Safe mode and Restore problems

Hi,
I have a virus that is causing 3 problems.
1-I can get System restore up and choose a restore date but it wont go any further than that eg it wont run
2-I dont even get the option to boot into safe mode,because
3-A new line has been added to my startup menu which the PC boots into instantly.
My windows instilation has not been damaged in any other way because I was able to get into windows once only ( because I cant remember what I did to do that ) Once in windows I tried going back to the restore point that I set but as I said above it will not run.I discovered the other 2 problems when I tried to restart in safe mode.
Hopefully someone else has had this same virus and knows how to fix it,failing that any suggestions would be greatly appreciated.

Thank you

Hi PussEKatt,

As you havn't said what virus and how you removed it, can only give general advise.
Would advise running Malwarebytes as well.

Its pretty common for virus's to dissable system restore but when the AV removes the virus it does not restore normal settings.

Start-up items can be removed via system Configuration.
Control panel >> Administration tools >> system configuration >> services -tick hide MS
Untick anything you do not recognize.

Roy

You wrote "I have a virus that is causing 3 problems"
Did you remove the virus?
This is a link to portable anti spyware. Download to a flash drive and run it. SUPERAntiSpyware - SUPERAntiSpyware Portable Scanner

HI and thanks for the advice and l;inks.
I have not removed the virus,I was hoping to restore my PC to before I installed this software but as I am having trouble getting system restore to work is why I came on here for advice.I dont know if this is being nieve or not but I was suspicious of this software so I set a restore point just before I ran it and I thought,any problems and I will just run Sys restore and that will be the end of the problem.I had no idear that all this would happen and that I would not be able to run sys restore or get into safe mode.
@ torchwood:before getting into sys configuration there is the choice of 3 options.Obviously I dont select the first option "Normal startup"but which of the other 2 options do I select ? Diagonistic or Selective.
@ Megathertz07 Thanks for the link will download it now.
PS Its my desktop that has the virus,I am replying from my laptop.
Thanks again,will try to get back in to my desktop and try both solutions.Hopefully can let you both know how it went in 20/24 hopurs.

the window that opens
has SERVICES on the TOP line click on it.

Hi guys.
Thanks for your help,I am up and running again on my desktop.
I still need one more problem addressed and I have 2 questions to ask.
The problem is that I have 2 instances of windows running on my desktop ( 1 for my C drive and the other just for Steam games )so on my startup screen I have the choice of whichever partition I want to go to.The Trojan that I had added a third option (which it always booted from ) called "Patch Guard Disabled" The spyware program got rid of the trojan but that startup option is still there.Any idear how I can get rid of that ?
The 2 questions that I want to ask you gusy are.
1-I and probably thousands of other PC users have the impression that if you set a restore point, then you can always go back to it and everything will be fine bagain.As we know now that did not happen ( or at least it was not as easy as just resetting to a restore point ) so the question is What else should I have done after setting a restore point ?
2- In future would it be better to try suspicious software in a sandbox program ? or is this not as simple as it sounds as well.
I look forward to your answers to these questions and thanks again for all your help.

Hi PussEKatt,

from what i can find, thats NOT a "malware" OS.

At some point whilst installing a game, it asked you to install a Cheat to bypass driver signing this being Patch Guard Disabled
remove OS tutorial
Windows Boot Manager - Delete a Listed Operating System - Windows 7 Help Forums

NOT a good move as it dissables ALL driver enforcement rules, over-rides UAC and boot standard operating requirements/proceedures
(it can be done within Windows anyway, PGD is an old pre W7 patch!!)

As for your restore points they are set by YOU on any and all drives on your computer.
If you restore C it does not automatically restore other drives UNLESS you specify which

Most around here use Macrium (free) and create an image on a regular basis
As for security over and above your AV i run Malwarebytes weekly
Wouldn't hurt to install and run it NOW either

Finally as im not a Steam gamer i do not know which game asked/required PGD to be installed.
You never mentioned which trojan it was would be helpfull, to decide on which way to go now.

Roy

Hi again,
Three trojsns were installed,ther were all variants of Trojan.Agent/Gen
I figured out it would be an old Trojan because what happened was.I like playing Football Manager but I find that there is way too much stuff that has nothing to do with playing.( press confrences,international results,U 21 results ,etc etc etc ) so I was looking for a football manager game that is less involved and I found LMA Manager 2007.I downloaded this but the file was corrupt so I looked elsewhare for another file,I found one but after downloading I was suspicious because LMA was in lower case and the file did not seem large enough.Thats why I set a restore point before installing it.Thats why I am asking about restore points, because obviously just setting a restore point was not enough,what else should I have done ?
I have already downloaded Malware Bytes,thanks.
Quote:NOT a good move as it dissables ALL driver enforcement rules, over-rides UAC and boot standard operating requirements/proceedures
(it can be done within Windows anyway, PGD is an old pre W7 patch!!)
So, how do I do this from within Windows ?
Thanks again,looking forward to hearing from you.

Hi PusseKat,

as i said system restore is performed on a drive by drive basis, so C (core) and D (games) both have to be set in System restore (configuration option)

For allowing unsigned drivers see this tutorial
Advanced Boot Options - Windows 7 Help Forums

At this time if i was you i would have

1) followed the tutorial post# 7 removed PGD OS entry
2) downloaded Macrium

TODO

check that all my games are running
>>>> IF <<<< unsigned are required follow Advanced boot option tutorial
If no additional drivers are required Advanced boot option IS NOT required

Once the above is completed
Create a FULL system Macrium image.
notes
System restore is un-neccessary once Macrium is installed and can be turned off (optional)
rerun Macrium at least monthly or prior to install of a new game.

Roy

Hi torchwood
Sorry,I didnt realise that was a tutorial on how to get rid of PGD.I checked it out (after reading this post ) and its for Windows 8,I am running Windows 7 Home Premium 64 bit,can I still use that tutorial ? As far as Macrium goes,I didnt realise you wanted me to use that either I thought you recommended MalwareBytes. Anyway,here is where we/I am up to so far.
I downloaded Superantispyware ( as suggested by post #3 ) and installed and ran it.That is how I found out that I have the Trojan Agent Gen.
I tried to install MalwareBytes but I kept getting this message " An administrator has blocked you from running this program" I put that down to the Trojan.So I looked up how to get rid of Trojan/Gen and found out that I had to download and install the following software.TDSS,RKill,MalwareBytes,Hitman Pro,Emisoft Emergency,Adware and JRT.I downloaded all of these programes because I thought that I would be able to install and run the first one and go from there,but I was unable to install anything as I kept getting the same "An administratpor blocked" message.So in an attempt to be able to install software I googled and tried the following.
Using an advanced cmd I typed "net user administrator /active.yes"..This did not work.
I tried to disable "SmartScreen" but the option was not even there.
I am going to try.HKEY_LOCAL_Machine\Software\MS\Win\CurrentVersion\Policies\System...I will see if I can Enasble UA and change the value from 1 to 0.
I dont understand how this Trojan can do all this after Superantispyware got rid of it unless there is another Undected virus still on the PC ? I have run Superantispyware again and it finds nothing at all now.
You should also know that the only reason I can still get into my desktop PC is because I went to Start>Computer>Propertioes>Advanced>Settings and under Start Up I changed the default OS to my C drive.The default StartUp was set to PGD and the time delay was set to 1 second.PGD is still there as an option and that is why I am desperate to get rid of it in case the Trojan/virus decides to reset it again.
As far as the Restore point goes, I only set it on C drive and then only because I was suspecious about this software.I was under the impression that if you set a restore point you can always go back to it ?!
Unsigned Drivers, I have never had to use them as far as I know and no software has ever asked for them, again as far as I know.
In case it is a symptom,you should know that I cant get on the internet using my desktop PC either.Thats everything up to date now.As usual, I look forward to hearing from you.