Lost protection
-
- SilverLounger
- Posts: 2403
- Joined: 05 Feb 2010, 22:21
- Location: London ENGLAND
Lost protection
Hello. Vista Home Premium SP2.
I noticed that my Microsoft Security Essentials and the Security Centre weren't running. Then I found System Restore is disabled.
I ran Malware Anti-Malware Bytes and it found 3 items, Trojan and Spyware, and removed them.
Should I run any other anti-virus, spyware, etc. tool? How can I re-enable my protection please. Andy.
I noticed that my Microsoft Security Essentials and the Security Centre weren't running. Then I found System Restore is disabled.
I ran Malware Anti-Malware Bytes and it found 3 items, Trojan and Spyware, and removed them.
Should I run any other anti-virus, spyware, etc. tool? How can I re-enable my protection please. Andy.
"I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
-
- Administrator
- Posts: 12628
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Lost protection
If this happened to me then I would restore a backup from before the infection, but I guess that isn't an option for you.
Make sure you have the latest signature files for Malware Anti-Malware and run it again.
Then reinstall Microsoft Security Essentials and set it to do a full scan.
(I have moved this thread from the Windows Vista forum to the Security and Backup forum)
Make sure you have the latest signature files for Malware Anti-Malware and run it again.
Then reinstall Microsoft Security Essentials and set it to do a full scan.
(I have moved this thread from the Windows Vista forum to the Security and Backup forum)
StuartR
-
- Administrator
- Posts: 78608
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Lost protection
Assuming that you didn't turn off Microsoft Security Essentials yourself, it was probably done by the malware. This can only happen if you accidentally allowed it to - did you notice any unusual message box or dialog while browsing?
To enable System Restore:
- Select Start | Control Panel.
- Click System and Maintenance.
- Click System.
- Click System Protection.
- Tick the check box for your system disk (probably C:).
- Click OK.
To enable System Restore:
- Select Start | Control Panel.
- Click System and Maintenance.
- Click System.
- Click System Protection.
- Tick the check box for your system disk (probably C:).
- Click OK.
Best wishes,
Hans
Hans
-
- 5StarLounger
- Posts: 1021
- Joined: 23 Jan 2011, 01:52
- Location: Witness Protection Program.
Re: Lost protection
You could get http://www.superantispyware.com/portablescanner.html by downloading from a clean PC, then run it from a USB or disk.agibsonsw wrote: Should I run any other anti-virus, spyware, etc. tool? How can I re-enable my protection please. Andy.
Windows 11 Home 22H2
Regards,
George.
-
- SilverLounger
- Posts: 2403
- Joined: 05 Feb 2010, 22:21
- Location: London ENGLAND
Re: Lost protection
Thanks both.
I got system restore back and was able to restore to an earlier point. I had to re-install the anti-malware and when I ran it again it found one of the items from the three it found earlier. I then updated and ran Security Essentials without issue.
I used quick scans but I'll run full scans overnight - the Bytes anti-malware takes a couple of hours as I recall.
I should download that superanti-whatsit and keep it on a pen for 'emergencies', but I should update it regularly as well. Thanks again. Andy.
I got system restore back and was able to restore to an earlier point. I had to re-install the anti-malware and when I ran it again it found one of the items from the three it found earlier. I then updated and ran Security Essentials without issue.
I used quick scans but I'll run full scans overnight - the Bytes anti-malware takes a couple of hours as I recall.
I should download that superanti-whatsit and keep it on a pen for 'emergencies', but I should update it regularly as well. Thanks again. Andy.
"I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
-
- 5StarLounger
- Posts: 1021
- Joined: 23 Jan 2011, 01:52
- Location: Witness Protection Program.
Re: Lost protection
If I know my PC is clean, I D/L SAS portable weekly.
Windows 11 Home 22H2
Regards,
George.
-
- 5StarLounger
- Posts: 1015
- Joined: 24 Jan 2010, 15:45
- Location: Ohio, U.S.A.
Re: Lost protection
I was introduced to running my AV/AM in safe mode if an infection had been found and the techie who introduced me to it cited this little snippet from CNET as to the reasoning behind it. Since you plan to run full scans tonight, then might I suggest running them in Safe Mode. I had 2 different 'puters which had showed evidence of trojans; were quarantined then removed; scans showed CLEAN; when we ran the AV/AM in Safe Mode there were still traces left. So I disabled System Restore Points, ran AV/AM again and since all turned up clean, I then reactivated System Restore, if that makes any sense.agibsonsw wrote:Thanks both.
I got system restore back and was able to restore to an earlier point. I had to re-install the anti-malware and when I ran it again it found one of the items from the three it found earlier. I then updated and ran Security Essentials without issue.
I used quick scans but I'll run full scans overnight - the Bytes anti-malware takes a couple of hours as I recall.
I should download that superanti-whatsit and keep it on a pen for 'emergencies', but I should update it regularly as well. Thanks again. Andy.
You do not have the required permissions to view the files attached to this post.
♫...Take a sad song and make it better . . .♫ |
-
- 5StarLounger
- Posts: 1021
- Joined: 23 Jan 2011, 01:52
- Location: Witness Protection Program.
Re: Lost protection
Hi Hey Jude, your correct, restore points can get infected, thats why mine is disabled and I only use Acronis.Hey Jude wrote:agibsonsw wrote: So I disabled System Restore Points, ran AV/AM again and since all turned up clean, I then reactivated System Restore, if that makes any sense.
Windows 11 Home 22H2
Regards,
George.
-
- 5StarLounger
- Posts: 1015
- Joined: 24 Jan 2010, 15:45
- Location: Ohio, U.S.A.
Re: Lost protection
Experience is a great teacher
Lots of nasties can hide in those points...my boss thanked me ♫...Take a sad song and make it better . . .♫ |
-
- GoldLounger
- Posts: 3081
- Joined: 24 Jan 2010, 19:07
Re: Lost protection
For those using and relying on SR; I would just like to remind that it sometimes can be a very good idea to wait with purging the RPs, turning off & on SR, until after an AV scan & removal. If there happens to be anything infected in the RPs, they are not going to re-infect the PC, only if one use an infected RP (and the virus was operational when the RP was created).
But in Andy's case SR was already disabled, so that was a different situation. (Though I don't understand: "I got system restore back and was able to restore to an earlier point." since all RPs are deleted when it gets disabled.)
As for using Safe Mode; it can be a very good idea to try that before one needs it; i.e. running Windows in Safe Mode, and also running a scan in Safe Mode. Not all AV software works the same in Safe Mode; for example AVG is limited to command line use. Having to learn new things is the last thing one wants when dealing with malware.
Also, if working in Safe Mode, and using the above mentioned "safety net", SR, restoring the PC to a previous RP if something went wrong during scan & removal, remember: it will not automatically create an undo-RP, as it does in Normal Mode.
But in Andy's case SR was already disabled, so that was a different situation. (Though I don't understand: "I got system restore back and was able to restore to an earlier point." since all RPs are deleted when it gets disabled.)
As for using Safe Mode; it can be a very good idea to try that before one needs it; i.e. running Windows in Safe Mode, and also running a scan in Safe Mode. Not all AV software works the same in Safe Mode; for example AVG is limited to command line use. Having to learn new things is the last thing one wants when dealing with malware.
Also, if working in Safe Mode, and using the above mentioned "safety net", SR, restoring the PC to a previous RP if something went wrong during scan & removal, remember: it will not automatically create an undo-RP, as it does in Normal Mode.
Byelingual When you speak two languages but start losing vocabulary in both of them.
-
- Administrator
- Posts: 78608
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Lost protection
If malware disables the system restore service, that doesn't necessarily delete all restore points.Argus wrote:(Though I don't understand: "I got system restore back and was able to restore to an earlier point." since all RPs are deleted when it gets disabled.)
Best wishes,
Hans
Hans
-
- SilverLounger
- Posts: 2403
- Joined: 05 Feb 2010, 22:21
- Location: London ENGLAND
Re: Lost protection
Hello.
I'll disable system restore and switch to safe mode to run the AV/AM again.
I've lost my trial version of Dreamweaver CS5 (although huge folders are still present - but I can't see an install.exe?). Hopefully Adobe will let me download it again.
Thanks, Andy.
I'll disable system restore and switch to safe mode to run the AV/AM again.
I've lost my trial version of Dreamweaver CS5 (although huge folders are still present - but I can't see an install.exe?). Hopefully Adobe will let me download it again.
Thanks, Andy.
"I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
-
- 5StarLounger
- Posts: 1015
- Joined: 24 Jan 2010, 15:45
- Location: Ohio, U.S.A.
Re: Lost protection
agibsonsw wrote: I've lost my trial version of Dreamweaver CS5 (although huge folders are still present - but I can't see an install.exe?). Hopefully Adobe will let me download it again.
Do you find this D/L file "Adobe_Dreamweaver_CS5-AkamaiDLM.exe" I just registered to find out the install file name
I found this on FAQ "Can I extend the trial period longer than 30 days?
Unfortunately, you may not extend a trial version once it expires at the end of 30 days, nor can you install another copy of the same trial version onto the same computer to try again.
Andy's AV/AM is MSE and not AVG so this is not a valid argument in this case. I am one who analytically explores possibilities for resolution; and have spent considerable time acquainting myself with using Safe Mode and the other Boot options to mitigate should the need arise. Point well takenArgus wrote:
As for using Safe Mode; it can be a very good idea to try that before one needs it; i.e. running Windows in Safe Mode, and also running a scan in Safe Mode. Not all AV software works the same in Safe Mode; for example AVG is limited to command line use. Having to learn new things is the last thing one wants when dealing with malware.
Mitigation of malware issues is akin to having a flat spare tire. It's great knowing you have one available, but if you don't know how to retrieve and put it on, it will do you no good. Keeping your definitions and programs up-to-date will provide positive 'puter time.
Since you chose to define using Safe Mode and RP as a "safety net" then my "safety net" is creating back-up system images on my EHH as opposed to relying upon SM and RP. (I'd love to hear why "safety net" has a negative connotation.) However, one will discover that well-respected members of this forum as well as other well-known forums are strong advocates of using SR and launching SM to try to find resolution before taking the more drastic step of Reformation to factory settings.Argus wrote:Also, if working in Safe Mode, and using the above mentioned "safety net"
Whatever your express opinions might be , what works for one will not always work for another. We are all at different stages of computing proficiency; otherwise the questions and response would be, "one size fits all" so-to-speak
♫...Take a sad song and make it better . . .♫ |
-
- GoldLounger
- Posts: 3081
- Joined: 24 Jan 2010, 19:07
Re: Lost protection
Oh, I know that Hey Jude, I do read the posts; it was a general remark, as some of you did give general comments on how to handle SR when seeing an infection.Hey Jude wrote:Andy's AV/AM is MSE and not AVG so this is not a valid argument in this case.
And I said "Not all AV software works the same in Safe Mode", and then just gave one example; perhaps I shouldn't have done that (since that part opened for nitpicking).
I do not understand this: "'why safety net' has a negative connotation"; I didn't say that, nor did I imply that or anything.Hey Jude wrote:Since you chose to define using Safe Mode and RP as a "safety net" then my "safety net" is creating back-up system images on my EHH as opposed to relying upon SM and RP. (I'd love to hear why "safety net" has a negative connotation.)Argus wrote:Also, if working in Safe Mode, and using the above mentioned "safety net"
I just wanted to point out that, since I happen to know a thing or two about SR, it doesn't create undo-RPs when in Safe Mode (or if using the Command Prompt), that's all.
And if using my suggestion above that comment, in the first paragraph - that it could be a good idea waiting with purging RPs – (that’s the safety net) and working in Safe Mode when something goes wrong during a removal, then one should know that SR doesn't automatically create an undo-RP. So in fact, my suggestion has nothing negative implied; I just expanded the discussion at the end; if you do that, remember this.
I'm not interested in this thread, I don't think the OP is either, how different people set up their "safety nets"; it was just an expression to link my first paragraph to the last.Hey Jude wrote: Whatever your express opinions might be , what works for one will not always work for another. We are all at different stages of computing proficiency; otherwise the questions and response would be, "one size fits all" so-to-speak
And finally, backup images can also get infected. Now, with this I do not say that one shouldn't use SR (I do), nor do I say that one shouldn't use backups (I do).
Byelingual When you speak two languages but start losing vocabulary in both of them.
-
- GoldLounger
- Posts: 3081
- Joined: 24 Jan 2010, 19:07
Re: Lost protection
Possible, anything can happen. But if you stop System restore service you will not see any RPs.HansV wrote:If malware disables the system restore service, that doesn't necessarily delete all restore points.Argus wrote:(Though I don't understand: "I got system restore back and was able to restore to an earlier point." since all RPs are deleted when it gets disabled.)
Byelingual When you speak two languages but start losing vocabulary in both of them.