Problems with system restore failure after trojan attack.

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Greetings wise ones, I recently was struck by a trojan downloader, small.26,
and about 4 other variations, 6,9,17. I am finally clean of those, but my
recurring nightnare is, after completing a scan in safe mode with system
restore turned off I returned to my computer/properties/system restore, as I
was uncheckling the tickbox /turnoff system restore, the screen jumped and
the system restore tab disappeared, this is exactly what took place. and now
on the properties screen, there is no tab for system restore, All the files
for restore points also disappeared in system volume info, system volume info
is empty!!! I have tried start ing from admin tools/system/systemrestore
start, and the loading dialog comes on and then an error message, COULD NOT
START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS IS DENIED.
This is not a registry group policy/disable access denial. I have been
there, I have also loaded the complete set of registry keys for system
restore from Kellys Korner, tweaks etc.
I have also attempted to start from a command prompt, nothing, I know this
all sounds like the opening scene from an outer limits episode, or Doony
Darko, and I need help, is there any way to reload the system restore snap
in, complete??? help and thanks,
Munka
19 answers Last reply
More about problems system restore failure trojan attack
  1. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    "Munka" wrote:

    > Greetings wise ones, I recently was struck by a trojan downloader, small.26,
    > and about 4 other variations, 6,9,17. I am finally clean of those, but my
    > recurring nightnare is, after completing a scan in safe mode with system
    > restore turned off I returned to my computer/properties/system restore, as I
    > was uncheckling the tickbox /turnoff system restore, the screen jumped and
    > the system restore tab disappeared, this is exactly what took place. and now
    > on the properties screen, there is no tab for system restore, All the files
    > for restore points also disappeared in system volume info, system volume info
    > is empty!!! I have tried start ing from admin tools/system/systemrestore
    > start, and the loading dialog comes on and then an error message, COULD NOT
    > START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS IS DENIED.
    > This is not a registry group policy/disable access denial. I have been
    > there, I have also loaded the complete set of registry keys for system
    > restore from Kellys Korner, tweaks etc.
    > I have also attempted to start from a command prompt, nothing, I know this
    > all sounds like the opening scene from an outer limits episode, or Doony
    > Darko, and I need help, is there any way to reload the system restore snap
    > in, complete??? help and thanks, I forgot to metion I have also tried to copy across the core filed and I get a error message: ERROR IN ADVPACK.DLL
    MISSING ENTRY : LAUNCH INFSECTIONC:\WINDOWS\INF\SR.INF.
    > Munka
  2. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    "Munka" <Munka@discussions.microsoft.com> wrote in message
    news:9D4BC6D2-E59F-43E7-80A3-2D97B5156BBC@microsoft.com...
    > Greetings wise ones, I recently was struck by a trojan downloader,
    > small.26,
    > and about 4 other variations, 6,9,17. I am finally clean of those, but
    > my
    > recurring nightnare is, after completing a scan in safe mode with
    > system
    > restore turned off I returned to my computer/properties/system
    > restore, as I
    > was uncheckling the tickbox /turnoff system restore, the screen jumped
    > and
    > the system restore tab disappeared, this is exactly what took place.
    > and now
    > on the properties screen, there is no tab for system restore, All the
    > files
    > for restore points also disappeared in system volume info, system
    > volume info
    > is empty!!! I have tried start ing from admin
    > tools/system/systemrestore
    > start, and the loading dialog comes on and then an error message,
    > COULD NOT
    > START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS IS
    > DENIED.
    > This is not a registry group policy/disable access denial. I have been
    > there, I have also loaded the complete set of registry keys for system
    > restore from Kellys Korner, tweaks etc.
    > I have also attempted to start from a command prompt, nothing, I know
    > this
    > all sounds like the opening scene from an outer limits episode, or
    > Doony
    > Darko, and I need help, is there any way to reload the system restore
    > snap
    > in, complete??? help and thanks,
    > Munka


    Do me a favour and scan the registry for "DisableSR" without the quotes.
    I have seen this DWord in other policy settings in the registry.

    --
    William
  3. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Hi William, thanks for responding, and sorry for the delayed response (I had
    to sleep) Until I reloaded all registry keys, (from Kellys Korner) related to
    system restore that dword was not present on my system and on a tip from
    AumHa, I set them to delete, so it is not a group policy denial. Munka

    "WTC" wrote:

    > "Munka" <Munka@discussions.microsoft.com> wrote in message
    > news:9D4BC6D2-E59F-43E7-80A3-2D97B5156BBC@microsoft.com...
    > > Greetings wise ones, I recently was struck by a trojan downloader,
    > > small.26,
    > > and about 4 other variations, 6,9,17. I am finally clean of those, but
    > > my
    > > recurring nightnare is, after completing a scan in safe mode with
    > > system
    > > restore turned off I returned to my computer/properties/system
    > > restore, as I
    > > was uncheckling the tickbox /turnoff system restore, the screen jumped
    > > and
    > > the system restore tab disappeared, this is exactly what took place.
    > > and now
    > > on the properties screen, there is no tab for system restore, All the
    > > files
    > > for restore points also disappeared in system volume info, system
    > > volume info
    > > is empty!!! I have tried start ing from admin
    > > tools/system/systemrestore
    > > start, and the loading dialog comes on and then an error message,
    > > COULD NOT
    > > START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS IS
    > > DENIED.
    > > This is not a registry group policy/disable access denial. I have been
    > > there, I have also loaded the complete set of registry keys for system
    > > restore from Kellys Korner, tweaks etc.
    > > I have also attempted to start from a command prompt, nothing, I know
    > > this
    > > all sounds like the opening scene from an outer limits episode, or
    > > Doony
    > > Darko, and I need help, is there any way to reload the system restore
    > > snap
    > > in, complete??? help and thanks,
    > > Munka
    >
    >
    > Do me a favour and scan the registry for "DisableSR" without the quotes.
    > I have seen this DWord in other policy settings in the registry.
    >
    > --
    > William
    >
    >
    >
    >
  4. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Well I now have a restore point in System volume info folder, there were none
    before, that folder was emty, maybe when I reloaded the core system files
    from the cd, but system restore still comes up with a error 5 message as
    above. and still no system restore tab on the system properties screen, I
    will try a reboot and return soon.

    "MUNKA" wrote:

    > Hi William, thanks for responding, and sorry for the delayed response (I had
    > to sleep) Until I reloaded all registry keys, (from Kellys Korner) related to
    > system restore that dword was not present on my system and on a tip from
    > AumHa, I set them to delete, so it is not a group policy denial. Munka
    >
    > "WTC" wrote:
    >
    > > "Munka" <Munka@discussions.microsoft.com> wrote in message
    > > news:9D4BC6D2-E59F-43E7-80A3-2D97B5156BBC@microsoft.com...
    > > > Greetings wise ones, I recently was struck by a trojan downloader,
    > > > small.26,
    > > > and about 4 other variations, 6,9,17. I am finally clean of those, but
    > > > my
    > > > recurring nightnare is, after completing a scan in safe mode with
    > > > system
    > > > restore turned off I returned to my computer/properties/system
    > > > restore, as I
    > > > was uncheckling the tickbox /turnoff system restore, the screen jumped
    > > > and
    > > > the system restore tab disappeared, this is exactly what took place.
    > > > and now
    > > > on the properties screen, there is no tab for system restore, All the
    > > > files
    > > > for restore points also disappeared in system volume info, system
    > > > volume info
    > > > is empty!!! I have tried start ing from admin
    > > > tools/system/systemrestore
    > > > start, and the loading dialog comes on and then an error message,
    > > > COULD NOT
    > > > START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS IS
    > > > DENIED.
    > > > This is not a registry group policy/disable access denial. I have been
    > > > there, I have also loaded the complete set of registry keys for system
    > > > restore from Kellys Korner, tweaks etc.
    > > > I have also attempted to start from a command prompt, nothing, I know
    > > > this
    > > > all sounds like the opening scene from an outer limits episode, or
    > > > Doony
    > > > Darko, and I need help, is there any way to reload the system restore
    > > > snap
    > > > in, complete??? help and thanks,
    > > > Munka
    > >
    > >
    > > Do me a favour and scan the registry for "DisableSR" without the quotes.
    > > I have seen this DWord in other policy settings in the registry.
    > >
    > > --
    > > William
    > >
    > >
    > >
    > >
  5. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    news:A5F912FD-2877-4102-A424-E1A78F3087D3@microsoft.com...
    > Hi William, thanks for responding, and sorry for the delayed response
    > (I had
    > to sleep) Until I reloaded all registry keys, (from Kellys Korner)
    > related to
    > system restore that dword was not present on my system and on a tip
    > from
    > AumHa, I set them to delete, so it is not a group policy denial.
    > Munka
    >


    Worth a try.

    Have you tried to reinstall System Restore? I don't know if Ramesh is
    going this route. If you want to try then go to the Start>Run and type

    inf

    The "inf" folder should open, once open locate "sr.inf". Highlight
    "sr.inf" and right-click and select install.

    --
    William
  6. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Yes I did the install again, also with Ramesh, and rebooted, still will not
    start, same error message, nothing. Munka

    "WTC" wrote:

    > "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    > news:A5F912FD-2877-4102-A424-E1A78F3087D3@microsoft.com...
    > > Hi William, thanks for responding, and sorry for the delayed response
    > > (I had
    > > to sleep) Until I reloaded all registry keys, (from Kellys Korner)
    > > related to
    > > system restore that dword was not present on my system and on a tip
    > > from
    > > AumHa, I set them to delete, so it is not a group policy denial.
    > > Munka
    > >
    >
    >
    > Worth a try.
    >
    > Have you tried to reinstall System Restore? I don't know if Ramesh is
    > going this route. If you want to try then go to the Start>Run and type
    >
    > inf
    >
    > The "inf" folder should open, once open locate "sr.inf". Highlight
    > "sr.inf" and right-click and select install.
    >
    > --
    > William
    >
    >
    >
    >
  7. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    When I run "C:\WINDOWS\system32\Restore\rstrui.exe" I get the error
    message, "System restore not able to protect your computer, please restart
    your computer and then run system restore again." Of course I do that and get
    the same message. Hmmm, I wish to persue this issue, and now I need to go
    offline foe a coulple of hours, any assistance gets a warm reception.
    Thanks Munka

    "MUNKA" wrote:

    > Yes I did the install again, also with Ramesh, and rebooted, still will not
    > start, same error message, nothing. Munka
    >
    > "WTC" wrote:
    >
    > > "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    > > news:A5F912FD-2877-4102-A424-E1A78F3087D3@microsoft.com...
    > > > Hi William, thanks for responding, and sorry for the delayed response
    > > > (I had
    > > > to sleep) Until I reloaded all registry keys, (from Kellys Korner)
    > > > related to
    > > > system restore that dword was not present on my system and on a tip
    > > > from
    > > > AumHa, I set them to delete, so it is not a group policy denial.
    > > > Munka
    > > >
    > >
    > >
    > > Worth a try.
    > >
    > > Have you tried to reinstall System Restore? I don't know if Ramesh is
    > > going this route. If you want to try then go to the Start>Run and type
    > >
    > > inf
    > >
    > > The "inf" folder should open, once open locate "sr.inf". Highlight
    > > "sr.inf" and right-click and select install.
    > >
    > > --
    > > William
    > >
    > >
    > >
    > >
  8. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    The rundll32.exe parameters are case-sensitive. Use this exactly:

    "rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf"

    --
    Ramesh, Microsoft MVP
    Windows XP Shell/User
    http://windowsxp.mvps.org


    "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    news:CB108C40-C661-403A-8804-287B3E8E8438@microsoft.com...
    >
    >
    > "Munka" wrote:
    >
    >> Greetings wise ones, I recently was struck by a trojan downloader,
    >> small.26,
    >> and about 4 other variations, 6,9,17. I am finally clean of those, but my
    >> recurring nightnare is, after completing a scan in safe mode with system
    >> restore turned off I returned to my computer/properties/system restore,
    >> as I
    >> was uncheckling the tickbox /turnoff system restore, the screen jumped
    >> and
    >> the system restore tab disappeared, this is exactly what took place. and
    >> now
    >> on the properties screen, there is no tab for system restore, All the
    >> files
    >> for restore points also disappeared in system volume info, system volume
    >> info
    >> is empty!!! I have tried start ing from admin tools/system/systemrestore
    >> start, and the loading dialog comes on and then an error message, COULD
    >> NOT
    >> START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS IS
    >> DENIED.
    >> This is not a registry group policy/disable access denial. I have been
    >> there, I have also loaded the complete set of registry keys for system
    >> restore from Kellys Korner, tweaks etc.
    >> I have also attempted to start from a command prompt, nothing, I know
    >> this
    >> all sounds like the opening scene from an outer limits episode, or Doony
    >> Darko, and I need help, is there any way to reload the system restore
    >> snap
    >> in, complete??? help and thanks, I forgot to metion I have also tried to
    >> copy across the core filed and I get a error message: ERROR IN
    >> ADVPACK.DLL
    > MISSING ENTRY : LAUNCH INFSECTIONC:\WINDOWS\INF\SR.INF.
    >> Munka
  9. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Hi Ramesh, yes I tried as you said, and got this error message error could
    not locate INF file C:\windows \inf\sr, Munka

    "Ramesh, MS-MVP" wrote:

    > The rundll32.exe parameters are case-sensitive. Use this exactly:
    >
    > "rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf"
    >
    > --
    > Ramesh, Microsoft MVP
    > Windows XP Shell/User
    > http://windowsxp.mvps.org
    >
    >
    > "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    > news:CB108C40-C661-403A-8804-287B3E8E8438@microsoft.com...
    > >
    > >
    > > "Munka" wrote:
    > >
    > >> Greetings wise ones, I recently was struck by a trojan downloader,
    > >> small.26,
    > >> and about 4 other variations, 6,9,17. I am finally clean of those, but my
    > >> recurring nightnare is, after completing a scan in safe mode with system
    > >> restore turned off I returned to my computer/properties/system restore,
    > >> as I
    > >> was uncheckling the tickbox /turnoff system restore, the screen jumped
    > >> and
    > >> the system restore tab disappeared, this is exactly what took place. and
    > >> now
    > >> on the properties screen, there is no tab for system restore, All the
    > >> files
    > >> for restore points also disappeared in system volume info, system volume
    > >> info
    > >> is empty!!! I have tried start ing from admin tools/system/systemrestore
    > >> start, and the loading dialog comes on and then an error message, COULD
    > >> NOT
    > >> START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS IS
    > >> DENIED.
    > >> This is not a registry group policy/disable access denial. I have been
    > >> there, I have also loaded the complete set of registry keys for system
    > >> restore from Kellys Korner, tweaks etc.
    > >> I have also attempted to start from a command prompt, nothing, I know
    > >> this
    > >> all sounds like the opening scene from an outer limits episode, or Doony
    > >> Darko, and I need help, is there any way to reload the system restore
    > >> snap
    > >> in, complete??? help and thanks, I forgot to metion I have also tried to
    > >> copy across the core filed and I get a error message: ERROR IN
    > >> ADVPACK.DLL
    > > MISSING ENTRY : LAUNCH INFSECTIONC:\WINDOWS\INF\SR.INF.
    > >> Munka
    >
    >
  10. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    >> C:\windows \inf\sr

    C:\windows\inf\sr.inf

    If you have Windows installed in any other drive than C:\, alter the path
    accordingly.

    --
    Ramesh, Microsoft MVP
    Windows XP Shell/User
    http://windowsxp.mvps.org


    "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    news:61CA59D1-4A2D-4FF2-973E-B8BBC69CE67B@microsoft.com...
    > Hi Ramesh, yes I tried as you said, and got this error message error
    > could
    > not locate INF file C:\windows \inf\sr, Munka
    >
    > "Ramesh, MS-MVP" wrote:
    >
    >> The rundll32.exe parameters are case-sensitive. Use this exactly:
    >>
    >> "rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf"
    >>
    >> --
    >> Ramesh, Microsoft MVP
    >> Windows XP Shell/User
    >> http://windowsxp.mvps.org
    >>
    >>
    >> "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    >> news:CB108C40-C661-403A-8804-287B3E8E8438@microsoft.com...
    >> >
    >> >
    >> > "Munka" wrote:
    >> >
    >> >> Greetings wise ones, I recently was struck by a trojan downloader,
    >> >> small.26,
    >> >> and about 4 other variations, 6,9,17. I am finally clean of those, but
    >> >> my
    >> >> recurring nightnare is, after completing a scan in safe mode with
    >> >> system
    >> >> restore turned off I returned to my computer/properties/system
    >> >> restore,
    >> >> as I
    >> >> was uncheckling the tickbox /turnoff system restore, the screen jumped
    >> >> and
    >> >> the system restore tab disappeared, this is exactly what took place.
    >> >> and
    >> >> now
    >> >> on the properties screen, there is no tab for system restore, All the
    >> >> files
    >> >> for restore points also disappeared in system volume info, system
    >> >> volume
    >> >> info
    >> >> is empty!!! I have tried start ing from admin
    >> >> tools/system/systemrestore
    >> >> start, and the loading dialog comes on and then an error message,
    >> >> COULD
    >> >> NOT
    >> >> START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS IS
    >> >> DENIED.
    >> >> This is not a registry group policy/disable access denial. I have been
    >> >> there, I have also loaded the complete set of registry keys for system
    >> >> restore from Kellys Korner, tweaks etc.
    >> >> I have also attempted to start from a command prompt, nothing, I know
    >> >> this
    >> >> all sounds like the opening scene from an outer limits episode, or
    >> >> Doony
    >> >> Darko, and I need help, is there any way to reload the system restore
    >> >> snap
    >> >> in, complete??? help and thanks, I forgot to metion I have also tried
    >> >> to
    >> >> copy across the core filed and I get a error message: ERROR IN
    >> >> ADVPACK.DLL
    >> > MISSING ENTRY : LAUNCH INFSECTIONC:\WINDOWS\INF\SR.INF.
    >> >> Munka
    >>
    >>
  11. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    I only have 1 drive C:\, I do however have a second partition with linux
    loaded, would that make a differance?

    "Ramesh, MS-MVP" wrote:

    > >> C:\windows \inf\sr
    >
    > C:\windows\inf\sr.inf
    >
    > If you have Windows installed in any other drive than C:\, alter the path
    > accordingly.
    >
    > --
    > Ramesh, Microsoft MVP
    > Windows XP Shell/User
    > http://windowsxp.mvps.org
    >
    >
    > "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    > news:61CA59D1-4A2D-4FF2-973E-B8BBC69CE67B@microsoft.com...
    > > Hi Ramesh, yes I tried as you said, and got this error message error
    > > could
    > > not locate INF file C:\windows \inf\sr, Munka
    > >
    > > "Ramesh, MS-MVP" wrote:
    > >
    > >> The rundll32.exe parameters are case-sensitive. Use this exactly:
    > >>
    > >> "rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf"
    > >>
    > >> --
    > >> Ramesh, Microsoft MVP
    > >> Windows XP Shell/User
    > >> http://windowsxp.mvps.org
    > >>
    > >>
    > >> "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    > >> news:CB108C40-C661-403A-8804-287B3E8E8438@microsoft.com...
    > >> >
    > >> >
    > >> > "Munka" wrote:
    > >> >
    > >> >> Greetings wise ones, I recently was struck by a trojan downloader,
    > >> >> small.26,
    > >> >> and about 4 other variations, 6,9,17. I am finally clean of those, but
    > >> >> my
    > >> >> recurring nightnare is, after completing a scan in safe mode with
    > >> >> system
    > >> >> restore turned off I returned to my computer/properties/system
    > >> >> restore,
    > >> >> as I
    > >> >> was uncheckling the tickbox /turnoff system restore, the screen jumped
    > >> >> and
    > >> >> the system restore tab disappeared, this is exactly what took place.
    > >> >> and
    > >> >> now
    > >> >> on the properties screen, there is no tab for system restore, All the
    > >> >> files
    > >> >> for restore points also disappeared in system volume info, system
    > >> >> volume
    > >> >> info
    > >> >> is empty!!! I have tried start ing from admin
    > >> >> tools/system/systemrestore
    > >> >> start, and the loading dialog comes on and then an error message,
    > >> >> COULD
    > >> >> NOT
    > >> >> START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS IS
    > >> >> DENIED.
    > >> >> This is not a registry group policy/disable access denial. I have been
    > >> >> there, I have also loaded the complete set of registry keys for system
    > >> >> restore from Kellys Korner, tweaks etc.
    > >> >> I have also attempted to start from a command prompt, nothing, I know
    > >> >> this
    > >> >> all sounds like the opening scene from an outer limits episode, or
    > >> >> Doony
    > >> >> Darko, and I need help, is there any way to reload the system restore
    > >> >> snap
    > >> >> in, complete??? help and thanks, I forgot to metion I have also tried
    > >> >> to
    > >> >> copy across the core filed and I get a error message: ERROR IN
    > >> >> ADVPACK.DLL
    > >> > MISSING ENTRY : LAUNCH INFSECTIONC:\WINDOWS\INF\SR.INF.
    > >> >> Munka
    > >>
    > >>
    >
    >
  12. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Have you tried the command exactly as given?

    "rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf"

    --
    Ramesh, Microsoft MVP
    Windows XP Shell/User
    http://windowsxp.mvps.org


    "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    news:DD21059E-DD62-4B93-8277-19D8FD6C9291@microsoft.com...
    >I only have 1 drive C:\, I do however have a second partition with linux
    > loaded, would that make a differance?
    >
    > "Ramesh, MS-MVP" wrote:
    >
    >> >> C:\windows \inf\sr
    >>
    >> C:\windows\inf\sr.inf
    >>
    >> If you have Windows installed in any other drive than C:\, alter the path
    >> accordingly.
    >>
    >> --
    >> Ramesh, Microsoft MVP
    >> Windows XP Shell/User
    >> http://windowsxp.mvps.org
    >>
    >>
    >> "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    >> news:61CA59D1-4A2D-4FF2-973E-B8BBC69CE67B@microsoft.com...
    >> > Hi Ramesh, yes I tried as you said, and got this error message error
    >> > could
    >> > not locate INF file C:\windows \inf\sr, Munka
    >> >
    >> > "Ramesh, MS-MVP" wrote:
    >> >
    >> >> The rundll32.exe parameters are case-sensitive. Use this exactly:
    >> >>
    >> >> "rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf"
    >> >>
    >> >> --
    >> >> Ramesh, Microsoft MVP
    >> >> Windows XP Shell/User
    >> >> http://windowsxp.mvps.org
    >> >>
    >> >>
    >> >> "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    >> >> news:CB108C40-C661-403A-8804-287B3E8E8438@microsoft.com...
    >> >> >
    >> >> >
    >> >> > "Munka" wrote:
    >> >> >
    >> >> >> Greetings wise ones, I recently was struck by a trojan downloader,
    >> >> >> small.26,
    >> >> >> and about 4 other variations, 6,9,17. I am finally clean of those,
    >> >> >> but
    >> >> >> my
    >> >> >> recurring nightnare is, after completing a scan in safe mode with
    >> >> >> system
    >> >> >> restore turned off I returned to my computer/properties/system
    >> >> >> restore,
    >> >> >> as I
    >> >> >> was uncheckling the tickbox /turnoff system restore, the screen
    >> >> >> jumped
    >> >> >> and
    >> >> >> the system restore tab disappeared, this is exactly what took
    >> >> >> place.
    >> >> >> and
    >> >> >> now
    >> >> >> on the properties screen, there is no tab for system restore, All
    >> >> >> the
    >> >> >> files
    >> >> >> for restore points also disappeared in system volume info, system
    >> >> >> volume
    >> >> >> info
    >> >> >> is empty!!! I have tried start ing from admin
    >> >> >> tools/system/systemrestore
    >> >> >> start, and the loading dialog comes on and then an error message,
    >> >> >> COULD
    >> >> >> NOT
    >> >> >> START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS
    >> >> >> IS
    >> >> >> DENIED.
    >> >> >> This is not a registry group policy/disable access denial. I have
    >> >> >> been
    >> >> >> there, I have also loaded the complete set of registry keys for
    >> >> >> system
    >> >> >> restore from Kellys Korner, tweaks etc.
    >> >> >> I have also attempted to start from a command prompt, nothing, I
    >> >> >> know
    >> >> >> this
    >> >> >> all sounds like the opening scene from an outer limits episode, or
    >> >> >> Doony
    >> >> >> Darko, and I need help, is there any way to reload the system
    >> >> >> restore
    >> >> >> snap
    >> >> >> in, complete??? help and thanks, I forgot to metion I have also
    >> >> >> tried
    >> >> >> to
    >> >> >> copy across the core filed and I get a error message: ERROR IN
    >> >> >> ADVPACK.DLL
    >> >> > MISSING ENTRY : LAUNCH INFSECTIONC:\WINDOWS\INF\SR.INF.
    >> >> >> Munka
    >> >>
    >> >>
    >>
    >>
  13. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Let me be clear, that file is copied across from the installation cd or is
    existing on
    C:\ because I get a type the path dialog, so I went ahead and copied across,
    sr.sys, file from the cd, Hmm I had already tried that only described through
    a different context on a tip from Aumha forum and it didnt work, I will
    however reboot and come back in 5, meanwhile thankyou for your patience

    "Ramesh, MS-MVP" wrote:

    > Have you tried the command exactly as given?
    >
    > "rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf"
    >
    > --
    > Ramesh, Microsoft MVP
    > Windows XP Shell/User
    > http://windowsxp.mvps.org
    >
    >
    > "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    > news:DD21059E-DD62-4B93-8277-19D8FD6C9291@microsoft.com...
    > >I only have 1 drive C:\, I do however have a second partition with linux
    > > loaded, would that make a differance?
    > >
    > > "Ramesh, MS-MVP" wrote:
    > >
    > >> >> C:\windows \inf\sr
    > >>
    > >> C:\windows\inf\sr.inf
    > >>
    > >> If you have Windows installed in any other drive than C:\, alter the path
    > >> accordingly.
    > >>
    > >> --
    > >> Ramesh, Microsoft MVP
    > >> Windows XP Shell/User
    > >> http://windowsxp.mvps.org
    > >>
    > >>
    > >> "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    > >> news:61CA59D1-4A2D-4FF2-973E-B8BBC69CE67B@microsoft.com...
    > >> > Hi Ramesh, yes I tried as you said, and got this error message error
    > >> > could
    > >> > not locate INF file C:\windows \inf\sr, Munka
    > >> >
    > >> > "Ramesh, MS-MVP" wrote:
    > >> >
    > >> >> The rundll32.exe parameters are case-sensitive. Use this exactly:
    > >> >>
    > >> >> "rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf"
    > >> >>
    > >> >> --
    > >> >> Ramesh, Microsoft MVP
    > >> >> Windows XP Shell/User
    > >> >> http://windowsxp.mvps.org
    > >> >>
    > >> >>
    > >> >> "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    > >> >> news:CB108C40-C661-403A-8804-287B3E8E8438@microsoft.com...
    > >> >> >
    > >> >> >
    > >> >> > "Munka" wrote:
    > >> >> >
    > >> >> >> Greetings wise ones, I recently was struck by a trojan downloader,
    > >> >> >> small.26,
    > >> >> >> and about 4 other variations, 6,9,17. I am finally clean of those,
    > >> >> >> but
    > >> >> >> my
    > >> >> >> recurring nightnare is, after completing a scan in safe mode with
    > >> >> >> system
    > >> >> >> restore turned off I returned to my computer/properties/system
    > >> >> >> restore,
    > >> >> >> as I
    > >> >> >> was uncheckling the tickbox /turnoff system restore, the screen
    > >> >> >> jumped
    > >> >> >> and
    > >> >> >> the system restore tab disappeared, this is exactly what took
    > >> >> >> place.
    > >> >> >> and
    > >> >> >> now
    > >> >> >> on the properties screen, there is no tab for system restore, All
    > >> >> >> the
    > >> >> >> files
    > >> >> >> for restore points also disappeared in system volume info, system
    > >> >> >> volume
    > >> >> >> info
    > >> >> >> is empty!!! I have tried start ing from admin
    > >> >> >> tools/system/systemrestore
    > >> >> >> start, and the loading dialog comes on and then an error message,
    > >> >> >> COULD
    > >> >> >> NOT
    > >> >> >> START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS
    > >> >> >> IS
    > >> >> >> DENIED.
    > >> >> >> This is not a registry group policy/disable access denial. I have
    > >> >> >> been
    > >> >> >> there, I have also loaded the complete set of registry keys for
    > >> >> >> system
    > >> >> >> restore from Kellys Korner, tweaks etc.
    > >> >> >> I have also attempted to start from a command prompt, nothing, I
    > >> >> >> know
    > >> >> >> this
    > >> >> >> all sounds like the opening scene from an outer limits episode, or
    > >> >> >> Doony
    > >> >> >> Darko, and I need help, is there any way to reload the system
    > >> >> >> restore
    > >> >> >> snap
    > >> >> >> in, complete??? help and thanks, I forgot to metion I have also
    > >> >> >> tried
    > >> >> >> to
    > >> >> >> copy across the core filed and I get a error message: ERROR IN
    > >> >> >> ADVPACK.DLL
    > >> >> > MISSING ENTRY : LAUNCH INFSECTIONC:\WINDOWS\INF\SR.INF.
    > >> >> >> Munka
    > >> >>
    > >> >>
    > >>
    > >>
    >
    >
  14. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Hi Ramesh, still no sys restore tab and the error message again when triying
    to start from admin tools, I should also mention I did a repair upgrade
    about a week ago, thinking naively that that would resolve this issue, it
    didnt!

    "MUNKA" wrote:

    > Let me be clear, that file is copied across from the installation cd or is
    > existing on
    > C:\ because I get a type the path dialog, so I went ahead and copied across,
    > sr.sys, file from the cd, Hmm I had already tried that only described through
    > a different context on a tip from Aumha forum and it didnt work, I will
    > however reboot and come back in 5, meanwhile thankyou for your patience
    >
    > "Ramesh, MS-MVP" wrote:
    >
    > > Have you tried the command exactly as given?
    > >
    > > "rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf"
    > >
    > > --
    > > Ramesh, Microsoft MVP
    > > Windows XP Shell/User
    > > http://windowsxp.mvps.org
    > >
    > >
    > > "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    > > news:DD21059E-DD62-4B93-8277-19D8FD6C9291@microsoft.com...
    > > >I only have 1 drive C:\, I do however have a second partition with linux
    > > > loaded, would that make a differance?
    > > >
    > > > "Ramesh, MS-MVP" wrote:
    > > >
    > > >> >> C:\windows \inf\sr
    > > >>
    > > >> C:\windows\inf\sr.inf
    > > >>
    > > >> If you have Windows installed in any other drive than C:\, alter the path
    > > >> accordingly.
    > > >>
    > > >> --
    > > >> Ramesh, Microsoft MVP
    > > >> Windows XP Shell/User
    > > >> http://windowsxp.mvps.org
    > > >>
    > > >>
    > > >> "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    > > >> news:61CA59D1-4A2D-4FF2-973E-B8BBC69CE67B@microsoft.com...
    > > >> > Hi Ramesh, yes I tried as you said, and got this error message error
    > > >> > could
    > > >> > not locate INF file C:\windows \inf\sr, Munka
    > > >> >
    > > >> > "Ramesh, MS-MVP" wrote:
    > > >> >
    > > >> >> The rundll32.exe parameters are case-sensitive. Use this exactly:
    > > >> >>
    > > >> >> "rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf"
    > > >> >>
    > > >> >> --
    > > >> >> Ramesh, Microsoft MVP
    > > >> >> Windows XP Shell/User
    > > >> >> http://windowsxp.mvps.org
    > > >> >>
    > > >> >>
    > > >> >> "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    > > >> >> news:CB108C40-C661-403A-8804-287B3E8E8438@microsoft.com...
    > > >> >> >
    > > >> >> >
    > > >> >> > "Munka" wrote:
    > > >> >> >
    > > >> >> >> Greetings wise ones, I recently was struck by a trojan downloader,
    > > >> >> >> small.26,
    > > >> >> >> and about 4 other variations, 6,9,17. I am finally clean of those,
    > > >> >> >> but
    > > >> >> >> my
    > > >> >> >> recurring nightnare is, after completing a scan in safe mode with
    > > >> >> >> system
    > > >> >> >> restore turned off I returned to my computer/properties/system
    > > >> >> >> restore,
    > > >> >> >> as I
    > > >> >> >> was uncheckling the tickbox /turnoff system restore, the screen
    > > >> >> >> jumped
    > > >> >> >> and
    > > >> >> >> the system restore tab disappeared, this is exactly what took
    > > >> >> >> place.
    > > >> >> >> and
    > > >> >> >> now
    > > >> >> >> on the properties screen, there is no tab for system restore, All
    > > >> >> >> the
    > > >> >> >> files
    > > >> >> >> for restore points also disappeared in system volume info, system
    > > >> >> >> volume
    > > >> >> >> info
    > > >> >> >> is empty!!! I have tried start ing from admin
    > > >> >> >> tools/system/systemrestore
    > > >> >> >> start, and the loading dialog comes on and then an error message,
    > > >> >> >> COULD
    > > >> >> >> NOT
    > > >> >> >> START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS
    > > >> >> >> IS
    > > >> >> >> DENIED.
    > > >> >> >> This is not a registry group policy/disable access denial. I have
    > > >> >> >> been
    > > >> >> >> there, I have also loaded the complete set of registry keys for
    > > >> >> >> system
    > > >> >> >> restore from Kellys Korner, tweaks etc.
    > > >> >> >> I have also attempted to start from a command prompt, nothing, I
    > > >> >> >> know
    > > >> >> >> this
    > > >> >> >> all sounds like the opening scene from an outer limits episode, or
    > > >> >> >> Doony
    > > >> >> >> Darko, and I need help, is there any way to reload the system
    > > >> >> >> restore
    > > >> >> >> snap
    > > >> >> >> in, complete??? help and thanks, I forgot to metion I have also
    > > >> >> >> tried
    > > >> >> >> to
    > > >> >> >> copy across the core filed and I get a error message: ERROR IN
    > > >> >> >> ADVPACK.DLL
    > > >> >> > MISSING ENTRY : LAUNCH INFSECTIONC:\WINDOWS\INF\SR.INF.
    > > >> >> >> Munka
    > > >> >>
    > > >> >>
    > > >>
    > > >>
    > >
    > >
  15. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Although I only used this function (sys restore) mabe twice in five years, I
    still wish to have it functional again, otherwise the bad guys win. I
    appreciate your help Ramesh. Munka

    "MUNKA" wrote:

    > Hi Ramesh, still no sys restore tab and the error message again when triying
    > to start from admin tools, I should also mention I did a repair upgrade
    > about a week ago, thinking naively that that would resolve this issue, it
    > didnt!
    >
    > "MUNKA" wrote:
    >
    > > Let me be clear, that file is copied across from the installation cd or is
    > > existing on
    > > C:\ because I get a type the path dialog, so I went ahead and copied across,
    > > sr.sys, file from the cd, Hmm I had already tried that only described through
    > > a different context on a tip from Aumha forum and it didnt work, I will
    > > however reboot and come back in 5, meanwhile thankyou for your patience
    > >
    > > "Ramesh, MS-MVP" wrote:
    > >
    > > > Have you tried the command exactly as given?
    > > >
    > > > "rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf"
    > > >
    > > > --
    > > > Ramesh, Microsoft MVP
    > > > Windows XP Shell/User
    > > > http://windowsxp.mvps.org
    > > >
    > > >
    > > > "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    > > > news:DD21059E-DD62-4B93-8277-19D8FD6C9291@microsoft.com...
    > > > >I only have 1 drive C:\, I do however have a second partition with linux
    > > > > loaded, would that make a differance?
    > > > >
    > > > > "Ramesh, MS-MVP" wrote:
    > > > >
    > > > >> >> C:\windows \inf\sr
    > > > >>
    > > > >> C:\windows\inf\sr.inf
    > > > >>
    > > > >> If you have Windows installed in any other drive than C:\, alter the path
    > > > >> accordingly.
    > > > >>
    > > > >> --
    > > > >> Ramesh, Microsoft MVP
    > > > >> Windows XP Shell/User
    > > > >> http://windowsxp.mvps.org
    > > > >>
    > > > >>
    > > > >> "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    > > > >> news:61CA59D1-4A2D-4FF2-973E-B8BBC69CE67B@microsoft.com...
    > > > >> > Hi Ramesh, yes I tried as you said, and got this error message error
    > > > >> > could
    > > > >> > not locate INF file C:\windows \inf\sr, Munka
    > > > >> >
    > > > >> > "Ramesh, MS-MVP" wrote:
    > > > >> >
    > > > >> >> The rundll32.exe parameters are case-sensitive. Use this exactly:
    > > > >> >>
    > > > >> >> "rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf"
    > > > >> >>
    > > > >> >> --
    > > > >> >> Ramesh, Microsoft MVP
    > > > >> >> Windows XP Shell/User
    > > > >> >> http://windowsxp.mvps.org
    > > > >> >>
    > > > >> >>
    > > > >> >> "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    > > > >> >> news:CB108C40-C661-403A-8804-287B3E8E8438@microsoft.com...
    > > > >> >> >
    > > > >> >> >
    > > > >> >> > "Munka" wrote:
    > > > >> >> >
    > > > >> >> >> Greetings wise ones, I recently was struck by a trojan downloader,
    > > > >> >> >> small.26,
    > > > >> >> >> and about 4 other variations, 6,9,17. I am finally clean of those,
    > > > >> >> >> but
    > > > >> >> >> my
    > > > >> >> >> recurring nightnare is, after completing a scan in safe mode with
    > > > >> >> >> system
    > > > >> >> >> restore turned off I returned to my computer/properties/system
    > > > >> >> >> restore,
    > > > >> >> >> as I
    > > > >> >> >> was uncheckling the tickbox /turnoff system restore, the screen
    > > > >> >> >> jumped
    > > > >> >> >> and
    > > > >> >> >> the system restore tab disappeared, this is exactly what took
    > > > >> >> >> place.
    > > > >> >> >> and
    > > > >> >> >> now
    > > > >> >> >> on the properties screen, there is no tab for system restore, All
    > > > >> >> >> the
    > > > >> >> >> files
    > > > >> >> >> for restore points also disappeared in system volume info, system
    > > > >> >> >> volume
    > > > >> >> >> info
    > > > >> >> >> is empty!!! I have tried start ing from admin
    > > > >> >> >> tools/system/systemrestore
    > > > >> >> >> start, and the loading dialog comes on and then an error message,
    > > > >> >> >> COULD
    > > > >> >> >> NOT
    > > > >> >> >> START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER ERROR:5 ACCESS
    > > > >> >> >> IS

    > > > >> >> >> DENIED.
    > > > >> >> >> This is not a registry group policy/disable access denial. I have
    > > > >> >> >> been
    > > > >> >> >> there, I have also loaded the complete set of registry keys for
    > > > >> >> >> system
    > > > >> >> >> restore from Kellys Korner, tweaks etc.
    > > > >> >> >> I have also attempted to start from a command prompt, nothing, I
    > > > >> >> >> know
    > > > >> >> >> this
    > > > >> >> >> all sounds like the opening scene from an outer limits episode, or
    > > > >> >> >> Doony
    > > > >> >> >> Darko, and I need help, is there any way to reload the system
    > > > >> >> >> restore
    > > > >> >> >> snap
    > > > >> >> >> in, complete??? help and thanks, I forgot to metion I have also
    > > > >> >> >> tried
    > > > >> >> >> to
    > > > >> >> >> copy across the core filed and I get a error message: ERROR IN
    > > > >> >> >> ADVPACK.DLL
    > > > >> >> > MISSING ENTRY : LAUNCH INFSECTIONC:\WINDOWS\INF\SR.INF.
    > > > >> >> >> Munka
    > > > >> >>
    > > > >> >>
    > > > >>
    > > > >>
    > > >
    > > >
  16. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    I have also tryed " C:\WINDOWS\system32\Restore\rstrui.exe " and get the
    message, " System restore is not able to protect your computer, Please
    restart your computer and run system restore again." Which I did and had no
    sucess,
    I would appreciate any support on this matter.
  17. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Whoops sorry abou the duplicate post. Munka

    "MUNKA" wrote:
  18. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Well it looks like I either live without system restore or I do a clean
    install.
  19. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Hi Munka,

    For the error "COULD NOT START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER
    ERROR:5 ACCESS IS DENIED.", one of the previous posts by [MS] techs tells to
    check the Permissions for the System Volume Information folder. Make sure
    that the SYSTEM account has Full Permissions for this folder.

    You can try purging the contents using this way:
    http://windowsxp.mvps.org/resetsr.htm

    --
    Ramesh, Microsoft MVP
    Windows XP Shell/User
    http://windowsxp.mvps.org


    "MUNKA" <MUNKA@discussions.microsoft.com> wrote in message
    news:A330A7F6-F5BA-404B-8CCD-1D6180333DF0@microsoft.com...
    > Although I only used this function (sys restore) mabe twice in five years,
    > I
    > still wish to have it functional again, otherwise the bad guys win. I
    > appreciate your help Ramesh. Munka
    >
    > "MUNKA" wrote:
    >
    >> Hi Ramesh, still no sys restore tab and the error message again when
    >> triying
    >> to start from admin tools, I should also mention I did a repair upgrade
    >> about a week ago, thinking naively that that would resolve this issue, it
    >> didnt!
    >>
    >> "MUNKA" wrote:
    >>
    >> > Let me be clear, that file is copied across from the installation cd or
    >> > is
    >> > existing on
    >> > C:\ because I get a type the path dialog, so I went ahead and copied
    >> > across,
    >> > sr.sys, file from the cd, Hmm I had already tried that only described
    >> > through
    >> > a different context on a tip from Aumha forum and it didnt work, I
    >> > will
    >> > however reboot and come back in 5, meanwhile thankyou for your patience
Ask a new question

Read More

Trojan System Restore Windows XP