Customer had some strange problems with one of his PCs
System Restore could not create or restore “restore points”.
And the internet was not working (it actually was working, but seemed intermittent)
Creating a restore point would result in the message: system restore is not able to create a restore point
Restoring from a restore point would just get to the “Confirm restore point selection, then pressing the NEXT button did nothing.
I tried disabling and enabling sys restore, but no luck.
I tried line 278 from kellys-korner-xp.com/xp_tweaks.htm, but no go.
At some point I also noticed that disk defragment also didn’t work… very strange symptoms
Next I tried sfc /scannow
That seemed to work… but after a few minutes, system restore stopped working again… curious!
I was starting to suspect that Spyware Doctor (paid version) might have been interfering somehow. It would occasionally say that an internet computer was trying to connect (which we blocked). The customer swore it was a great program (but I’ve had some difficulties with Spyware Doctor in the past).
Looking at Spyware Doctor closely, I noticed it would appear to do its normal update, but the status screen showed that it was several weeks since the last successful update.
I disabled Spyware Doctor, but that didn’t change things
But then telling an antivirus/antispyware to disable itself doesn’t always mean its really disabled.
So I totally uninstalled it… and installed antiVir, windows defender… but neither would update…
I then tried SuperAntiSpyware… and it also wouldn’t update.
I tried scanning with Superantispyware (even though it was out of date by a few weeks), and it detected a trojan infection.
The infected file was a backup from the customers main PC… So now I widened my work to the main PC as well.
In the end, both PCs were infected with trojans and rootkits.
I was able to fix the main PC, as it wasn’t showing any sign of being infected (so I could update antivir/defender/superantispyware and remove all nasties)
But the other PC had so many files on it, that the scan process was incredibly slow.
So in the end, I took it back to the office, scanned the HDD from my main PC (and removed some infections).
But that was still not enough to allow any updates.
In the end I downloaded the latest version of SAS, installed it, and it managed to clear up everything.
I must say that in cases like this, SuperAntiSpyware has a huge advantage over many of its competitors: Downloading the latest version also downloads the latest malware definitions.
Most other security software seems to be a few months out of date, and relies on the user to perform an update once the software is installed.
Thats crazy, as nowadays, a lot of malware targets security updates first, such that the anti-malware program is virtually useless unless it can do an update.