Well, I never knew windows System Restore could be actually one of the biggest security risk for computers. While searching the solution to remove this trozan Bloodhound.Packed.Jmp, I encountered few lines in symantec security response which are quoted as follows
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.
Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.
To turn off the System restore
- Right click My computer and click Properties , else follow the shortcut Windows Key + Pause .
- Click on System Restore Tab and Check the Box “Turn off System Restore”.
- Save
Virus and trojan are nothing new in today’s world. These spread basically with removable storage like pocket HDD , Flash disks etc. These trojan or virus at times act in a very weird manner. I wonder whether you encountered this Trojan named Bloodhound.Packed.Jmp which is highly undetectable by many antivirus program(including norton) since its a Trojan Horse(and not a virus), many antivirus just skip them. When my friends computer got affected with this Trojan, the moment you doubleclick C:\ Drive, following screen will appear :
I wonder if any of you have also got the same screen. Everytime you doubleclick C:\ drive, the above mentioned screen will appear, deleting the same 2t99k.dll file. Even after scanning the drive 5 to 10 times with Norton Antivirus, no detection took place. Finally, I remembered this article published by Arpit recently which proved to be of great help.
Since Norton doesn’t detect this, you have to look for alternatives. The best solution is AVG antivirus (free edition) which detects and heal this trojan . But again, this doesn’t solve the problem fully. Next thing which I encountered was when you double click the drive, the following dialog will open.
When such things happen, you can easily make out that an autorun.inf file is created in your drive. Anyway you can access the drive by typing the drive letter in the address bar, but deleting this file could be a hefty task for some people as the virus or trojan will keep resetting “Show hidden files and folders” option in “Folder Options” even if you try to enable.
So the only way to delete this file is to get to windows command prompt.
- Go to Start Menu and Run ( shortcut : Window Key + R )
- Type CMD or Command and press enter
- Type cd\ (this will take you to the root directory)
- Type the drive letter and press enter ( in our case its C: )
- Type “Attrib -h -s autorun.inf” (without quotes) and press enter. This will make the file visible.
- Type “Del autorun.inf” (without quotes) and press enter. If this doesn’t work, go to the drive and manually delete the file using Shift+delete key ( for permanent deletion)
Start the AVG scan again and check for any trace of any virus or Trozan. You can schedule it to run everyday around 8pm which is the time for Dinner for most of us and hence idle time on Computer.
Prevention is better than cure. Hence keep your system updated with latest antivirus definitions, security updates. Prevent installing any software which gives you a security warning unless you very sure about it. A little google about the products or browser plugins you are not sure off, can prevent you from lots of future troubles.
Liked the Post ?? Then why not Subscribe FREE, For latest Updates
Use promo code "TECFREROCKS" or "THE50DREAM" for $50 off on any hosting plan on DREAMHOST
Never encountered this situation, but my system restore is turned off. I use AVG Professional edition, it works fine with Norton anti Bot. Norton AV is pretty harsh on system resources.
ah, I usually permanently turn off the system restore feature. To save some memory and disk usage.
Is this the same for Vista or has the problems been fixed for Vista?
That is why most of the system administration tutorials out there opt to disable System Restore, whenever a computer is suspected of having a virus.
From my experience with xp for the past 4 yrs I have never had a situation that this features was useful for me. And Last year I ended up with features that I never used. The first and main features was System restore.
yeah, this type of viruses spread very fast in the network since they are hard to detect. I have encountered similar problem in the past and done exactly the same that you have mentioned here. But I used NOD32 as an antivirus.
Nice post. I am sure many will be benefited by this.
@nirmal
@mobilejgames
yeah system restore is not that useful unless your system crashes. I wonder the screen which ask to boot the computer to a “last known good configuration” has something to do with restore. However, I have now turned off my system restore.
@terrah
its the same for vista, these trozan’s are getting very prevalent nowdays so better keep your PC secured
@syahid
Yeah before scanning one must disable it , and I feel , Permanently.
@mobilejgames
Many people are unaware that this thing is running by default, hence they end up using and making there system more vulnerable to these kind of trozans.
@Rakshit
Thanks for the kind words
i too have not encountered this but it is a good alert…
I know it is off topic, but, can u advise if Norton or McAfee is better?
both are resource hungry, but better choose Norton from personal exp… McAfee is also good and less resource hungry than the other, but N would be more safe, I think
@Asia’h Epperson: Try NOD32. It’s not at all a memory hog and uses the least resources
yes I’ve encountered same problem. but i did’nt make any action yet. thanks! I’ll try it at once.
Hey pal,
long time since I commented! I have been very busy with a new blog of mine, and two projects I have going
@techblisss
yeah hope this article is a little help to some people
@asiah,
U must have got the answers
@smackall
@haris
Thanks for your suggestions
@khaye,
glad this article was of some help
@emma
.. will be back tomorrow 
Yeah long time, I also took a small break, but i think i was also suffering writer’s block
[...] Windows System Restore backs up virus also, Tips to Remove Bloodhound.Packed.Jmp trozan [...]
[...] Save Read more here [...]
[...] Windows System Restore backs up virus also, Tips to Remove Bloodhound.Packed.Jmp trozan Read More [...]