Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Win 7 unable to use or create restore point after fbi virus


19 Jul 2013   #1

Windows 7 Ultimate 32 bit
 
 
Win 7 unable to use or create restore point after fbi virus

After being attacked and removing fbi virus I'm unable to use or create restore points. Tried repair and wmi.dat. Any other suggestions would be appreciated.


My System SpecsSystem Spec
.

19 Jul 2013   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Follow the instructions here, then see if you can set a clean restore point Remove the FBI MoneyPak Ransomware or the Reveton Trojan
My System SpecsSystem Spec
19 Jul 2013   #3

Windows 7 Ultimate 32 bit
 
 

Thanks will give a try.
My System SpecsSystem Spec
.


19 Jul 2013   #4

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Farbar Service Scanner

Click here Farbar Service Scanner to DOWNLOAD

Place file into your desktop

Place a check mark next to the following options
  • ⬜ Internet Services
  • ⬜ Windows Firewall
  • ⬜ System Restore
  • ⬜ Security Center
  • ⬜ Windows Update
  • ⬜ Windows Defender
Press the Scan button

Farbar Service Scanner will create a log, called FSS.txt, on the Desktop. Upload the FSS.txt with your reply
My System SpecsSystem Spec
19 Jul 2013   #5
Microsoft MVP

 

I recommend wiping the HD with Diskpart Clean Command to get a perfect Clean Reinstall .

It will likely save time in the long run dealing with all of the surprises left behind even when you clean up a serious infection.
My System SpecsSystem Spec
19 Jul 2013   #6

Windows 7 Ultimate 32 bit
 
 

You may be right but I'll give the other fixes a try first thing tomorrow.
My System SpecsSystem Spec
19 Jul 2013   #7

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Run this tool as well

Farbar Recovery Scan Tool


32-bit Version OS Farbar Recovery Scan Tool <==== Download Link

Drag the FRST.exe from the Downloads folder to your Desktop

Right click on FRST.exe and choose

When the tool opens click Yes on the disclaimer window .

Press Scan button.


Please upload both logs in your reply.(FRST.txt and Addition.txt)

FRST.txt and Addition.txt will be on the Desktop

Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .
My System SpecsSystem Spec
19 Jul 2013   #8

Windows 7 Ultimate 32 bit
 
 

Here are the files.


Attached Files
File Type: txt Addition.txt (24.7 KB, 6 views)
File Type: txt FRST.txt (58.3 KB, 12 views)
My System SpecsSystem Spec
19 Jul 2013   #9

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Upload the FSS.txt file
My System SpecsSystem Spec
19 Jul 2013   #10

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Don't Run


Open Notepad . Inside Notepad paste the highlighted text


start
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKLM\...\Run: [] - [x]
HKLM\...\Run: [TaskTray] - [x]
HKCU\...\Run: [AdobeBridge] - [x]
URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
C:\ProgramData\20tb6z.dat
C:\ProgramData\dziw0q.pad
C:\ProgramData\as98213.txt
C:\ZD267718
C:\ProgramData\20tb6z.dat
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
end


Inside Notepad

click on File > Save As
File Name : Fixlist.txt
Save as type: All Files
Location: Destkop

Open up FRST.exe again . Click on the [Fix] button . Once its complete it will create a new log called Fixlog.txt upload that log.


AdwCleaner

Click here AdwCleaner

Click on Download Now button

Save to the Desktop

Right-click on AdwCleaner.exe and choose

Click on Delete and confirm the prompt.



Your computer will be rebooted automatically. A text file will open after the restart.

Upload the log : The log file is at C:\AdwCleaner[Sn].txt


Also run

TDSSKILLER

download link TDSSKiller

Save the file to the Desktop

Right-click the program and select:



When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK


Press: Start Scan


If a suspicious object is detected, the default action is Skip, leave it as is, and click on: Continue
If malicious objects are found, they show in the Scan results.
Ensure Cure (the default) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)


When done, the tool outputs its log to the disk with the Windows Operating System, normally C:\


Logs have a name like:
C:\TDSSKiller.X.X.X_12.04.2013_15.31.43_log.txt


Please post the TDSSKiller log in your reply.
My System SpecsSystem Spec
Reply

 Win 7 unable to use or create restore point after fbi virus




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:09 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33