Main Forum > General Computer Support
System Restore No Longer Working After Using Tweaking Windows.
jraju:
Hi, Julian
I am afraid that Novice system is deeply penetrated by a Trojan, which makes the dependent services to be changed manual and disabled.
He has to get rid of this trojan. Otherwise, on boot , whatever be the change he makes would be disabled by that trojan.
Has he done a through check by using eset scanner and malware bytes. these are two programs that will fix the trojan. He should do the full scan in mbtyes and scan his computer to get rid of this trojan. If he has already done that, then he has to do the boot scan by reputed antivirus, which will kill it before the point of booting.
jraju:
Hi, Novice Please understand that you have to take some steps on the suggestion, as it will not be possible to look in to your system .
First, do the scans to get rid of the trojan, which disable creating restore points.
Others are in the following way. Pl go to the registry and look for those things and if found do the cure.check the following files for existence
%windir%\system32 directory:
Srrstr.dll, srclient.dll, srcore.dll,rstrui.exe
3. Check that the VSS is not disabled.This is a must. It should be verified to be running. You should also see the dependency servicess are also started and set to automatic.
4. Check the registry keys
HKLM\Software\Microsoft\WindowsNT\Current Version\System restore
5. When you find Disable config DWORD set to "1"in these keys, export the keys and delete it.
Vista system ,supports sfc /scannow and if it is run once, it will fix most problems as they are in OS
Novice22:
A Trojan was found - Trojan.Siredef - but machine is now clean.
Panda antivirus is running all the time.
I am not experienced enough to play around with the registry.
VSS is enabled - stsrted - and set to manual.
sfc /scannow and chkdsk have been run numerous times.
jraju:
Hi, It is not playing. It should be done to have the cure.
Ok. What about the dependency services , that are also to be started and set to automatic. You said that VSS set to manual. It should be set to Automatic.
The dependency services may be seen in the VSS tab itself. You note it and then make it also started and set to automatic.
edit: it is default manual.
It is not risky to change or remove an item from registry , in this case Disabled config. Because this key has been started by some infection program. It made the key, and it is not a system key. Understand. By exporting this key totally , Just click on the key and export and export to desktop or anywhere. This is a known issue and your computer booting has nothing to do with this key. So, go to your search box. type run.press enter. On the open Run box type regedit and you get registry editor.
There you will have those hklm on the left side of the window. Just go through the path shown in my link. Just find the system restore folder. When you click this, there may be items shown in the right side of the window. If there is a key named Disabledconfig, you just export the key to your desktop. I would delete the key. But as you express your reluctance using regedit, i ask you to export, it will be exported to desktop, if you choose the desktop as destination folder. Now just close the Registry editor by closing x mark on the top of the right corner.
Now try system restore if it is working. Probably will work, because you have removed trojan and the registry key it has injected or modified. OK. If you leave, if any other key is deleted, it will automatically recreate. Are you clear now?
Did you see the four files in your system32 folder. If there is missing of these application extension, then you have to copy those files either from some other computer having the same version of OS and replace in the same folder. It may fix .
System restore is a main thing and if you cannot create or system does not create, then your trojan, which has been deleted may inject again.
As a last resort, you could use your vista dvd, and then booting thro, it you could do the system restore by selecting repair computer menu at the set up window. This is also one of the easy method if you know how to boot from dvd
edit: the component services by this VSS, like dcom and rpc services have so many dependencies and look and correct those entries are cumbersome. It has so much dependencies that it is having more than 10 sub components.
jraju:
Hi, I have already said in another thread the link and how to use the dependency walker. I do not know the extent of it's capability. But it is worth a try, if application gives error message. I will give the link, and try it.
Hi, shane, Boggins. I checked this Dependency walker tool and found some usefulness in executing failed applications. I have not tried by choosing the options. But checking all the boxes of those exes only in the application. It worked remarkably if there are no other bugs in the program .Please comment on it.In this case, it is rstrui.exe
I just come across this tool, when i could not execute some application. like path edit etc. I downloaded and execute it and proceeded as in the link. To my surprise, it worked and the execute works.
I am thinking of using this tool to troubleshoot application errors.
http://www.tweaking.com/forums/index.php/topic,4075.0.html
The log in the bottom box would show in line red the problems in detail. If it could call and fix, it it will otherwise, the real technical details of the problem may be noted and solution to the problem may be attempted
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version