0

I created a restore point earlier today on Windows 7 system. It reported that the restore point was successfully created. Later I ran Malwarebytes' scan which reported some threats, among them multiple counts of Siredef.C in C:\Windows\System32\SHELL32.DLL. When these were quarantined, the Start menu stopped working. (Or at least, I strongly suspect that must be the cause; no other system component was identified.)

Unfortunately, when I then went to Malwarebytes' Quarantine list, it was much shorter than the original list of threats, and SHELL32.DLL did not appear in that list at all, making it not available for restoring.

So of course I then reached for System Restore (by running rstrui.exe from cmd.exe). Unfortunately, it told me that there are no restore points! The named restore point I had created had vaporized.

How can I most easily recover this system?

P.S. prior to Malwarebytes, I had run Microsoft's sfc /scannow. It didn't report or repair any corruption, suggesting that the shell32.dll treatment was a false positive.

Running sfc /scannow now finds/fixes nothing.

Kaz
  • 2,631
  • 1
  • 18
  • 23
  • 1
    Have you tried running SFC again to restore shell32.dll? – Ƭᴇcʜιᴇ007 Feb 01 '17 at 18:39
  • Possible duplicate of [How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?](http://superuser.com/questions/100360/how-can-i-remove-malicious-spyware-malware-adware-viruses-trojans-or-rootkit) – Run5k Feb 01 '17 at 18:40
  • @Ƭᴇcʜιᴇ007 Yes; found nothing; added to Q. – Kaz Feb 01 '17 at 18:58
  • @Run5k Doing a re-install of Windows over top from the original DVD (copied onto USB drive: laptop DVD drive too broken to handle job). – Kaz Feb 01 '17 at 19:15
  • Sounds like a good idea. Needless to say it is unfortunate when you need to do that, but it really is the only way to ensure that you have a clean system in the aftermath of a malware infection. – Run5k Feb 01 '17 at 19:25
  • @Run5k In any case, this experience doesn't speak very well for Malwarebytes. Items moved to quarantine don't actually show there, making them unavailable for restoration. I'm staying away from this in the future. Windows silently dropping restore points is also very bad. – Kaz Feb 02 '17 at 20:02
  • I'm sorry to hear that. Personally, I have been utilizing Malwarebytes in every Windows machine on my home network for many years, and have never encountered any type of problem similar to what you describe. Any time a critical system DLL file is infected, it will be a rather significant challenge. Ultimately, a full system wipe-and-reload is inevitable. To be honest, the real culprits within this scenario are the real-time security software that should have prevented this in the first place, along with practicing safe Internet surfing & downloading. – Run5k Feb 02 '17 at 20:21

0 Answers0