If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
master ide controller
My Windows Me computer was hit with trojans. Removed all but one. It ended
up turning restore system back on and putting itself in folder. protected all the files and using goback, it changed the master ide controller. It also changed environments . I tried to run hp recovery cd's and am told i have no hard drive or loose cables. I want to be able to reinstall operating system as it renamed all the files in restore folder. i can use this computer but i have no control over it. Needless to say antivirus program will not work that was first program it took over, then zone alarm , and go back. I tried deleting the vxd driver it has in there that is not signed by microsoft, and it stopped windows from loading in (stayed on splash screen). I had to use go back to go back to prior setting. go back of course will not work to go back to settings prior to the master ide controller change. I have tried to change thru device manager and it tells me i have the best already installed. any help other then a fdisk format greatly appreciated. Debra |
#2
|
|||
|
|||
Annalee
First, a word of warning - do NOT attempt to have System Restore and GoBack running at the same time!! They will conflict, and this can result in them both eating huge quantities of your HD space - with the possible result that neither will actually work properly! My recommendation would be to uninstall GoBack - it's a system hog - then make sure that System Restore is enabled and functioning properly. (see the test procedure here - http://www.btinternet.com/~winnoel/quiktipsr.htm) then you need to ensure your PC is clean - start with this procedure, and come back with the results. download the Stinger from here and run it to make sure that A-V-disabling viruses are not present on your PC http://download.nai.com/products/mca...rt/stinger.exe - update your virus scanner and run a full system scan of all files. Reboot to Safe Mode and run CWShredder - to remove variants of the CoolWebSearch hijacker. http://www.merijn.org/cwschronicles.html Use CWShredder, the removal tool: http://www.merijn.org/files/cwshredder.zip http://www.merijn.org/files/CWShredder.exe http://www.spywareinfo.com/downloads...CWShredder.exe http://www.zerosrealm.com/downloads/CWShredder.zip download AdAware from www.lavasoftusa.com, install, update, and run it to remove spyware, adware, and other such nasties from your system. -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... My Windows Me computer was hit with trojans. Removed all but one. It ended up turning restore system back on and putting itself in folder. protected all the files and using goback, it changed the master ide controller. It also changed environments . I tried to run hp recovery cd's and am told i have no hard drive or loose cables. I want to be able to reinstall operating system as it renamed all the files in restore folder. i can use this computer but i have no control over it. Needless to say antivirus program will not work that was first program it took over, then zone alarm , and go back. I tried deleting the vxd driver it has in there that is not signed by microsoft, and it stopped windows from loading in (stayed on splash screen). I had to use go back to go back to prior setting. go back of course will not work to go back to settings prior to the master ide controller change. I have tried to change thru device manager and it tells me i have the best already installed. any help other then a fdisk format greatly appreciated. Debra |
#3
|
|||
|
|||
Hi Noel,
thank you so much for the info, bookmarked the sites to check out when i have time. Here is what happened: First off i cannot do a thing with my restore folder. So I went further to the clear system restore and found out my ultimate windows me boot up would not work, so i had no choice but to go and create one , booted up and tried to use the attrib command: Drive c does not contain a valid fat or fat 32 partition. may need to be partioned. run fdisk from ms dos prompt (which i may end of having to do but do not want to do.) I would like to be sure of the trojan that caused this problem. it went on to say "some viruses also cause drive c to not register. which i am sure is what is happening here. just for laughs I'm running stinger on it now but i know from past experience it will not let any virus detection or scan register any problems. and i saw for myself how it changed and renamed every file in restore. Are you familiar with the revop trojan? this if i remember correctly is the one that was in restore and i could not get rid of it. i have them all written down on a paper . I looked this up to get info on it and could not find it listed anywhere as a trojan. different sites give different names to them from what i understand. i just tried once again to get into restore folder, unchecked hidden , then hit reply and it will not let me change attributes. really frustrating. trying to bring to desktop and its saying dsinfo.dat in in use . since i ran the scan computer is busy at work (doing What?) not connected to internet so not sending out info. I wonder if it will even let me fdisk if I finally decide to give up figuring this out? Debra "Noel Paton" wrote in message ... Annalee First, a word of warning - do NOT attempt to have System Restore and GoBack running at the same time!! They will conflict, and this can result in them both eating huge quantities of your HD space - with the possible result that neither will actually work properly! My recommendation would be to uninstall GoBack - it's a system hog - then make sure that System Restore is enabled and functioning properly. (see the test procedure here - http://www.btinternet.com/~winnoel/quiktipsr.htm) then you need to ensure your PC is clean - start with this procedure, and come back with the results. download the Stinger from here and run it to make sure that A-V-disabling viruses are not present on your PC http://download.nai.com/products/mca...rt/stinger.exe - update your virus scanner and run a full system scan of all files. Reboot to Safe Mode and run CWShredder - to remove variants of the CoolWebSearch hijacker. http://www.merijn.org/cwschronicles.html Use CWShredder, the removal tool: http://www.merijn.org/files/cwshredder.zip http://www.merijn.org/files/CWShredder.exe http://www.spywareinfo.com/downloads...CWShredder.exe http://www.zerosrealm.com/downloads/CWShredder.zip download AdAware from www.lavasoftusa.com, install, update, and run it to remove spyware, adware, and other such nasties from your system. -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... My Windows Me computer was hit with trojans. Removed all but one. It ended up turning restore system back on and putting itself in folder. protected all the files and using goback, it changed the master ide controller. It also changed environments . I tried to run hp recovery cd's and am told i have no hard drive or loose cables. I want to be able to reinstall operating system as it renamed all the files in restore folder. i can use this computer but i have no control over it. Needless to say antivirus program will not work that was first program it took over, then zone alarm , and go back. I tried deleting the vxd driver it has in there that is not signed by microsoft, and it stopped windows from loading in (stayed on splash screen). I had to use go back to go back to prior setting. go back of course will not work to go back to settings prior to the master ide controller change. I have tried to change thru device manager and it tells me i have the best already installed. any help other then a fdisk format greatly appreciated. Debra |
#4
|
|||
|
|||
Annalee
No 'virus' in the System Restore archive can be active - so it cannot affect your system. Look here for details.... http://support.microsoft.com/?scid=263455 The reason that the ultimateboot disk doesn't work is simple - you have GoBack installed!! - it changes the MBR in such a way that neither the conventional EBD/Startup disk, nor the Ultimate Boot Disk can read the drive properly. Look here for details... http://service1.symantec.com/SUPPORT...sv=&os v_lvl= Stinger is NOT an anti-virus program - it's a specific/targeted removal tool, and needs to be manually replaced/updated before each use - it does NOT sit in the background in the way that AV's do. DO NOT attempt to modify any files within the SR archive - doing so will certainly break SR until you manually reset it or clear the history!!! PLEASE read what's written - either uninstall GoBack, or disable System Restore. one or the other. Then post back -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... Hi Noel, thank you so much for the info, bookmarked the sites to check out when i have time. Here is what happened: First off i cannot do a thing with my restore folder. So I went further to the clear system restore and found out my ultimate windows me boot up would not work, so i had no choice but to go and create one , booted up and tried to use the attrib command: Drive c does not contain a valid fat or fat 32 partition. may need to be partioned. run fdisk from ms dos prompt (which i may end of having to do but do not want to do.) I would like to be sure of the trojan that caused this problem. it went on to say "some viruses also cause drive c to not register. which i am sure is what is happening here. just for laughs I'm running stinger on it now but i know from past experience it will not let any virus detection or scan register any problems. and i saw for myself how it changed and renamed every file in restore. Are you familiar with the revop trojan? this if i remember correctly is the one that was in restore and i could not get rid of it. i have them all written down on a paper . I looked this up to get info on it and could not find it listed anywhere as a trojan. different sites give different names to them from what i understand. i just tried once again to get into restore folder, unchecked hidden , then hit reply and it will not let me change attributes. really frustrating. trying to bring to desktop and its saying dsinfo.dat in in use . since i ran the scan computer is busy at work (doing What?) not connected to internet so not sending out info. I wonder if it will even let me fdisk if I finally decide to give up figuring this out? Debra "Noel Paton" wrote in message ... Annalee First, a word of warning - do NOT attempt to have System Restore and GoBack running at the same time!! They will conflict, and this can result in them both eating huge quantities of your HD space - with the possible result that neither will actually work properly! My recommendation would be to uninstall GoBack - it's a system hog - then make sure that System Restore is enabled and functioning properly. (see the test procedure here - http://www.btinternet.com/~winnoel/quiktipsr.htm) then you need to ensure your PC is clean - start with this procedure, and come back with the results. download the Stinger from here and run it to make sure that A-V-disabling viruses are not present on your PC http://download.nai.com/products/mca...rt/stinger.exe - update your virus scanner and run a full system scan of all files. Reboot to Safe Mode and run CWShredder - to remove variants of the CoolWebSearch hijacker. http://www.merijn.org/cwschronicles.html Use CWShredder, the removal tool: http://www.merijn.org/files/cwshredder.zip http://www.merijn.org/files/CWShredder.exe http://www.spywareinfo.com/downloads...CWShredder.exe http://www.zerosrealm.com/downloads/CWShredder.zip download AdAware from www.lavasoftusa.com, install, update, and run it to remove spyware, adware, and other such nasties from your system. -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... My Windows Me computer was hit with trojans. Removed all but one. It ended up turning restore system back on and putting itself in folder. protected all the files and using goback, it changed the master ide controller. It also changed environments . I tried to run hp recovery cd's and am told i have no hard drive or loose cables. I want to be able to reinstall operating system as it renamed all the files in restore folder. i can use this computer but i have no control over it. Needless to say antivirus program will not work that was first program it took over, then zone alarm , and go back. I tried deleting the vxd driver it has in there that is not signed by microsoft, and it stopped windows from loading in (stayed on splash screen). I had to use go back to go back to prior setting. go back of course will not work to go back to settings prior to the master ide controller change. I have tried to change thru device manager and it tells me i have the best already installed. any help other then a fdisk format greatly appreciated. Debra |
#5
|
|||
|
|||
Hello Noel,
Sorry, but this is getting to me, I have disabled system restore once again. It does not work either way, it never did work properly which was why i installed go back. What i found: I have two different system restore file folders on drive c. will list them both with files and programs in each listed . This first one is the one i believe is running and controlling computer. (it is the one that was all hidden i managed to show files. folder still shows as hidden. I cannot delete any of the files in here access denied they are in use. c:\_restore (1st five are folders) archive extract logs sfp temp files: diskcfg.dat dsinfo.dat srdiskid vxdmon.cfg vxdmon.dat second restore folder : c:\windows\system (not hidden i can delete if i like) cabbit.exe datastor.ini filelist.xml rstrlfn.exe rstrui.exe srframe.mmf statemgr.exe stmgr.exe What are my options? This computer is still under extended warranty, but I know if i send it back to hp they are going to reformat anyway. Also I was told that if i do a regular reformat that I will not be able to use their recovery disks? Is that true? Debra "Noel Paton" wrote in message ... Annalee No 'virus' in the System Restore archive can be active - so it cannot affect your system. Look here for details.... http://support.microsoft.com/?scid=263455 The reason that the ultimateboot disk doesn't work is simple - you have GoBack installed!! - it changes the MBR in such a way that neither the conventional EBD/Startup disk, nor the Ultimate Boot Disk can read the drive properly. Look here for details... http://service1.symantec.com/SUPPORT...sv=&os v_lvl= Stinger is NOT an anti-virus program - it's a specific/targeted removal tool, and needs to be manually replaced/updated before each use - it does NOT sit in the background in the way that AV's do. DO NOT attempt to modify any files within the SR archive - doing so will certainly break SR until you manually reset it or clear the history!!! PLEASE read what's written - either uninstall GoBack, or disable System Restore. one or the other. Then post back -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... Hi Noel, thank you so much for the info, bookmarked the sites to check out when i have time. Here is what happened: First off i cannot do a thing with my restore folder. So I went further to the clear system restore and found out my ultimate windows me boot up would not work, so i had no choice but to go and create one , booted up and tried to use the attrib command: Drive c does not contain a valid fat or fat 32 partition. may need to be partioned. run fdisk from ms dos prompt (which i may end of having to do but do not want to do.) I would like to be sure of the trojan that caused this problem. it went on to say "some viruses also cause drive c to not register. which i am sure is what is happening here. just for laughs I'm running stinger on it now but i know from past experience it will not let any virus detection or scan register any problems. and i saw for myself how it changed and renamed every file in restore. Are you familiar with the revop trojan? this if i remember correctly is the one that was in restore and i could not get rid of it. i have them all written down on a paper . I looked this up to get info on it and could not find it listed anywhere as a trojan. different sites give different names to them from what i understand. i just tried once again to get into restore folder, unchecked hidden , then hit reply and it will not let me change attributes. really frustrating. trying to bring to desktop and its saying dsinfo.dat in in use . since i ran the scan computer is busy at work (doing What?) not connected to internet so not sending out info. I wonder if it will even let me fdisk if I finally decide to give up figuring this out? Debra "Noel Paton" wrote in message ... Annalee First, a word of warning - do NOT attempt to have System Restore and GoBack running at the same time!! They will conflict, and this can result in them both eating huge quantities of your HD space - with the possible result that neither will actually work properly! My recommendation would be to uninstall GoBack - it's a system hog - then make sure that System Restore is enabled and functioning properly. (see the test procedure here - http://www.btinternet.com/~winnoel/quiktipsr.htm) then you need to ensure your PC is clean - start with this procedure, and come back with the results. download the Stinger from here and run it to make sure that A-V-disabling viruses are not present on your PC http://download.nai.com/products/mca...rt/stinger.exe - update your virus scanner and run a full system scan of all files. Reboot to Safe Mode and run CWShredder - to remove variants of the CoolWebSearch hijacker. http://www.merijn.org/cwschronicles.html Use CWShredder, the removal tool: http://www.merijn.org/files/cwshredder.zip http://www.merijn.org/files/CWShredder.exe http://www.spywareinfo.com/downloads...CWShredder.exe http://www.zerosrealm.com/downloads/CWShredder.zip download AdAware from www.lavasoftusa.com, install, update, and run it to remove spyware, adware, and other such nasties from your system. -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... My Windows Me computer was hit with trojans. Removed all but one. It ended up turning restore system back on and putting itself in folder. protected all the files and using goback, it changed the master ide controller. It also changed environments . I tried to run hp recovery cd's and am told i have no hard drive or loose cables. I want to be able to reinstall operating system as it renamed all the files in restore folder. i can use this computer but i have no control over it. Needless to say antivirus program will not work that was first program it took over, then zone alarm , and go back. I tried deleting the vxd driver it has in there that is not signed by microsoft, and it stopped windows from loading in (stayed on splash screen). I had to use go back to go back to prior setting. go back of course will not work to go back to settings prior to the master ide controller change. I have tried to change thru device manager and it tells me i have the best already installed. any help other then a fdisk format greatly appreciated. Debra |
#6
|
|||
|
|||
Annalee
Both those folders are perfectly normal The one in the Windows\System branch is the active part of System Restore The C:\_Restore folder is the archive folder for both System Restore and for System File Protection. DO NOT attempt to modify the files within either folder!!! What is it that makes you think that the _restore folder is 'controlling' your PC? - it's supposed to be rebuilt after resetting or disabling System Restore - so as to keep System File Protection operating The reason that System Restore never worked for you is almost certainly that you never installed the 290700 patch for SR..... Here's my standard post on the patch. It's possible that you haven't installed the System Restore Patch - without which any current restore points are just space fillers. To check this, look for the file C:\Windows\System\SMGR.DLL - r-click on the file, and select Properties. What's the version number? - if it's v4.90.0.3003 then you have installed the patch, and we have to look elsewhere for the problem if it's v4.90.0.2533, then you need to install the patch. To install the patch, either visit Windows Update, or go here, and download the patch for offline install http://support.microsoft.com/default...;en-us;Q290700 Run the installer, and windows should reset System Restore at the same time, clearing your old restore points (which wouldn't have worked, anyhow), and creating a single new one. You should then reset the maximum allocation for SR by going to the adjustment slider at System Properties | Performance | File System | Hard Disk - most people find that 200-400MB is quite sufficient for most purposes, unless installing/uninstalling large applications such as Office. -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... Hello Noel, Sorry, but this is getting to me, I have disabled system restore once again. It does not work either way, it never did work properly which was why i installed go back. What i found: I have two different system restore file folders on drive c. will list them both with files and programs in each listed . This first one is the one i believe is running and controlling computer. (it is the one that was all hidden i managed to show files. folder still shows as hidden. I cannot delete any of the files in here access denied they are in use. c:\_restore (1st five are folders) archive extract logs sfp temp files: diskcfg.dat dsinfo.dat srdiskid vxdmon.cfg vxdmon.dat second restore folder : c:\windows\system (not hidden i can delete if i like) cabbit.exe datastor.ini filelist.xml rstrlfn.exe rstrui.exe srframe.mmf statemgr.exe stmgr.exe What are my options? This computer is still under extended warranty, but I know if i send it back to hp they are going to reformat anyway. Also I was told that if i do a regular reformat that I will not be able to use their recovery disks? Is that true? Debra "Noel Paton" wrote in message ... Annalee No 'virus' in the System Restore archive can be active - so it cannot affect your system. Look here for details.... http://support.microsoft.com/?scid=263455 The reason that the ultimateboot disk doesn't work is simple - you have GoBack installed!! - it changes the MBR in such a way that neither the conventional EBD/Startup disk, nor the Ultimate Boot Disk can read the drive properly. Look here for details... http://service1.symantec.com/SUPPORT...sv=&os v_lvl= Stinger is NOT an anti-virus program - it's a specific/targeted removal tool, and needs to be manually replaced/updated before each use - it does NOT sit in the background in the way that AV's do. DO NOT attempt to modify any files within the SR archive - doing so will certainly break SR until you manually reset it or clear the history!!! PLEASE read what's written - either uninstall GoBack, or disable System Restore. one or the other. Then post back -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... Hi Noel, thank you so much for the info, bookmarked the sites to check out when i have time. Here is what happened: First off i cannot do a thing with my restore folder. So I went further to the clear system restore and found out my ultimate windows me boot up would not work, so i had no choice but to go and create one , booted up and tried to use the attrib command: Drive c does not contain a valid fat or fat 32 partition. may need to be partioned. run fdisk from ms dos prompt (which i may end of having to do but do not want to do.) I would like to be sure of the trojan that caused this problem. it went on to say "some viruses also cause drive c to not register. which i am sure is what is happening here. just for laughs I'm running stinger on it now but i know from past experience it will not let any virus detection or scan register any problems. and i saw for myself how it changed and renamed every file in restore. Are you familiar with the revop trojan? this if i remember correctly is the one that was in restore and i could not get rid of it. i have them all written down on a paper . I looked this up to get info on it and could not find it listed anywhere as a trojan. different sites give different names to them from what i understand. i just tried once again to get into restore folder, unchecked hidden , then hit reply and it will not let me change attributes. really frustrating. trying to bring to desktop and its saying dsinfo.dat in in use . since i ran the scan computer is busy at work (doing What?) not connected to internet so not sending out info. I wonder if it will even let me fdisk if I finally decide to give up figuring this out? Debra "Noel Paton" wrote in message ... Annalee First, a word of warning - do NOT attempt to have System Restore and GoBack running at the same time!! They will conflict, and this can result in them both eating huge quantities of your HD space - with the possible result that neither will actually work properly! My recommendation would be to uninstall GoBack - it's a system hog - then make sure that System Restore is enabled and functioning properly. (see the test procedure here - http://www.btinternet.com/~winnoel/quiktipsr.htm) then you need to ensure your PC is clean - start with this procedure, and come back with the results. download the Stinger from here and run it to make sure that A-V-disabling viruses are not present on your PC http://download.nai.com/products/mca...rt/stinger.exe - update your virus scanner and run a full system scan of all files. Reboot to Safe Mode and run CWShredder - to remove variants of the CoolWebSearch hijacker. http://www.merijn.org/cwschronicles.html Use CWShredder, the removal tool: http://www.merijn.org/files/cwshredder.zip http://www.merijn.org/files/CWShredder.exe http://www.spywareinfo.com/downloads...CWShredder.exe http://www.zerosrealm.com/downloads/CWShredder.zip download AdAware from www.lavasoftusa.com, install, update, and run it to remove spyware, adware, and other such nasties from your system. -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... My Windows Me computer was hit with trojans. Removed all but one. It ended up turning restore system back on and putting itself in folder. protected all the files and using goback, it changed the master ide controller. It also changed environments . I tried to run hp recovery cd's and am told i have no hard drive or loose cables. I want to be able to reinstall operating system as it renamed all the files in restore folder. i can use this computer but i have no control over it. Needless to say antivirus program will not work that was first program it took over, then zone alarm , and go back. I tried deleting the vxd driver it has in there that is not signed by microsoft, and it stopped windows from loading in (stayed on splash screen). I had to use go back to go back to prior setting. go back of course will not work to go back to settings prior to the master ide controller change. I have tried to change thru device manager and it tells me i have the best already installed. any help other then a fdisk format greatly appreciated. Debra |
#7
|
|||
|
|||
Hi Noel,
I have the patch on here its version v4.90.0.3003. I feel that it is restore controlling because that is where the trojoan was that i could not remove. I tried and then saw it change all the file names that were in there . I should of marked them down, i did not. Now they are not listed in there anymore seemed i remembered more files but that was months back. I just want to be able to reinstall windows (hp recovery of operating system without having to reformat). I have four years of notes, emails ect saved on here. If it is not restore controlling then how come i could not get the attribute command for the restore folder to work in dos? I know the controller was changed , it had popped up message months back when i was in go back and i kept telling it no ( zone alarm popup for allowing) and it would not go away. i had to say yes and watched horrified as it said it was installing controller. since then i have no recognizable drive c. I can delete from it I can download to it. Debra "Noel Paton" wrote in message ... Annalee Both those folders are perfectly normal The one in the Windows\System branch is the active part of System Restore The C:\_Restore folder is the archive folder for both System Restore and for System File Protection. DO NOT attempt to modify the files within either folder!!! What is it that makes you think that the _restore folder is 'controlling' your PC? - it's supposed to be rebuilt after resetting or disabling System Restore - so as to keep System File Protection operating The reason that System Restore never worked for you is almost certainly that you never installed the 290700 patch for SR..... Here's my standard post on the patch. It's possible that you haven't installed the System Restore Patch - without which any current restore points are just space fillers. To check this, look for the file C:\Windows\System\SMGR.DLL - r-click on the file, and select Properties. What's the version number? - if it's v4.90.0.3003 then you have installed the patch, and we have to look elsewhere for the problem if it's v4.90.0.2533, then you need to install the patch. To install the patch, either visit Windows Update, or go here, and download the patch for offline install http://support.microsoft.com/default...;en-us;Q290700 Run the installer, and windows should reset System Restore at the same time, clearing your old restore points (which wouldn't have worked, anyhow), and creating a single new one. You should then reset the maximum allocation for SR by going to the adjustment slider at System Properties | Performance | File System | Hard Disk - most people find that 200-400MB is quite sufficient for most purposes, unless installing/uninstalling large applications such as Office. -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... Hello Noel, Sorry, but this is getting to me, I have disabled system restore once again. It does not work either way, it never did work properly which was why i installed go back. What i found: I have two different system restore file folders on drive c. will list them both with files and programs in each listed . This first one is the one i believe is running and controlling computer. (it is the one that was all hidden i managed to show files. folder still shows as hidden. I cannot delete any of the files in here access denied they are in use. c:\_restore (1st five are folders) archive extract logs sfp temp files: diskcfg.dat dsinfo.dat srdiskid vxdmon.cfg vxdmon.dat second restore folder : c:\windows\system (not hidden i can delete if i like) cabbit.exe datastor.ini filelist.xml rstrlfn.exe rstrui.exe srframe.mmf statemgr.exe stmgr.exe What are my options? This computer is still under extended warranty, but I know if i send it back to hp they are going to reformat anyway. Also I was told that if i do a regular reformat that I will not be able to use their recovery disks? Is that true? Debra "Noel Paton" wrote in message ... Annalee No 'virus' in the System Restore archive can be active - so it cannot affect your system. Look here for details.... http://support.microsoft.com/?scid=263455 The reason that the ultimateboot disk doesn't work is simple - you have GoBack installed!! - it changes the MBR in such a way that neither the conventional EBD/Startup disk, nor the Ultimate Boot Disk can read the drive properly. Look here for details... http://service1.symantec.com/SUPPORT...sv=&os v_lvl= Stinger is NOT an anti-virus program - it's a specific/targeted removal tool, and needs to be manually replaced/updated before each use - it does NOT sit in the background in the way that AV's do. DO NOT attempt to modify any files within the SR archive - doing so will certainly break SR until you manually reset it or clear the history!!! PLEASE read what's written - either uninstall GoBack, or disable System Restore. one or the other. Then post back -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... Hi Noel, thank you so much for the info, bookmarked the sites to check out when i have time. Here is what happened: First off i cannot do a thing with my restore folder. So I went further to the clear system restore and found out my ultimate windows me boot up would not work, so i had no choice but to go and create one , booted up and tried to use the attrib command: Drive c does not contain a valid fat or fat 32 partition. may need to be partioned. run fdisk from ms dos prompt (which i may end of having to do but do not want to do.) I would like to be sure of the trojan that caused this problem. it went on to say "some viruses also cause drive c to not register. which i am sure is what is happening here. just for laughs I'm running stinger on it now but i know from past experience it will not let any virus detection or scan register any problems. and i saw for myself how it changed and renamed every file in restore. Are you familiar with the revop trojan? this if i remember correctly is the one that was in restore and i could not get rid of it. i have them all written down on a paper . I looked this up to get info on it and could not find it listed anywhere as a trojan. different sites give different names to them from what i understand. i just tried once again to get into restore folder, unchecked hidden , then hit reply and it will not let me change attributes. really frustrating. trying to bring to desktop and its saying dsinfo.dat in in use . since i ran the scan computer is busy at work (doing What?) not connected to internet so not sending out info. I wonder if it will even let me fdisk if I finally decide to give up figuring this out? Debra "Noel Paton" wrote in message ... Annalee First, a word of warning - do NOT attempt to have System Restore and GoBack running at the same time!! They will conflict, and this can result in them both eating huge quantities of your HD space - with the possible result that neither will actually work properly! My recommendation would be to uninstall GoBack - it's a system hog - then make sure that System Restore is enabled and functioning properly. (see the test procedure here - http://www.btinternet.com/~winnoel/quiktipsr.htm) then you need to ensure your PC is clean - start with this procedure, and come back with the results. download the Stinger from here and run it to make sure that A-V-disabling viruses are not present on your PC http://download.nai.com/products/mca...rt/stinger.exe - update your virus scanner and run a full system scan of all files. Reboot to Safe Mode and run CWShredder - to remove variants of the CoolWebSearch hijacker. http://www.merijn.org/cwschronicles.html Use CWShredder, the removal tool: http://www.merijn.org/files/cwshredder.zip http://www.merijn.org/files/CWShredder.exe http://www.spywareinfo.com/downloads...CWShredder.exe http://www.zerosrealm.com/downloads/CWShredder.zip download AdAware from www.lavasoftusa.com, install, update, and run it to remove spyware, adware, and other such nasties from your system. -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... My Windows Me computer was hit with trojans. Removed all but one. It ended up turning restore system back on and putting itself in folder. protected all the files and using goback, it changed the master ide controller. It also changed environments . I tried to run hp recovery cd's and am told i have no hard drive or loose cables. I want to be able to reinstall operating system as it renamed all the files in restore folder. i can use this computer but i have no control over it. Needless to say antivirus program will not work that was first program it took over, then zone alarm , and go back. I tried deleting the vxd driver it has in there that is not signed by microsoft, and it stopped windows from loading in (stayed on splash screen). I had to use go back to go back to prior setting. go back of course will not work to go back to settings prior to the master ide controller change. I have tried to change thru device manager and it tells me i have the best already installed. any help other then a fdisk format greatly appreciated. Debra |
#8
|
|||
|
|||
Annalee
The IDE controller has absolutely NOTHING to do with System Restore. The size of the _Restore folder will vary - between around 20MB in a fresh install and 12% of the size of the C: partition I suspect that what you saw with the firewall was simply Windows AutoUpdater doing the job it was supposed to do - check the source of the program it was trying to install. I repeat - THERE WAS NO ACTIVE TROJAN IN SYSTEM RESTORE!!!! Thre reason that you couldn't get the attrib command to work in DOS was one of the following. 1) You were trying to run it from a DOS window - ATTRIB doesn't work there, you have to run it from a DOS boot from floppy 2) you typed it wrong in some way. follow these instructions, and see what happens Boot to DOS, using your Win ME Startup Disk (if you don't have one and can't make one from Start | Add/Remove Programs, then download a diskmaker from www.bootdisk.com, and create the floppy by running the file) At the A:\ prompt, type the following commands (followed by [return]) ATTRIB -S -R -H C:\_RESTORE REN C:\_RESTORE OLDREST When the A:\ prompt returns, remove the floppy, and reboot the PC. The Control Files will be rebuilt, and a Restore point should be created. Then delete the C:\OLDREST folder, and reboot again. Finally adjust the space allocated to the restore folder -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... Hi Noel, I have the patch on here its version v4.90.0.3003. I feel that it is restore controlling because that is where the trojoan was that i could not remove. I tried and then saw it change all the file names that were in there . I should of marked them down, i did not. Now they are not listed in there anymore seemed i remembered more files but that was months back. I just want to be able to reinstall windows (hp recovery of operating system without having to reformat). I have four years of notes, emails ect saved on here. If it is not restore controlling then how come i could not get the attribute command for the restore folder to work in dos? I know the controller was changed , it had popped up message months back when i was in go back and i kept telling it no ( zone alarm popup for allowing) and it would not go away. i had to say yes and watched horrified as it said it was installing controller. since then i have no recognizable drive c. I can delete from it I can download to it. Debra "Noel Paton" wrote in message ... Annalee Both those folders are perfectly normal The one in the Windows\System branch is the active part of System Restore The C:\_Restore folder is the archive folder for both System Restore and for System File Protection. DO NOT attempt to modify the files within either folder!!! What is it that makes you think that the _restore folder is 'controlling' your PC? - it's supposed to be rebuilt after resetting or disabling System Restore - so as to keep System File Protection operating The reason that System Restore never worked for you is almost certainly that you never installed the 290700 patch for SR..... Here's my standard post on the patch. It's possible that you haven't installed the System Restore Patch - without which any current restore points are just space fillers. To check this, look for the file C:\Windows\System\SMGR.DLL - r-click on the file, and select Properties. What's the version number? - if it's v4.90.0.3003 then you have installed the patch, and we have to look elsewhere for the problem if it's v4.90.0.2533, then you need to install the patch. To install the patch, either visit Windows Update, or go here, and download the patch for offline install http://support.microsoft.com/default...;en-us;Q290700 Run the installer, and windows should reset System Restore at the same time, clearing your old restore points (which wouldn't have worked, anyhow), and creating a single new one. You should then reset the maximum allocation for SR by going to the adjustment slider at System Properties | Performance | File System | Hard Disk - most people find that 200-400MB is quite sufficient for most purposes, unless installing/uninstalling large applications such as Office. -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... Hello Noel, Sorry, but this is getting to me, I have disabled system restore once again. It does not work either way, it never did work properly which was why i installed go back. What i found: I have two different system restore file folders on drive c. will list them both with files and programs in each listed . This first one is the one i believe is running and controlling computer. (it is the one that was all hidden i managed to show files. folder still shows as hidden. I cannot delete any of the files in here access denied they are in use. c:\_restore (1st five are folders) archive extract logs sfp temp files: diskcfg.dat dsinfo.dat srdiskid vxdmon.cfg vxdmon.dat second restore folder : c:\windows\system (not hidden i can delete if i like) cabbit.exe datastor.ini filelist.xml rstrlfn.exe rstrui.exe srframe.mmf statemgr.exe stmgr.exe What are my options? This computer is still under extended warranty, but I know if i send it back to hp they are going to reformat anyway. Also I was told that if i do a regular reformat that I will not be able to use their recovery disks? Is that true? Debra "Noel Paton" wrote in message ... Annalee No 'virus' in the System Restore archive can be active - so it cannot affect your system. Look here for details.... http://support.microsoft.com/?scid=263455 The reason that the ultimateboot disk doesn't work is simple - you have GoBack installed!! - it changes the MBR in such a way that neither the conventional EBD/Startup disk, nor the Ultimate Boot Disk can read the drive properly. Look here for details... http://service1.symantec.com/SUPPORT...sv=&os v_lvl= Stinger is NOT an anti-virus program - it's a specific/targeted removal tool, and needs to be manually replaced/updated before each use - it does NOT sit in the background in the way that AV's do. DO NOT attempt to modify any files within the SR archive - doing so will certainly break SR until you manually reset it or clear the history!!! PLEASE read what's written - either uninstall GoBack, or disable System Restore. one or the other. Then post back -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... Hi Noel, thank you so much for the info, bookmarked the sites to check out when i have time. Here is what happened: First off i cannot do a thing with my restore folder. So I went further to the clear system restore and found out my ultimate windows me boot up would not work, so i had no choice but to go and create one , booted up and tried to use the attrib command: Drive c does not contain a valid fat or fat 32 partition. may need to be partioned. run fdisk from ms dos prompt (which i may end of having to do but do not want to do.) I would like to be sure of the trojan that caused this problem. it went on to say "some viruses also cause drive c to not register. which i am sure is what is happening here. just for laughs I'm running stinger on it now but i know from past experience it will not let any virus detection or scan register any problems. and i saw for myself how it changed and renamed every file in restore. Are you familiar with the revop trojan? this if i remember correctly is the one that was in restore and i could not get rid of it. i have them all written down on a paper . I looked this up to get info on it and could not find it listed anywhere as a trojan. different sites give different names to them from what i understand. i just tried once again to get into restore folder, unchecked hidden , then hit reply and it will not let me change attributes. really frustrating. trying to bring to desktop and its saying dsinfo.dat in in use . since i ran the scan computer is busy at work (doing What?) not connected to internet so not sending out info. I wonder if it will even let me fdisk if I finally decide to give up figuring this out? Debra "Noel Paton" wrote in message ... Annalee First, a word of warning - do NOT attempt to have System Restore and GoBack running at the same time!! They will conflict, and this can result in them both eating huge quantities of your HD space - with the possible result that neither will actually work properly! My recommendation would be to uninstall GoBack - it's a system hog - then make sure that System Restore is enabled and functioning properly. (see the test procedure here - http://www.btinternet.com/~winnoel/quiktipsr.htm) then you need to ensure your PC is clean - start with this procedure, and come back with the results. download the Stinger from here and run it to make sure that A-V-disabling viruses are not present on your PC http://download.nai.com/products/mca...rt/stinger.exe - update your virus scanner and run a full system scan of all files. Reboot to Safe Mode and run CWShredder - to remove variants of the CoolWebSearch hijacker. http://www.merijn.org/cwschronicles.html Use CWShredder, the removal tool: http://www.merijn.org/files/cwshredder.zip http://www.merijn.org/files/CWShredder.exe http://www.spywareinfo.com/downloads...CWShredder.exe http://www.zerosrealm.com/downloads/CWShredder.zip download AdAware from www.lavasoftusa.com, install, update, and run it to remove spyware, adware, and other such nasties from your system. -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "annalee15" wrote in message ... My Windows Me computer was hit with trojans. Removed all but one. It ended up turning restore system back on and putting itself in folder. protected all the files and using goback, it changed the master ide controller. It also changed environments . I tried to run hp recovery cd's and am told i have no hard drive or loose cables. I want to be able to reinstall operating system as it renamed all the files in restore folder. i can use this computer but i have no control over it. Needless to say antivirus program will not work that was first program it took over, then zone alarm , and go back. I tried deleting the vxd driver it has in there that is not signed by microsoft, and it stopped windows from loading in (stayed on splash screen). I had to use go back to go back to prior setting. go back of course will not work to go back to settings prior to the master ide controller change. I have tried to change thru device manager and it tells me i have the best already installed. any help other then a fdisk format greatly appreciated. Debra |
#10
|
|||
|
|||
Thanks, Mike
-- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "Mike M" wrote in message ... Note: When booting from a Win Me boot floppy choose either option 2 or 3. The ATTRIB command is not available when choosing option 4, minimal boot. If 4 is chosen then instead of ATTRIB -S -R -H C:\_RESTORE Annalee will need to type C:\WINDOWS\COMMAND\ATTRIB -S -R -H C:\_RESTORE -- Mike Maltby MS-MVP [2001-2004] Noel Paton wrote: Annalee The IDE controller has absolutely NOTHING to do with System Restore. The size of the _Restore folder will vary - between around 20MB in a fresh install and 12% of the size of the C: partition I suspect that what you saw with the firewall was simply Windows AutoUpdater doing the job it was supposed to do - check the source of the program it was trying to install. I repeat - THERE WAS NO ACTIVE TROJAN IN SYSTEM RESTORE!!!! Thre reason that you couldn't get the attrib command to work in DOS was one of the following. 1) You were trying to run it from a DOS window - ATTRIB doesn't work there, you have to run it from a DOS boot from floppy 2) you typed it wrong in some way. follow these instructions, and see what happens Boot to DOS, using your Win ME Startup Disk (if you don't have one and can't make one from Start | Add/Remove Programs, then download a diskmaker from www.bootdisk.com, and create the floppy by running the file) At the A:\ prompt, type the following commands (followed by [return]) ATTRIB -S -R -H C:\_RESTORE REN C:\_RESTORE OLDREST When the A:\ prompt returns, remove the floppy, and reboot the PC. The Control Files will be rebuilt, and a Restore point should be created. Then delete the C:\OLDREST folder, and reboot again. Finally adjust the space allocated to the restore folder |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
WinMe conflict w/ Intel 82371 AB/EB PCI Bus Master IDE Controller | Fernando Reyes | Hardware | 2 | September 22nd 04 12:46 AM |
IDE Controller Issue-Software or Hardware Problem? | Tom Young | General | 1 | September 1st 04 05:21 AM |
Please help! Display settings !! | Mitzi | Monitors & Displays | 12 | July 11th 04 05:19 AM |
What is Browse Master & LM Announce? | Pete K | Networking | 1 | June 25th 04 08:14 PM |
Ide Controller Drivers not loading | Simon | Disk Drives | 3 | May 10th 04 08:41 PM |