In previous blog posts, I've alluded to doing something really dumb in the last few weeks but haven't gone into detail yet---here it is.
Let's begin with the moral of this story: If you begin a System Restore, be patient and give it some time until you believe it has hung and before you pull the plug on it. Pulling the plug on a System Restore can have very bad effects...
For those of you not familiar with System Restore, whenever Windows performs an update (major, minor, I'm not sure) it creates an image of your Windows folders, along with the Registry, so if something bad or funny happens after the install, you can revert your Windows environment back to the point before the update.
System Restore can come in handy if you install something yourself, find it has made your system flaky, and your attempts to uninstall it aren't totally getting you back to where you were. Important: System Restore only restores System files and the Windows Registry.
System Restore can also be useful if a friend of yours sends you an email and tells you to click on a links---and it turns out that your friend is a hacker who has just installed a virus on your computer.
DON'T use this to restore an important Word or Excel document that you've deleted. It doesn't have that ability (check your Recycle Bin for that.)
To find System Restore, click on the Start button in Windows 7 and type System Restore.
Here's a Microsoft link that shows you what I mean...
Microsoft Windows 7 System Restore
Once you find System Restore in the selection window, click on it and a message box will appear telling you what it can do for you, and showing you the latest "Restore Point" available to you.
You can also click on the Next button to see other Restore Points.
Typically, I've seen 3 to 5 Restore Points available (these are big files) and you can go 'back' in time as far as Windows will allow you.
Since getting my Windows 7 PC last October, I had twice run a System Restore when it started misbehaving.
I woke up early on Saturday morning, November 3rd, to drive our daughter to a track meet bus pickup at 6am.
I was looking forward to using the Web to follow our niece Sophorn who was running a 100 mile Pinhoti Ultra marathon starting at 6am.
Habitually leaving my PC powered on all the time, I toggled my PC to wake up, and I was greeted with a message about an unresponsive script---in hindsight, probably Weatherbug but I wasn't sure.
Overall, the PC was running slow, and I decided to run a Malwarebytes scan before leaving to drop our daughter off at the school for her track meet bus ride.
When I returned 25 minutes later, the Malwarebytes scan had completed, and it reported that it had detected a Trojan of some kind and removed it. Malwarebytes also told me I had to reboot the PC to complete the removal process and I did so.
When the PC started up, McAfee came up with a message saying it had found the same Trojan and removed it.
Funny, I thought to myself, McAfee is taking credit for doing something that Malwarebytes did.
A minute later, while Windows was in the process of starting up all of its many processes, I received a windows RunDLL error indicating that ajgddba.dll could not be found and therefore could not be run. Specifically, Windows was looking for it in an
\Appdata\Local\AppleComputer\Apple
folder under my user account
I figured that the Trojan had probably placed its malicious code in that folder and updated the Registry to start it up when my PC was rebooted.
Error messages like this drive me crazy, and I wanted to get rid of it.
I did a Google search on the dll and the error message, and nothing obvious popped up.
Caution: Whatever you do DON'T do a Google search for this DLL. The links that are returned may not be trustworthy!
Since I didn't feel like updating the Windows Registry manually (laziness in hindsight) I thought I would use System Restore to revert back to my last Restore point.
System Restore had worked flawlessly (and quickly in under 5 minutes) twice before. In fact, according to my notes, the last time I ran it on July 23rd, it restored my system in just 2 minutes.
I fired up System Restore, and it reported that my last Restore Point was the previous Saturday, October 27th, at 4:18pm.
Although I didn't specifically remember a Windows update occurring then (I was actually on my way to 4:30pm Mass at the time,) I trusted the Restore Point, and told System Restore to do its magic.
I read the warning message that once started, System Restore cannot be interrupted (well, that's not true, you can always pull the plug :)
It was as 9:44am when I clicked on the System Restore button that asked me if I wanted to continue...
System Restore displayed a message that it was preparing to restore my system.
Then a message that it was shutting down.
The PC started up with a message stating "Please wait while your Windows Files and settings are being restored. System restore in initializing."
I knew from experience that in just a few minutes, I should receive a message that System restore is restoring the Registry, followed by another shutdown, a reboot and a message that System Restore has completed successfully.
The problem was that the initial message "Please wait...System restore is initializing..." never went away.
I waited from 9:45am until 10:12am.
I had a MoodleRooms chat scheduled for 11am, and I was impatient.
I used another PC to do a Google search on a non-responsive System Restore, and a Microsoft site said that I could power down and start again in Safe Mode if I believed System Restore was 'hung'.
In hindsight, I should have given the System Restore a few hours to work before I declared it 'hung'.
Instead, I powered down and restarted. Again, not the dumbest thing I've ever done but certainly in the dumb category.
I held my breath as the PC rebooted.
Much to my partial surprise, Windows announced that it was restarting, and the Log in pane (with my 4 user accounts) appeared.
I selected my normal account, entered my password and after a longer than usual start up time which started with a black desktop and no icons, a message appeared stating that
System Restore did not complete. Your files were not changed
Windows appeared to be boot up normally at this point.
My normal desktop appeared, and not surprisingly, that RunDLL message about not being able to find that mysterious file appeared again.
I remember thinking that I had dodged a bullet. Whatever System Restore had started to do, it either hadn't begun at all or had rolled back the changes. I was probably no worse off than when I had started.
It was now about 10:20am.
At this point, I should have made a copy of my User folder and put it on my "D" drive---but I had no way of knowing that the next time I booted up, I wouldn't be able to log into Windows.
I maintain a good backup procedure, and just about all of my day to day, important files are stored on my 2nd hard drive, and backed up periodically.
The User folder contains some data that is by default stored there...Internet favorite, scanned photos, downloaded files, Garmin running files (oops!)
My thought now was to run System Restore in Safe Mode.
First, I wanted to try to honor my commitment to my Internet students and host my MoodleRooms chat at 11am.
I completed the chat OK---if anything major was wrong with my system, I couldn't tell.
At 11:45am, I rebooted into Safe Mode, and logged on.
There was no RunDLL error message, which didn't surprise me.
I selected System Restore.
I was surprised to see System Restore report that I had run a System Restore at 9:43am. That's when I had started the previous System Restore, and since it failed, I thought it wouldn't record it. It had.
Once again, I selected a Restore Point of October 27th.
It was now 11:50am.
System Restore warned me once again that the process could not be interrupted (sure, it can't :)
It went through the process of performing a system shutdown, started up and said "System Restore is initializing..."
32 minutes later, at 12:22, it was still running, and I told myself that I would be patient this time.
At 12:39, I noticed a change in the displayed message...System Restore is restoring the registry! Progress, at last.
At 12:50, the message changed to System Restore is removing Temporary Files. We were almost done.
At 12:51, the system shutdown, and began to reboot.
At 12;52, A message appeared that Windows was starting.
At 12:54, it was still restarting, and then it did something it hadn't done during my last System Restore, it rebooted.
I remember thinking "that's not good."
At 12:55, a message appeared that Windows was starting
At 12:56, the log in screen with my 5 user accounts appeared
I selected my normal account, entered the password and Windows said the user name or password was incorrect.
Hmmm....this was the original password for that account. It's never changed.
The password hint displayed properly, but it wouldn't let me log in.
I tried all 5 user accounts, including one that has no password.
Nothing. All of my accounts were inaccessible.
One thing you need to be careful of with System Restore is if you have created new user accounts, they may not be there when you do the restore.
But all of these user accounts were created within days of receiving the new PC in October of 2011.
My system was hosed.
Just for the heck of it, powered down and logged back in.
My mood was momentarily lightened when I entered my password, and 'something' appeared to happen.
Windows looked like it was trying to log me in, but then returned the same message---user name or password is incorrect.
I rebooted into Safe Mode.
Nothing.
My system was dead.
In the next 2 days, I would restore my system from a Windows Recovery CD, and ultimately I would get it back to where it was before. Windows Recovery didn't work quite the way I thought it would, but that's a story for another post.
Again, the moral of the story, if you run a System Restore, give it some time to finish. Although it's possible that my user account/password problems were caused by a Trojan, most likely it was caused by my impatience with the amount of time the System Restore took to complete.
Internet postings from others say that they have waited almost a full day to have it complete.
My previous experiences of a quick running System Restore fooled me into believing it had hung, when probably it had a lot of work to do.
Let's begin with the moral of this story: If you begin a System Restore, be patient and give it some time until you believe it has hung and before you pull the plug on it. Pulling the plug on a System Restore can have very bad effects...
For those of you not familiar with System Restore, whenever Windows performs an update (major, minor, I'm not sure) it creates an image of your Windows folders, along with the Registry, so if something bad or funny happens after the install, you can revert your Windows environment back to the point before the update.
System Restore can come in handy if you install something yourself, find it has made your system flaky, and your attempts to uninstall it aren't totally getting you back to where you were. Important: System Restore only restores System files and the Windows Registry.
System Restore can also be useful if a friend of yours sends you an email and tells you to click on a links---and it turns out that your friend is a hacker who has just installed a virus on your computer.
DON'T use this to restore an important Word or Excel document that you've deleted. It doesn't have that ability (check your Recycle Bin for that.)
To find System Restore, click on the Start button in Windows 7 and type System Restore.
Here's a Microsoft link that shows you what I mean...
Microsoft Windows 7 System Restore
Once you find System Restore in the selection window, click on it and a message box will appear telling you what it can do for you, and showing you the latest "Restore Point" available to you.
You can also click on the Next button to see other Restore Points.
Typically, I've seen 3 to 5 Restore Points available (these are big files) and you can go 'back' in time as far as Windows will allow you.
Since getting my Windows 7 PC last October, I had twice run a System Restore when it started misbehaving.
I woke up early on Saturday morning, November 3rd, to drive our daughter to a track meet bus pickup at 6am.
I was looking forward to using the Web to follow our niece Sophorn who was running a 100 mile Pinhoti Ultra marathon starting at 6am.
Habitually leaving my PC powered on all the time, I toggled my PC to wake up, and I was greeted with a message about an unresponsive script---in hindsight, probably Weatherbug but I wasn't sure.
Overall, the PC was running slow, and I decided to run a Malwarebytes scan before leaving to drop our daughter off at the school for her track meet bus ride.
When I returned 25 minutes later, the Malwarebytes scan had completed, and it reported that it had detected a Trojan of some kind and removed it. Malwarebytes also told me I had to reboot the PC to complete the removal process and I did so.
When the PC started up, McAfee came up with a message saying it had found the same Trojan and removed it.
Funny, I thought to myself, McAfee is taking credit for doing something that Malwarebytes did.
A minute later, while Windows was in the process of starting up all of its many processes, I received a windows RunDLL error indicating that ajgddba.dll could not be found and therefore could not be run. Specifically, Windows was looking for it in an
\Appdata\Local\AppleComputer\Apple
folder under my user account
I figured that the Trojan had probably placed its malicious code in that folder and updated the Registry to start it up when my PC was rebooted.
Error messages like this drive me crazy, and I wanted to get rid of it.
I did a Google search on the dll and the error message, and nothing obvious popped up.
Caution: Whatever you do DON'T do a Google search for this DLL. The links that are returned may not be trustworthy!
Since I didn't feel like updating the Windows Registry manually (laziness in hindsight) I thought I would use System Restore to revert back to my last Restore point.
System Restore had worked flawlessly (and quickly in under 5 minutes) twice before. In fact, according to my notes, the last time I ran it on July 23rd, it restored my system in just 2 minutes.
I fired up System Restore, and it reported that my last Restore Point was the previous Saturday, October 27th, at 4:18pm.
Although I didn't specifically remember a Windows update occurring then (I was actually on my way to 4:30pm Mass at the time,) I trusted the Restore Point, and told System Restore to do its magic.
I read the warning message that once started, System Restore cannot be interrupted (well, that's not true, you can always pull the plug :)
It was as 9:44am when I clicked on the System Restore button that asked me if I wanted to continue...
System Restore displayed a message that it was preparing to restore my system.
Then a message that it was shutting down.
The PC started up with a message stating "Please wait while your Windows Files and settings are being restored. System restore in initializing."
I knew from experience that in just a few minutes, I should receive a message that System restore is restoring the Registry, followed by another shutdown, a reboot and a message that System Restore has completed successfully.
The problem was that the initial message "Please wait...System restore is initializing..." never went away.
I waited from 9:45am until 10:12am.
I had a MoodleRooms chat scheduled for 11am, and I was impatient.
I used another PC to do a Google search on a non-responsive System Restore, and a Microsoft site said that I could power down and start again in Safe Mode if I believed System Restore was 'hung'.
In hindsight, I should have given the System Restore a few hours to work before I declared it 'hung'.
Instead, I powered down and restarted. Again, not the dumbest thing I've ever done but certainly in the dumb category.
I held my breath as the PC rebooted.
Much to my partial surprise, Windows announced that it was restarting, and the Log in pane (with my 4 user accounts) appeared.
I selected my normal account, entered my password and after a longer than usual start up time which started with a black desktop and no icons, a message appeared stating that
System Restore did not complete. Your files were not changed
Windows appeared to be boot up normally at this point.
My normal desktop appeared, and not surprisingly, that RunDLL message about not being able to find that mysterious file appeared again.
I remember thinking that I had dodged a bullet. Whatever System Restore had started to do, it either hadn't begun at all or had rolled back the changes. I was probably no worse off than when I had started.
It was now about 10:20am.
At this point, I should have made a copy of my User folder and put it on my "D" drive---but I had no way of knowing that the next time I booted up, I wouldn't be able to log into Windows.
I maintain a good backup procedure, and just about all of my day to day, important files are stored on my 2nd hard drive, and backed up periodically.
The User folder contains some data that is by default stored there...Internet favorite, scanned photos, downloaded files, Garmin running files (oops!)
My thought now was to run System Restore in Safe Mode.
First, I wanted to try to honor my commitment to my Internet students and host my MoodleRooms chat at 11am.
I completed the chat OK---if anything major was wrong with my system, I couldn't tell.
At 11:45am, I rebooted into Safe Mode, and logged on.
There was no RunDLL error message, which didn't surprise me.
I selected System Restore.
I was surprised to see System Restore report that I had run a System Restore at 9:43am. That's when I had started the previous System Restore, and since it failed, I thought it wouldn't record it. It had.
Once again, I selected a Restore Point of October 27th.
It was now 11:50am.
System Restore warned me once again that the process could not be interrupted (sure, it can't :)
It went through the process of performing a system shutdown, started up and said "System Restore is initializing..."
32 minutes later, at 12:22, it was still running, and I told myself that I would be patient this time.
At 12:39, I noticed a change in the displayed message...System Restore is restoring the registry! Progress, at last.
At 12:50, the message changed to System Restore is removing Temporary Files. We were almost done.
At 12:51, the system shutdown, and began to reboot.
At 12;52, A message appeared that Windows was starting.
At 12:54, it was still restarting, and then it did something it hadn't done during my last System Restore, it rebooted.
I remember thinking "that's not good."
At 12:55, a message appeared that Windows was starting
At 12:56, the log in screen with my 5 user accounts appeared
I selected my normal account, entered the password and Windows said the user name or password was incorrect.
Hmmm....this was the original password for that account. It's never changed.
The password hint displayed properly, but it wouldn't let me log in.
I tried all 5 user accounts, including one that has no password.
Nothing. All of my accounts were inaccessible.
One thing you need to be careful of with System Restore is if you have created new user accounts, they may not be there when you do the restore.
But all of these user accounts were created within days of receiving the new PC in October of 2011.
My system was hosed.
Just for the heck of it, powered down and logged back in.
My mood was momentarily lightened when I entered my password, and 'something' appeared to happen.
Windows looked like it was trying to log me in, but then returned the same message---user name or password is incorrect.
I rebooted into Safe Mode.
Nothing.
My system was dead.
In the next 2 days, I would restore my system from a Windows Recovery CD, and ultimately I would get it back to where it was before. Windows Recovery didn't work quite the way I thought it would, but that's a story for another post.
Again, the moral of the story, if you run a System Restore, give it some time to finish. Although it's possible that my user account/password problems were caused by a Trojan, most likely it was caused by my impatience with the amount of time the System Restore took to complete.
Internet postings from others say that they have waited almost a full day to have it complete.
My previous experiences of a quick running System Restore fooled me into believing it had hung, when probably it had a lot of work to do.
No comments:
Post a Comment