Browser Redirect in IE and Mozilla

[Blade81]

I'm sorry. Posted instructions for cleaning system restore of XP. Please find the right steps below.

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.

 

[devious]

Unable to un-check C:

I am unable to uncheck the C:\ Drive from the list.

 

[devious]

Oops

Sorry, accidently submitted.

It says that it's a "Group Policy" (On the Administrator)

Thanks,
devious

 

[Blade81]

Hi

Download ERUNT
Save it to your desktop. Run and install this program.

In the box that opens ONLY choose
System registry.

Then click OK.

Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

Go to registery edit (type regedit in RUN and press enter)
- Navigate to the following key
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore
- Delate following keys if found:

DisableConfig
DisableSR

Reboot if needed and see if you can change the system restore settings after that.

 

[devious]

Didnt work....

I downloaded it, backed it up and then deleted the two registries.


Didnt work... Now I am getting a "Searching..." Message. (See Attachment)


I am going to restore the reg, just to make sure it doesnt cause any damage.


Anything else I can try?

Thanks,
devious

 

[devious]

Uhoh

Restoring the reg. backup didnt do anything! The searching message is still there...

What do I do?

Thanks
-devious

 

[Blade81]

Hi

It shows same message in my system too for some time before showing any details. Did you wait any moment after you had opened system protection tab?


Creating & executing batch file
-------------------------------

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop. (If you are still unsure on how to do this there is a little tutorial with pictures here)
@echo off
regedit /e c:\keyExport.txt "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore"
notepad c:\keyExport.txt

Double-click on fixes.bat file to execute it.


Post back contents of c:\keyExport.txt (should open up in Notepad window).

 

[devious]

Yep, I waited probley 2-3 minutes.


Heres the content of the log:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore]



Thanks
devious

 

[Blade81]

Hi

How did you attempt to restore ERUNT backup?

 

[devious]

By navigating to: C:\WINDOWS\ERDNT\30-11-2008

And then clicking ERDNT in that folder.


It game me like 8 error messages.


-Thanks
Devious

 

[Blade81]

Hi

What error messages? I'm afraid restoring wasn't successful.

 

[devious]

Error messages

Current registry file not found:
C:\WINDOWS\System32\config\SAM

Restore this file?


[Yes] - No



Error restoring
C:\WINDOWS\System32\config\SAM
to
C:\WINDOWS\System32\config\SAM !

Continue with the next file?


[Yes] - No


Current registry file not found:
C:\WINDOWS\System32\config\COMPON~1

Restore this file?


[Yes] - No



Error restoring
C:\WINDOWS\System32\config\COMPON~1
to
C:\WINDOWS\System32\config\COMPON~1 !

Continue with the next file?


[Yes] - No


Unable to create a backup of the
current registry file
C:\boot\bcd !

Continue with resporation of this file?

[Yes] - No


Error restoring
C:\WINDOWS\ERDNT\30-11-2008\bcd
to
C:\boot\bcd !

Continue with the next file?


[Yes] - No



Then it gives me something like "Restoration is complete!"


Thanks.
Devious

 

[Blade81]

Hi

Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore]

It should look like this ->

Doubleclick fix.reg, press Yes and ok.

Reboot the system and see if you can access system restore normally.

 

[devious]

Okay, did that...

And yep, I can access system restore.

Now what?

Thanks
devious

 

[Blade81]

Good. Are you able to do the system restore reset which you earlier couldn't?

 

[devious]

Let me try, and I will post back.

 

[devious]

Yep!

I completed it successfully.


=) Anything else?


Thanks
devious

 

[Blade81]

If things are back to normal then you can follow other instructions in post #19 in order to make system safer

 

[devious]

Okay, I did that. Anything else? olice:


Thanks

 

[Blade81]

No. If the things are running well let me know and I'll archive the topic