Re: Virus in system restore

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Eric Baines wrote:
How do I remove a file infected by a virus from within the system
restore directory?

Disabling System Restore on all partitions/drives should remove all
stored files, including the files containing infection. Using Disk
Cleanup to remove all but the latest restore point may not be the best
approach. The latest restore point is most likely where the infected
file will be located.

I recieved an email the other day that was a .zip file. I downloaded
it to my PC and virus scanned it using Sophos. It said that it had
scanned 3 items and they were OK. So I unzipped the file. It unzipped
5 files and immediately told me that one of the files was a .exe that
was infected with a virus. I immediately deleted all the files,
without running any of them and cleared my wastebasket. It can't have
been on my disk for more than a minute. I thought I had sorted the
problem.

The next day, the scheduled disk scan kicked in, and said I had a
copy of this virus in the directory that stores my restore points. I
tried to go to the directory, but even though I am an administrator
on that PC, it wouldn't let me go into the directory.

I was unsure what to do, but was determined to get rid of this thing.
Therefore, I switched off system restore, so it deleted all the files
in the directory. I scanned the directory and it said it was OK. I
then switched system restore back on, and when it had done that, I
scanned the whole disk, and it said I was OK.

But system restore is there for precisely this sort of situation -
where your PC is damaged and you want to go back to an undamaged
state.

System Restore was not designed to be an antivirus or malware removal
tool and should not be depended on to do so. A good up to date antivirus
application should have caught the virus before the email was opened. A
good antivirus application should have the ability to scan within zip
files.

What should I have done, that would have got rid of this file, without
getting rid of all my restore points?

I would suggest getting another antivirus application that has a
real-time scanner as discussed above, and set it to update daily.

Cheers

Eric

--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org


.

Relevant Pages

  • Re: Slowing performance on laptop
    ... - When was the last time you did a "Disk Cleanup"? ... unknown/unused applications? ... - What "antivirus tools" do you run regularly? ... The system restore feature is a new one - first appearing in Windows ...
    (microsoft.public.windowsxp.general)
  • Re: Defragmenting help needed
    ... |> remove all but the latest System Restore points? ... |> text of the folder name appears in blue characters. ... |> you can compress them. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: DEFRAG=25% Free Space w/Sys Volume Info..Restore DCFA
    ... System Restore but to use an option in Disk CleanUp. ... You can create more free space in C by ... Volume fragmentation ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Paging File on Second HDD
    ... If you do not need extra disk space then leave the pagefile as it ... The suggestions regard disk space should have yielded more than 4 mb. ... This suggestion alone "The default allocation to System Restore is 12% ... Internet Files, ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Hard Drive Space Disappeared
    ... System Restore will account for nearly 4 gb of the difference, ... some Uninstall folders in your Windows folder ... contents to save Disk Space. ... Free Space 3.86 GB. ...
    (microsoft.public.windowsxp.hardware)