If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Out of Scope Help Needed.
Although this is an ME newsgroup I would appreciate you
helping me resolve a problem with my daughter's XP Pro machine. Several days ago her system was infected with "System Security 2009" bad guy. An attempt to do a System Restore to the previous day was unsuccessful. The Restore process would get to the "Confirm Restore Point Selection" window but go no further. Subsequently, using corrective actions found via Google, I have removed any files that I could find related to "System Security" and ran MalWareBytes. Since the infection seems to keep her Avira AntiVirus from running I also ran Trend Micro's online scan. To make a long story short her computer is still messed up. We can't access the internet while in Normal Mode, her Avira is not working, her System Restore will not go past the "Confirm Restore Point Selection" window in neither the Normal nor Safe Mode, and as the topper she does not have any recovery discs of any kind. Is there a method whereas I can force the System Restore to proceed past the "Confirm Restore Point Selection" window and complete its process? Thank you. |
#2
|
|||
|
|||
Out of Scope Help Needed.
"Job" wrote in message ...
Although this is an ME newsgroup I would appreciate you helping me resolve a problem with my daughter's XP Pro machine. Several days ago her system was infected with "System Security 2009" bad guy. An attempt to do a System Restore to the previous day was unsuccessful. The Restore process would get to the "Confirm Restore Point Selection" window but go no further. snip See if this applies to you. http://support.microsoft.com/kb/267176 Ben |
#3
|
|||
|
|||
Out of Scope Help Needed.
No it does not apply Ben. I have no problem accessing the
buttons. Thanks for your response. "Ben Myers" wrote in message ... "Job" wrote in message ... Although this is an ME newsgroup I would appreciate you helping me resolve a problem with my daughter's XP Pro machine. Several days ago her system was infected with "System Security 2009" bad guy. An attempt to do a System Restore to the previous day was unsuccessful. The Restore process would get to the "Confirm Restore Point Selection" window but go no further. snip See if this applies to you. http://support.microsoft.com/kb/267176 Ben |
#4
|
|||
|
|||
Out of Scope Help Needed.
Job, if no one here should answer your question, it would be best to go to the appropriate newsgroup, microsoft.public.windowsxp.general. The workings of SR may be slightly different, or there are other issues, unbeknown to me and they will be better able to help you. Harry. "Job" wrote in message ... Although this is an ME newsgroup I would appreciate you helping me resolve a problem with my daughter's XP Pro machine. Several days ago her system was infected with "System Security 2009" bad guy. An attempt to do a System Restore to the previous day was unsuccessful. The Restore process would get to the "Confirm Restore Point Selection" window but go no further. Subsequently, using corrective actions found via Google, I have removed any files that I could find related to "System Security" and ran MalWareBytes. Since the infection seems to keep her Avira AntiVirus from running I also ran Trend Micro's online scan. To make a long story short her computer is still messed up. We can't access the internet while in Normal Mode, her Avira is not working, her System Restore will not go past the "Confirm Restore Point Selection" window in neither the Normal nor Safe Mode, and as the topper she does not have any recovery discs of any kind. Is there a method whereas I can force the System Restore to proceed past the "Confirm Restore Point Selection" window and complete its process? Thank you. |
#5
|
|||
|
|||
Out of Scope Help Needed.
I was thinking of either Mike, Noel or Shane, but if none of them does
answer, it still would be best to go there, although it is your decision. Good luck and some, Harry. "Job" wrote in message ... I understand where you're coming from Harry but if the expertise in this group (ala Mike M or Noah for instance) can't answer my question I seriously doubt the XP group can. Thanks for your response. "webster72n" wrote in message ... Job, if no one here should answer your question, it would be best to go to the appropriate newsgroup, microsoft.public.windowsxp.general. The workings of SR may be slightly different, or there are other issues, unbeknown to me and they will be better able to help you. Harry. "Job" wrote in message ... Although this is an ME newsgroup I would appreciate you helping me resolve a problem with my daughter's XP Pro machine. Several days ago her system was infected with "System Security 2009" bad guy. An attempt to do a System Restore to the previous day was unsuccessful. The Restore process would get to the "Confirm Restore Point Selection" window but go no further. Subsequently, using corrective actions found via Google, I have removed any files that I could find related to "System Security" and ran MalWareBytes. Since the infection seems to keep her Avira AntiVirus from running I also ran Trend Micro's online scan. To make a long story short her computer is still messed up. We can't access the internet while in Normal Mode, her Avira is not working, her System Restore will not go past the "Confirm Restore Point Selection" window in neither the Normal nor Safe Mode, and as the topper she does not have any recovery discs of any kind. Is there a method whereas I can force the System Restore to proceed past the "Confirm Restore Point Selection" window and complete its process? Thank you. |
#6
|
|||
|
|||
Out of Scope Help Needed.
I understand where you're coming from Harry but if the
expertise in this group (ala Mike M or Noah for instance) can't answer my question I seriously doubt the XP group can. Thanks for your response. "webster72n" wrote in message ... Job, if no one here should answer your question, it would be best to go to the appropriate newsgroup, microsoft.public.windowsxp.general. The workings of SR may be slightly different, or there are other issues, unbeknown to me and they will be better able to help you. Harry. "Job" wrote in message ... Although this is an ME newsgroup I would appreciate you helping me resolve a problem with my daughter's XP Pro machine. Several days ago her system was infected with "System Security 2009" bad guy. An attempt to do a System Restore to the previous day was unsuccessful. The Restore process would get to the "Confirm Restore Point Selection" window but go no further. Subsequently, using corrective actions found via Google, I have removed any files that I could find related to "System Security" and ran MalWareBytes. Since the infection seems to keep her Avira AntiVirus from running I also ran Trend Micro's online scan. To make a long story short her computer is still messed up. We can't access the internet while in Normal Mode, her Avira is not working, her System Restore will not go past the "Confirm Restore Point Selection" window in neither the Normal nor Safe Mode, and as the topper she does not have any recovery discs of any kind. Is there a method whereas I can force the System Restore to proceed past the "Confirm Restore Point Selection" window and complete its process? Thank you. |
#7
|
|||
|
|||
Out of Scope Help Needed.
Is there a method whereas I can force the System Restore to proceed past the "Confirm Restore Point Selection" window and complete its process? Thank you. Try this: "To start System Restore using the Command prompt, follow these steps: 1. Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt. 2. Use the arrow keys to select the Safe mode with a Command prompt option. 3. If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER. 4. Log on as an administrator or with an account that has administrator credentials. 5. At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER. 6. Follow the instructions that appear on the screen to restore your computer to a functional state." If that doesn't work, then I'd say, offhand, no. Either the infection is still present and still stopping it, or necessary file(s) have been corrupted or deleted and that is stopping it. Most of my time is spent in XP Pro, and I could use a regularly updated BartPE cd (with NOD32, Trend Micro Sysclean, Stinger, McAfee Virusscan and Spybot S&D on there, not to mention Firefox and a host of other goodies such as Nero and Drive Image), the same on a USB stick; full image backups that run daily; and ERUNT which runs first boot every day and saves up to 7 previous registry backups. It would be nice to know if your daughter's machine had as much as a hidden partition containing the Windows files that damaged or missing system files could be restored from. If she doesn't have even that then options are pretty limited. Without a CD she can't run the 'Recovery Console' - though it is next to useless for most stuff anyway - unless it has previously been installed to the HD (which it obviously hasn't). You personally couldn't burn a BartPE disc/stick without XP or Server2003 - but if you had a fast broadband connection you could be supplied with much of this stuff - e.g. a BartPE ISO (~450MB) though I expect various license agreements say not to. Not that having one at this stage guarantees anything, but you would be able to manipulate the installation without booting the HD. You can also acquire XP itself (just not the necessary key) via Bittorrent, the veracity of which can be confirmed by checking the checksums, for running SFC /scannow with, for example, or for doing a repair reinstallation (if she doesn't have a hidden partition containing the necessary backup system files). Shane |
#8
|
|||
|
|||
Out of Scope Help Needed.
Hi Shane. Good to hear from you and thanks for the
suggestions. I don't think my daughter's computer has a partition but I will check when I get back to her home this coming weekend. I will also try your "%systemroot%\system32\restore\rstrui.exe" prompt. I read about BartPE at http://www.nu2.nu/pebuilder/ and that looks worthwhile to try when I'm at her computer. I can access the Internet in Safe Mode and might be able to download the BartPE Installer via her DSL. I will give you an update afterwards. Hope your medical conditions have improved over the past year. P.S. I seem to recall reading somewhere that XP install files are contained in something like i386. Does that ring any bell for you? Jim "Shane" wrote in message ... Is there a method whereas I can force the System Restore to proceed past the "Confirm Restore Point Selection" window and complete its process? Thank you. Try this: "To start System Restore using the Command prompt, follow these steps: 1. Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt. 2. Use the arrow keys to select the Safe mode with a Command prompt option. 3. If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER. 4. Log on as an administrator or with an account that has administrator credentials. 5. At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER. 6. Follow the instructions that appear on the screen to restore your computer to a functional state." If that doesn't work, then I'd say, offhand, no. Either the infection is still present and still stopping it, or necessary file(s) have been corrupted or deleted and that is stopping it. Most of my time is spent in XP Pro, and I could use a regularly updated BartPE cd (with NOD32, Trend Micro Sysclean, Stinger, McAfee Virusscan and Spybot S&D on there, not to mention Firefox and a host of other goodies such as Nero and Drive Image), the same on a USB stick; full image backups that run daily; and ERUNT which runs first boot every day and saves up to 7 previous registry backups. It would be nice to know if your daughter's machine had as much as a hidden partition containing the Windows files that damaged or missing system files could be restored from. If she doesn't have even that then options are pretty limited. Without a CD she can't run the 'Recovery Console' - though it is next to useless for most stuff anyway - unless it has previously been installed to the HD (which it obviously hasn't). You personally couldn't burn a BartPE disc/stick without XP or Server2003 - but if you had a fast broadband connection you could be supplied with much of this stuff - e.g. a BartPE ISO (~450MB) though I expect various license agreements say not to. Not that having one at this stage guarantees anything, but you would be able to manipulate the installation without booting the HD. You can also acquire XP itself (just not the necessary key) via Bittorrent, the veracity of which can be confirmed by checking the checksums, for running SFC /scannow with, for example, or for doing a repair reinstallation (if she doesn't have a hidden partition containing the necessary backup system files). Shane |
#9
|
|||
|
|||
Out of Scope Help Needed.
Hi Jim,
Yes, the i386 folder is where the XP installation files are held. If there is one either in the root of any drive or in the Windows folder, that is almost certainly it. Other installations sometimes put files into an i386 folder so basically it comes down to whether there are thousands of files, or not, in it (mine has about 6000 files and folders). It is still possible that some may be missing; hopefully they won't be! Of course, a hidden partition is more likely to contain pristine copies than a folder the malware can see (though a sufficiently sophisticated piece of malware could see that, too, much as a partition manager can). Physically I am much improved, thank you! Mostly through losing weight gained first from quitting smoking, and added to by consequences of my accident. Now I have shed over 3st and in a sense it is like regaining one's youth! Quite amazing. Of course, every time I shave I lose about 10 years. Combine the two and I could almost pass for a teenager! :-) Oh, concerning the BartPE - you need the installation files for XP, to build it - which is why I suggest the .iso (which, essentially, I would be prepared to supply you with). On the other hand the Ultimate Boot CD does, I believe, come complete, though I have never used it. That may well be your better option. Right, I'll check back from time to time. By which time I'll have had a coffee...and I'll be able to remember how that statement ends. Shane "Job" wrote in message ... Hi Shane. Good to hear from you and thanks for the suggestions. I don't think my daughter's computer has a partition but I will check when I get back to her home this coming weekend. I will also try your "%systemroot%\system32\restore\rstrui.exe" prompt. I read about BartPE at http://www.nu2.nu/pebuilder/ and that looks worthwhile to try when I'm at her computer. I can access the Internet in Safe Mode and might be able to download the BartPE Installer via her DSL. I will give you an update afterwards. Hope your medical conditions have improved over the past year. P.S. I seem to recall reading somewhere that XP install files are contained in something like i386. Does that ring any bell for you? Jim "Shane" wrote in message ... Is there a method whereas I can force the System Restore to proceed past the "Confirm Restore Point Selection" window and complete its process? Thank you. Try this: "To start System Restore using the Command prompt, follow these steps: 1. Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt. 2. Use the arrow keys to select the Safe mode with a Command prompt option. 3. If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER. 4. Log on as an administrator or with an account that has administrator credentials. 5. At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER. 6. Follow the instructions that appear on the screen to restore your computer to a functional state." If that doesn't work, then I'd say, offhand, no. Either the infection is still present and still stopping it, or necessary file(s) have been corrupted or deleted and that is stopping it. Most of my time is spent in XP Pro, and I could use a regularly updated BartPE cd (with NOD32, Trend Micro Sysclean, Stinger, McAfee Virusscan and Spybot S&D on there, not to mention Firefox and a host of other goodies such as Nero and Drive Image), the same on a USB stick; full image backups that run daily; and ERUNT which runs first boot every day and saves up to 7 previous registry backups. It would be nice to know if your daughter's machine had as much as a hidden partition containing the Windows files that damaged or missing system files could be restored from. If she doesn't have even that then options are pretty limited. Without a CD she can't run the 'Recovery Console' - though it is next to useless for most stuff anyway - unless it has previously been installed to the HD (which it obviously hasn't). You personally couldn't burn a BartPE disc/stick without XP or Server2003 - but if you had a fast broadband connection you could be supplied with much of this stuff - e.g. a BartPE ISO (~450MB) though I expect various license agreements say not to. Not that having one at this stage guarantees anything, but you would be able to manipulate the installation without booting the HD. You can also acquire XP itself (just not the necessary key) via Bittorrent, the veracity of which can be confirmed by checking the checksums, for running SFC /scannow with, for example, or for doing a repair reinstallation (if she doesn't have a hidden partition containing the necessary backup system files). Shane |
#10
|
|||
|
|||
Out of Scope Help Needed.
.....Late to the party (again!!))......
ok - What we have here is a fairly common scenario, which is, unfortunately, best dealt with not in newsgroups, but in 1:1 help sessions on a proper forum for spyware problems. As Harry (I think?) has already said, you should post your original data to the Windows XP groups, and there they will give you up-to-date links to appropriate forums. Alternatively, go direct to Bleeping Computer, and read the instructions there on how to post log to the spyware forums (fora?) , then follow those instructions, and see what they say. One of the problems with some of these nasties is that the leopard changes spots every week - and the resulting mess may be something that no-one recognises at first glance. If you need detailed assistance, please feel free to mail me direct (but be aware that IT MAY TAKE ME A FEW DAYS TO RESPOND, DUE TO OTHER COMMITMENTS) - didn't mean to shout, but I'll let it stand, as a friend is seriously ill (no-one known to the groups, BTW), and I have to deal with that before the fun of NG interactions All the Best -- Noel Paton CrashFixPC Nil Carborundum Illegitemi www.crashfixpc.co.uk "Job" wrote in message ... Hi Shane. Good to hear from you and thanks for the suggestions. I don't think my daughter's computer has a partition but I will check when I get back to her home this coming weekend. I will also try your "%systemroot%\system32\restore\rstrui.exe" prompt. I read about BartPE at http://www.nu2.nu/pebuilder/ and that looks worthwhile to try when I'm at her computer. I can access the Internet in Safe Mode and might be able to download the BartPE Installer via her DSL. I will give you an update afterwards. Hope your medical conditions have improved over the past year. P.S. I seem to recall reading somewhere that XP install files are contained in something like i386. Does that ring any bell for you? Jim "Shane" wrote in message ... Is there a method whereas I can force the System Restore to proceed past the "Confirm Restore Point Selection" window and complete its process? Thank you. Try this: "To start System Restore using the Command prompt, follow these steps: 1. Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt. 2. Use the arrow keys to select the Safe mode with a Command prompt option. 3. If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER. 4. Log on as an administrator or with an account that has administrator credentials. 5. At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER. 6. Follow the instructions that appear on the screen to restore your computer to a functional state." If that doesn't work, then I'd say, offhand, no. Either the infection is still present and still stopping it, or necessary file(s) have been corrupted or deleted and that is stopping it. Most of my time is spent in XP Pro, and I could use a regularly updated BartPE cd (with NOD32, Trend Micro Sysclean, Stinger, McAfee Virusscan and Spybot S&D on there, not to mention Firefox and a host of other goodies such as Nero and Drive Image), the same on a USB stick; full image backups that run daily; and ERUNT which runs first boot every day and saves up to 7 previous registry backups. It would be nice to know if your daughter's machine had as much as a hidden partition containing the Windows files that damaged or missing system files could be restored from. If she doesn't have even that then options are pretty limited. Without a CD she can't run the 'Recovery Console' - though it is next to useless for most stuff anyway - unless it has previously been installed to the HD (which it obviously hasn't). You personally couldn't burn a BartPE disc/stick without XP or Server2003 - but if you had a fast broadband connection you could be supplied with much of this stuff - e.g. a BartPE ISO (~450MB) though I expect various license agreements say not to. Not that having one at this stage guarantees anything, but you would be able to manipulate the installation without booting the HD. You can also acquire XP itself (just not the necessary key) via Bittorrent, the veracity of which can be confirmed by checking the checksums, for running SFC /scannow with, for example, or for doing a repair reinstallation (if she doesn't have a hidden partition containing the necessary backup system files). Shane |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
just what i needed | xztheericzx | General | 2 | November 12th 07 04:06 AM |
Help needed please | vee | Improving Performance | 4 | September 28th 05 12:34 PM |
Help needed please | Leslie | Software & Applications | 3 | September 22nd 04 01:49 AM |
Help needed please | Jack | General | 3 | July 24th 04 04:20 PM |
need to change the dhcp scope in my Internet Connection Sharing setup | Gerry Voras | Networking | 2 | June 24th 04 02:01 AM |