouldn't use SR (I do), nor do I say that one shouldn't use backups (I do).

[Argus]

(Though I don't understand: "I got system restore back and was able to restore to an earlier point." since all RPs are deleted when it gets disabled.)

If malware disables the system restore service, that doesn't necessarily delete all restore points.

Possible, anything can happen. But if you stop System restore service you will not see any RPs.