Newbie needs help :'(

Discussion in 'NOD32 version 2 Forum' started by Michael G, Mar 16, 2006.

Thread Status:
Not open for further replies.
  1. Michael G

    Michael G Registered Member

    Joined:
    Mar 16, 2006
    Posts:
    3
    Not 100% sure this is the correct place to ask but had a look round the site and just getting more confused so appologies if im wrong,

    Problem is I've installed nod 32 v2.50.25 and proceeded to quarentine loads of stuff but now i cant get into some programmes and cant use my system restore as it wont go back any earlier than the install, can anyone tell me how to restore items from the quarentine ? as i dont have the foggiest :'( o_O



    Thanks in advance,

    Michael
     
  2. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    This is the perfect place to ask.

    Open up NOD32 Control Center
    NOD32 System Tools / Quarantine

    You can right click on quarantined files for restore and other options.

    Caveat: I assume they ended up in quarantine after a scan, therefore files in question may well be infected. This, to me, indicates there may be something horribly wrong with your system.
    I would be hesitant to restore any files from quarantine unless you're absolutely sure they are clean.

    The Bad News: To play it safe, you may want to re-install your malfunctioning proggies.
    The good news: NOD should protect your system from becoming infected again.
     
  3. Michael G

    Michael G Registered Member

    Joined:
    Mar 16, 2006
    Posts:
    3
    Thanks bob,
    it said all the files were infected with Win32/Jeefo.A virus,

    i would imagine thats not good:D

    but at least the programmes worked b4 and didnt have any major problems running xp, i'll have a go at restoring them like you said and just ignoring the virus till it causes problems,if thats a good idea ?o_O
     
  4. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I would wait a little longer for more input and or questions from others on the forum if I were you.
     
  5. Michael G

    Michael G Registered Member

    Joined:
    Mar 16, 2006
    Posts:
    3
    OK mate ,will do,

    Thanks:)
     
  6. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
  7. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Hi,

    You really need to disinfect this one, because it can allow unauthorized access to your pc.

    Below is information from SARC: Proceed at your own risk. ;)

    Disable System Restore (Windows Me/XP).
    Update the virus definitions.
    Restart the computer in Safe mode or VGA mode.
    Run a full system scan and delete all the files detected as W32.Jeefo.
    Delete the value that was added to the registry (Windows 95/98/Me). IF YOU'RE RUNNING XP, YOU WON'T NEED THIS STEP.

    Disabling System Restore (Windows Me/XP)
    If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

    Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

    Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

    For instructions on how to turn off System Restore, read your Windows documentation.

    Scanning for and deleting the infected files
    Start your antivirus program and make sure that it is configured to scan all the files.
    Run a full system scan.
    If any files are detected as infected with W32.Jeefo, click Delete.


    Deleting the value from the registry
    CAUTION: It is recommended that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only.

    Click Start, and then click Run. (The Run dialog box appears.)
    Type regedit

    Then click OK. (The Registry Editor opens.)

    Navigate to the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    In the right pane, delete the value:

    "PowerManager"="%windir%\svchost.exe"

    Exit the Registry Editor.
     
Thread Status:
Not open for further replies.