System restore vs Virus

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hypothetical question
If my computer is infected with a virus/worm and I system restore it to an
infectionless date previous to catching the infection, can I safely say I no
longer have an infected computer. In other words can I use my system restore
feature to clean out a virus? Thanks for all comments.
Franktee

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

I think If ur PC is infeced by a virus ,then other files also get
infected,
System restore only restores OS files and Program files.
I dont think this trick works.
"Franktee" <Franktee@discussions.microsoft.com> wrote in message
news:47C3BF26-F1AE-4A10-91FF-6D2CFAEE636B@microsoft.com...
> Hypothetical question
> If my computer is infected with a virus/worm and I system restore it to an
> infectionless date previous to catching the infection, can I safely say I
no
> longer have an infected computer. In other words can I use my system
restore
> feature to clean out a virus? Thanks for all comments.
> Franktee

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Bobby wrote:

> Yes. This normally works. Ignore the other replies.

"Bobby" is a moron. Ignore his posts.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Franktee wrote:
> Hypothetical question
> If my computer is infected with a virus/worm and I system restore it
> to an infectionless date previous to catching the infection, can I
> safely say I no longer have an infected computer. In other words can
> I use my system restore feature to clean out a virus? Thanks for all
> comments.

No.
Clean it with an AntiVirus software and/or the instructions given by many AV
suppliers.
Then - in my opinion - empty all of your System Restores and start with
fresh ones - because a virus can be stored in your system restores.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Franktee wrote:

> Hypothetical question
> If my computer is infected with a virus/worm and I system restore it
> to an infectionless date previous to catching the infection, can I
> safely say I no longer have an infected computer. In other words can
> I use my system restore feature to clean out a virus?


No. System Restore restores system files and viruses can reside in other
files.


--
Ken Blake
Please Reply to the Newsgroup

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Sun, 28 Aug 2005 11:46:23 -0700, "Franktee"
<Franktee@discussions.microsoft.com> wrote:

>Hypothetical question
>If my computer is infected with a virus/worm and I system restore it to an
>infectionless date previous to catching the infection, can I safely say I no
>longer have an infected computer. In other words can I use my system restore
>feature to clean out a virus?

No. System Restore isn't a full backup. It is a partial backup
(registry and some drivers). If you have malware on your disk before
a System Restore, it will still be there after a System Restore.

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com/
"What in heaven's name brought you to Casablanca?"
"My health. I came to Casablanca for the waters."
"The waters? What waters? We're in the desert."
"I was misinformed."

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hi

If the virus is in SR, then you will need to turn SR off and then on again
to get rid of the virus. It's not possible to say exactly where in SR the
virus may be.

--


Will Denny
MS MVP Windows Shell/User
Please reply to the News Groups

"Franktee" <Franktee@discussions.microsoft.com> wrote in message
news:47C3BF26-F1AE-4A10-91FF-6D2CFAEE636B@microsoft.com...
> Hypothetical question
> If my computer is infected with a virus/worm and I system restore it to an
> infectionless date previous to catching the infection, can I safely say I
> no
> longer have an infected computer. In other words can I use my system
> restore
> feature to clean out a virus? Thanks for all comments.
> Franktee

 

[Bobby]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Yes. This normally works. Ignore the other replies.

"Franktee" <Franktee@discussions.microsoft.com> wrote in message
news:47C3BF26-F1AE-4A10-91FF-6D2CFAEE636B@microsoft.com...
> Hypothetical question
> If my computer is infected with a virus/worm and I system restore it to an
> infectionless date previous to catching the infection, can I safely say I
> no
> longer have an infected computer. In other words can I use my system
> restore
> feature to clean out a virus? Thanks for all comments.
> Franktee

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Bobby" <bobby@aventuremail.com> wrote in message
news:3nega9F14ro5U1@individual.net...
> Yes. This normally works. Ignore the other replies.
>

This is very bad advice. DO NOT FOLLOW THIS ADVICE. It would nbe a very
simple virus indeed if a system restore got rid of it. The opposite is true
in most cases. If you use an ant-virus program to get rid of the virus and
then do a system restore the virus will come back.

Kerry

 

[Rock]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Bobby wrote:

> Yes. This normally works. Ignore the other replies.
>
> "Franktee" <Franktee@discussions.microsoft.com> wrote in message
> news:47C3BF26-F1AE-4A10-91FF-6D2CFAEE636B@microsoft.com...
>
>>Hypothetical question
>>If my computer is infected with a virus/worm and I system restore it to an
>>infectionless date previous to catching the infection, can I safely say I
>>no
>>longer have an infected computer. In other words can I use my system
>>restore
>>feature to clean out a virus? Thanks for all comments.
>>Franktee
>
>
>

Just to mention one possibility, what about a virus on a partition not
monitored by system restore? Your advice is very bad.

--
Rock
MS MVP Windows - Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hi Franktee,

System Restore was not designed to be virus removal tool, and should not be relied upon to
do so. There are many virus/malware removal tools available for the download pacifically
designed for this purpose.

Here are some virus and spyware removal tips.
http://bertk.mvps.org/html/spyware.html

--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org

Franktee wrote:
> Hypothetical question
> If my computer is infected with a virus/worm and I system
> restore it to an infectionless date previous to catching
> the infection, can I safely say I no longer have an
> infected computer. In other words can I use my system
> restore feature to clean out a virus? Thanks for all
> comments.
> Franktee

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Virus is more likely to win over Pisstem Restore...

- Winux P

"Franktee" <Franktee@discussions.microsoft.com> wrote in message
news:47C3BF26-F1AE-4A10-91FF-6D2CFAEE636B@microsoft.com...
> Hypothetical question
> If my computer is infected with a virus/worm and I system restore it to an
> infectionless date previous to catching the infection, can I safely say I
> no
> longer have an infected computer. In other words can I use my system
> restore
> feature to clean out a virus? Thanks for all comments.
> Franktee

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Some viruses specifically target system restore points as part of their
payload. And in those cases system restore should be disabled, and all
former restore points deleted.
The safest way to save your system is with an imaging file to removable
media. And to restore the original boot record if that is available as part
of the image file restoration.

"Franktee" <Franktee@discussions.microsoft.com> wrote in message
news:47C3BF26-F1AE-4A10-91FF-6D2CFAEE636B@microsoft.com...
> Hypothetical question
> If my computer is infected with a virus/worm and I system restore it to an
> infectionless date previous to catching the infection, can I safely say I
no
> longer have an infected computer. In other words can I use my system
restore
> feature to clean out a virus? Thanks for all comments.
> Franktee

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

System Restore should not be disabled until AFTER all virus/malware is removed.

Virus and Spyware removal and prevention:
http://bertk.mvps.org/html/spyware.html

--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org

Lil' Dave wrote:
> Some viruses specifically target system restore points as
> part of their payload. And in those cases system restore
> should be disabled, and all former restore points deleted.
> The safest way to save your system is with an imaging
> file to removable media. And to restore the original
> boot record if that is available as part of the image
> file restoration.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Bert Kinney wrote:
>
> System Restore should not be disabled until AFTER all virus/malware is removed.

You have it backwards. Disable system restore first.


> Virus and Spyware removal and prevention:
> http://bertk.mvps.org/html/spyware.html
>
> --
> Regards,
> Bert Kinney MS-MVP Shell/User
> http://bertk.mvps.org
>
> Lil' Dave wrote:
> > Some viruses specifically target system restore points as
> > part of their payload. And in those cases system restore
> > should be disabled, and all former restore points deleted.
> > The safest way to save your system is with an imaging
> > file to removable media. And to restore the original
> > boot record if that is available as part of the image
> > file restoration.

--
http://www.bootdisk.com/

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Negative, I do not have it backwards!!!

Give me one good reason to disable System Restore before a system has been cleaning...

Additional info:

Should I purge all my restore point before removing virus & malware infection?
http://bertk.mvps.org/html/tips.html#PurgeAndClean

AumHa Forums
http://aumha.net/viewtopic.php?t=15265

Bug busting: Getting Rid of Spyware
http://www.microsoft.com/windows/IE/community/columns/bugbusting.mspx

--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org

Plato wrote:
> Bert Kinney wrote:
>>
>> System Restore should not be disabled until AFTER all
>> virus/malware is removed.
>
> You have it backwards. Disable system restore first.
>
>
>> Virus and Spyware removal and prevention:
>> http://bertk.mvps.org/html/spyware.html
>>
>> --
>> Regards,
>> Bert Kinney MS-MVP Shell/User
>> http://bertk.mvps.org
>>
>> Lil' Dave wrote:
>>> Some viruses specifically target system restore points
>>> as part of their payload. And in those cases system
>>> restore should be disabled, and all former restore
>>> points deleted. The safest way to save your system is
>>> with an imaging file to removable media. And to
>>> restore the original boot record if that is available
>>> as part of the image file restoration.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

In article <eUz$sTarFHA.3452@TK2MSFTNGP14.phx.gbl>, bert@NSmvps.org
says...
> Give me one good reason to disable System Restore before a system has been cleaning...

Because the files in the System Restore area could also be compromised
and are not to be trusted. If you disable the System restore area you
can always restore it after cleaning the system.

--

spam999free@rrohio.com
remove 999 in order to email me

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Yes, "could be compromised" but that doesn't make the restore points any less useful.
True, there are times they may not function anyway, but I just don't want to send a
message that restore points should be deleted when they could be useful. And they may not
contain infected files in the first place. I see no harm in keeping them.

--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org



Leythos wrote:
> In article <eUz$sTarFHA.3452@TK2MSFTNGP14.phx.gbl>,
> bert@NSmvps.org says...
>> Give me one good reason to disable System Restore before
>> a system has been cleaning...
>
> Because the files in the System Restore area could also
> be compromised and are not to be trusted. If you disable
> the System restore area you can always restore it after
> cleaning the system.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

As you said, it should be disabled after the scans if need be. Some scanners
set a restore point before they remove anything.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Bert Kinney" <bert@NSmvps.org> wrote in message
news:eUz$sTarFHA.3452@TK2MSFTNGP14.phx.gbl...
> Negative, I do not have it backwards!!!
>
> Give me one good reason to disable System Restore before a system has been
> cleaning...
>
> Additional info:
>
> Should I purge all my restore point before removing virus & malware
> infection?
> http://bertk.mvps.org/html/tips.html#PurgeAndClean
>
> AumHa Forums
> http://aumha.net/viewtopic.php?t=15265
>
> Bug busting: Getting Rid of Spyware
> http://www.microsoft.com/windows/IE/community/columns/bugbusting.mspx
>
> --
> Regards,
> Bert Kinney MS-MVP Shell/User
> http://bertk.mvps.org
>
> Plato wrote:
>> Bert Kinney wrote:
>>>
>>> System Restore should not be disabled until AFTER all
>>> virus/malware is removed.
>>
>> You have it backwards. Disable system restore first.
>>
>>
>>> Virus and Spyware removal and prevention:
>>> http://bertk.mvps.org/html/spyware.html
>>>
>>> --
>>> Regards,
>>> Bert Kinney MS-MVP Shell/User
>>> http://bertk.mvps.org
>>>
>>> Lil' Dave wrote:
>>>> Some viruses specifically target system restore points
>>>> as part of their payload. And in those cases system
>>>> restore should be disabled, and all former restore
>>>> points deleted. The safest way to save your system is
>>>> with an imaging file to removable media. And to
>>>> restore the original boot record if that is available
>>>> as part of the image file restoration.
>
>