Cannot System Restore due to Trojan Agent Gen Nullo

Discussion in 'Malware Help (A Specialist Will Reply)' started by Raphee, Jan 25, 2010.

  1. Raphee

    Raphee Private First Class

    I was trying to install Spyware doctor, and probably made some error. I decided to do a System Restore. But was unable achieve it.
    I ran Super Anti Spyware. it found Trojan Agent Gen Nullo Short.
    Malware Bytes Anti Malware detected Trojan Vundo.
    I quarantined these. Tried System Restore. But it didn't work.

    Next step I went through the Read and Run Me Malware removal guide.
    SAS found two more trojans. MBAM found nothing.
    Did all the steps: Combi Fix, Root Repeal etc. ending up with a Toggle Restore.
    I ran SAS this morning. It was clean. Then I decided to try a System Restore to check if it was working.
    However, the message I got was that I could not restore to the System Point created after using CombiFix.
    I have attached the files that I initially saved as per procedure mentioned in Read and Run Me first Malware Removal Read Me sticky.

    The only visible problem to me at this point is that System Restore is not working.

    Would appreciate your help, on fixing this.
    PS: After re reading the Windows XP cleaning procedure, I believe that I should have checked the system restore point after Combi Fix. But since there was no mention in the sticky, (at least I misunderstood the words), I proceeded to create a new System Restore Point.
     

    Attached Files:

    Raphee, Jan 25, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You were not supposed to toggle system restore until we were finished cleaning.

    You need to attach the C:\MGLogs.zip
     
    TimW, Jan 25, 2010
    #2
  3. Raphee

    Raphee Private First Class

    Yes. I realise that doing a system restore was wrong.
    Find the MGlogs file.

    Thanks.
     

    Attached Files:

    Raphee, Jan 26, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean. Are you still unable to set a restore point? (This may be something you need to pursue in the software forums).


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    Last edited: Jan 26, 2010
    TimW, Jan 26, 2010
    #4
  5. Raphee

    Raphee Private First Class

    Hi Tim,

    I do not have a retail copy of XP CD. Therefore I couldn't install SR.INF file. (btw, my INF folder does not show SR. INF instead it showed a sr file. This is the one I tried to install.)
    I also tried to locate SR.INF file in i386 folder. I couldnt find it.

    I then tried to check system restore through System Tools. It is creating new points. But when I try to go back to the previous checkpoint, that is not happening.

    Also I have seen some funny behavior with Google Chrome browser today. It allows me to open extra tabs. But when I click on them they close automatically.

    Please advise.
     
    Raphee, Jan 27, 2010
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I suggest that you post in the software forum for those two items. You may be needing to run sfc but you need a disc to do that. As I said, I think you are missing some system files.
     
    TimW, Jan 28, 2010
    #6
  7. Raphee

    Raphee Private First Class

    Thanks Tim,
    You've helped a lot and I wish you and your team the best.
     
    Raphee, Jan 29, 2010
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Safe surfing. :)
     
    TimW, Jan 29, 2010
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds