This morning/afternoon (i'm not sure), some rogue software calling itself PC Antispyware 2010 uploaded itself onto my mother's computer.

It disabled windows defender and Mcafee, and even though we went into the control panel and deleted it, it still messes up the computer. Even when Windows defender had supposedly removed the trojans it still ran rampant.

So my mother and i have used system restore to rewind to a day before the trojan struck.

Will that work?

This morning/afternoon (i'm not sure), some rogue software calling itself PC Antispyware 2010 uploaded itself onto my mother's computer.

It disabled windows defender and Mcafee, and even though we went into the control panel and deleted it, it still messes up the computer. Even when Windows defender had supposedly removed the trojans it still ran rampant.

So my mother and i have used system restore to rewind to a day before the trojan struck.

Will that work?

I doubt system restore would solve the problem as it isn't a fix-all. I would go with removing it, since the restore may leave program files from the application in the programs folder, which would be problematic because it can cause a ton of complications.

I found this with a quick google search:
http://www.bleepingcomputer.com/virus-removal/remove-pc-antispyware-2010

If it's hijacking your internet browser you'll likely need to download the Malwarebytes' Anti-Malware application via another computer

You may also consider using CNTRL+ALT+DELETE to access the task manager and under the processes tab sind and kill these processes if they're active before installing the malware bytes:

PC_Antispyware2010.exe
Uninstall.exe
jugifyryve.exe

I doubt system restore would solve the problem as it isn't a fix-all. I would go with removing it, since the restore may leave program files from the application in the programs folder, which would be problematic because it can cause a ton of complications.

I found this with a quick google search:
http://www.bleepingcomputer.com/virus-removal/remove-pc-antispyware-2010

If it's hijacking your internet browser you'll likely need to download the Malwarebytes' Anti-Malware application via another computer

You may also consider using CNTRL+ALT+DELETE to access the task manager and under the processes tab sind and kill these processes if they're active before installing the malware bytes:

PC_Antispyware2010.exe
Uninstall.exe
jugifyryve.exe


well, i have used system restore. No problems yet. Just wait for ~48 hours then i will report back.

And idk if it hijacked the computer browser.

well, i have used system restore. No problems yet. Just wait for ~48 hours then i will report back.

And idk if it hijacked the computer browser.

If it hijacks the browser you'll know immediately. But I would still do a scan with MBM to make sure it's gone even if the restore worked in killing the processes.

Then follow with a scan with Superantispyware. :)

Both is safe mode.

well, my mother's browsers are messed up. First off, on Internet explorer, the only link that we could use was her emails. Then, i tried uploading firefox. All we got was 2 short lines of text, regardless of anything we clicked upon.

Go to Add/reemove programs in the Control panel, remove all software that install games and video files, especially any video files that are not from Microsoft or another publisher. If they have DivX they may have installed it from a bad website.

Start your computer in safe mode with networking (usually by holding down the F8) during start up, invoke task manager and look for the processes in the bleeping comupter page, end them, go to www.malwarebytes.com and downlaod, update and run.

Then reboot, see if you can start in normal mode, if you can go to superantispyware downlaod the progra, restart in safe mode with networking, update SAS and run.

If those do not work try the Microsoft MSRT
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en


Run the MSRT and then immedeatly run Malwarebytes and SAS
If that does not work, not all hope is lost go to
http://forums.majorgeeks.com/showthread.php?t=35407
and do what it says, especially the part about removing old java.

It takes time and patience, there is also HijackThis, but you have to follow the instructions they give you exactly.

And while I hate to be the bearer of bad news I think this is important information.

Unfortunately Malware often becomes incorporated in the System Restore files as a mechanism which ultimately frustrates efforts to remove it.

!! IF YOU FOLLOW MY NEXT INSTRUCTIONS YOU WILL LOSE ALL YOUR SYSTEM RESTORE POINTS TO DATE !!

The only way to get round this is to disable System Restore, reboot and re-enable it.

Doing that deletes ALL the system restore files along with any malicious code that's found it's way in there.

Of course that means that you cannot restore back to any earlier points - only to new restore points which are subsequently created going forward.

And while I hate to be the bearer of bad news I think this is important information.

Unfortunately Malware often becomes incorporated in the System Restore files as a mechanism which ultimately frustrates efforts to remove it.

!! IF YOU FOLLOW MY NEXT INSTRUCTIONS YOU WILL LOSE ALL YOUR SYSTEM RESTORE POINTS TO DATE !!

The only way to get round this is to disable System Restore, reboot and re-enable it.

Doing that deletes ALL the system restore files along with any malicious code that's found it's way in there.

Of course that means that you cannot restore back to any earlier points - only to new restore points which are subsequently created going forward.

There is of course second way. get admin account then put full permissions to folder "system volume information" and then delete.
IIRC it will recreate neccessary files again. (I have deactivated service due to space constraint...)

There is of course second way. get admin account then put full permissions to folder "system volume information" and then delete.
IIRC it will recreate neccessary files again. (I have deactivated service due to space constraint...)

I am led to believe that even the Admin user cannot delete the System Restore files and that there is in fact a hidden 'Super-User' account that handles this process when the sequence I described is peformed.

:confused:

I am led to believe that even the Admin user cannot delete the System Restore files and that there is in fact a hidden 'Super-User' account that handles this process when the sequence I described is peformed.

:confused:

If you are admin you can add your account to list(In security tab for said folder). (SUperaccount would be "System")

As far as I remember this works even in Vista and 7.

ETA: As I am doing quite tests,I have deactiveted UAC... (Otherwise I reccomende it for 7)