Unzip it. Then RIGHTCLICK the VArestorepolicies.inf and select to Install from the Context menu.

Then, log off or reboot to apply the changes.

Note: Above will set the display in the Startmenu to Windows default. This in case you have modified this previously and already "disabled" some StartMenu items there.
It will also delete some policies which you *may have set yourself previously.

You might notice the words VIRUS ALERT! beside the System clock after being infected with one of the Zlob-Media Codec infections.



It's also displayed under the ProductID in your System Properties > General:



In the Registry, the following values are affected and replaced with VIRUS ALERT!

[HKEY_CURRENT_USER\Control Panel\International]
"sTimeFormat"="h:mm: VIRUS ALERT!"

Which explains the VIRUS ALERT! words in the clock.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
"ProductId"="VIRUS ALERT!"

Which explains the VIRUS ALERT! in the System Properties.

In both cases, on every computer, above default values are different, because for the clock settings, it depends what the Regional Settings are.
To restore the VIRUS ALERT! in the clock settings, Go to start > run and type: intl.cpl
Hit enter
This opens the Regional Settings properties.
Under the tab Regional Options > standards and formats, from the dropdown list, re-select your region again.

In my case it is set to English (United States), but in your case, it may be different ofcourse.
By default the correct region should already be displayed there, but you have to re-select it, or select another Region first and then select your Region again > click apply and OK. This will reset the default data in the Registry for the sTimeFormat, so the VIRUS ALERT! should be gone.
(in some cases, you need to log off in order to make the changes)
(Extra note: In case you're having problems with above instructions, see the latest part of this post how to restore the policies first.)

For the ProductID - this is somewhat more advanced since every ProductID is different.
You need to restore that value in the Registry again with your ProductID. The ProductID will be a 20 long string of numbers and is used when you call Microsoft for support. It may also affect Windows XP Validation, an error in System tray with "Unable to complete genuine Windows validation" and/or you *may receive the error: "0x80080201 Cannot detect product ID (PID)"

The ProductID that was modified here is under the:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
"ProductId"="XXXX-XXX-XXXXXXX-XXXXX"

Note, this is not your Product Key used to install Windows!

To retrieve your Product ID and restore it for above key/value, you can find it under next value in the registry as well:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
"ProductId"="XXXX-XXX-XXXXXXX-XXXXX"

If you're not familiar with the registry, I suggest you use the Microsoft Genuine Advantage Diagnostic (MGADIAG) tool instead to retrieve your Product ID.

Run MGADiag.exe, click Continue and you'll find your Product ID under the Windows Tab.



There you can find your Product ID.
Now you have to restore that value in the registry again.
To do this, go to start > run and type: regedit
This will open your Registry Editor.
(Extra note: In case you're having problems with above instructions, see the latest part of this post how to restore the policies first.)

Now browse to the following key by expanding the folders (keys)
HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows NT > CurrentVersion
On the right, you should find: ProductId
In your case, you'll see VIRUS ALERT! next to it.
Doubleclick the value to open it and edit the string as you see in the screenshot below:



Where you see VIRUS ALERT! in the "edit string Window", delete the VIRUS ALERT! in there and replace it with your Product ID key you retrieved previously: XXXX-XXX-XXXXXXX-XXXXX
The X stands for random numbers/letters
Click the OK button after you edited the ProductID value in the Edit string Window to apply the changes.

Note2: Above instructions only remove the VIRUS ALERT! in the clock and System properties and the restrictive policies+registry modifications being set. This doesn't clean the infection itself if still present. As long as the infection is still present and active, it will replace above values (with VIRUS ALERT!)+policies again.
 

Dial-A-Fix - download this program to fix common Windows Update errors and MSI installer errors.

Dial-a-fix-v0.60.0.24.zip (328.12 KB)

I recently had an encounter with Quickbooks PRO 2008 running on Windows Vista Service Pack 1.  My laptop locked up with Quickbooks open and when I restarted, I could no longer access my company data file.  When I opened Quickbooks, it acted like it was opening and then gave a Windows error message that "Quickbooks has stopped working" and gave me the option to send the report to Microsoft and options to either close or close and restart Quickbooks.  I searched and searched for a solution to no avail.  Intuit's site had one article that basically said "we know of this problem but have no solution."  I cleared the last company file from the registry and was able to open Quickbooks and create a new file without problem which isolated the problem to the company data file.  After searching all over for a solution I remembered I had a dual-boot of XP on my laptop with Quickbooks 2008 installed.  I booted to XP, opened Quickbooks and the company file opened without error.  I closed the file and then booted back to Vista, opened Quickbooks, and the file opened fine!  It appears that when the company file was not properly closed, it caused an un-resolved problem with Quickbooks on Vista; once I opened the file on another instance of Quickbooks and closed it properly, the problem in Vista went away.