System restore, does it remove the infection sufficiently?

[Joeyboy]

Hey guys! Went on a website yesterday which although was legit had obviously had some malware put into it. As soon as I went on the site Avast and windows defender were popping up various warning messages. Avast saying it was stopping something from activating, defender saying something was attempting to infect me etc. Avast popped up with a few different messages, I think more then one infection named. It stated it had prevented them infecting me and it was safe in the chest, I didn't have to do anything else etc.

My computers activity levels seemed to be up and I was suspicious about how successful Avast/windows defender had been. Shut down computer and this morning, surprise surprise, there's some malware on my PC. It's one of those "platinum anti-virus" type things, one of those fake programs popping up a ton of messages scanning and saying I have 100 infections and need to install the premium version to remove them. I couldn't open any other programs including task manager, it would just pop up a message saying "name of program I try to use" is infected. I had to go to work and didn't have time to run malwarebytes, combofix, spybot etc. So I just did a system restore to a week ago.

It has fixed any obvious signs of infection, no fake anti-virus, no icon of it on my desktop, in my program files etc (as there was when I was infected). Just wondering however if a system restore does remove an infection successfully?

 

[carnageX]

No, system restore doesn't usually remove an infection. Usually infections can embed themselves in restore points, so it can sometimes be best to disable system restore (which deletes restore points) and then re-enabling it after the infection is gone.

Run ComboFix, MBAM, and HJT (in that order) and post the logs.

It might have deleted the temp files, but the infection could still be there, just not "active." Run removal programs to actually make sure its gone.

 

[patonb]

Combofix doesn't work with vista/7

 

[KSoD]

Combofix doesn't work with vista/7

Yes it does.

ComboFix: A guide and tutorial on using ComboFix

At this time ComboFix can only run on the following Windows versions:

• Windows XP (32-bit only)
• Windows Vista (32-bit/64-bit)
• Windows 7 (32-bit/64-bit)

 

[carnageX]

Combofix doesn't work with vista/7

Has for a while man . For a while it ran on only 32bit Vista / 7, then not long ago 64bit support was added.

 

[patonb]

Damn..... I tried to find that awhile back, and couldn't...

 

[Joeyboy]

okay guys I ran malewarebytes before I'd read the responses. It found and removed two trojans, which makes sense as Avast claimed it detected and stopped 2 threats.

An online game I play has had the account hacked this morning, so I imagine it could be related?

Still necessary to run combofix and HJT?

 

[KSoD]

It isnt necessary. But I would say that yes these events are related.

 

[Joeyboy]

It isnt necessary. But I would say that yes these events are related.

Yes it's quite troubling, I don't use the same password for everything and luckily I haven't used my computer as actively as usual so haven't logged in to many sites. I've changed a few passwords, it does trouble me though that I paid for a product online yesterday, thus entering card details. I'll have to keep an eye out for any suspicious activity I suppose..

 

[KSoD]

Yes it's quite troubling, I don't use the same password for everything and luckily I haven't used my computer as actively as usual so haven't logged in to many sites. I've changed a few passwords, it does trouble me though that I paid for a product online yesterday, thus entering card details. I'll have to keep an eye out for any suspicious activity I suppose..

Not to be harsh, but if you know your system is infected you should never do anything online as far as transactions. Take the time to get yourself a copy of Ubuntu on LiveCD and boot from that. At least you know your information will be secure. If something does happen you have no one to blame but yourself for using a compromised system.