I often see posts on here refering to this. Am I right in assuming that malware "hiding" in system restore can only re-infect a machine if the user actually restores to a point when the malware was present? Or can it somehow self-execute without any input from the user to re-infect the system?
The reading material is very interesting but in my experience if you suspect your machine is being "reinfected" I would recommend disconnecting from the internet, turning off System Restore, reboot and scan for viruses and malware. Reboot.
Then turn System Restore back on and make a manual restore point if you are using Vista or W7. Rescan everything again!
The general consensus I believe is that it can't re-infect unless you use a restore point. I myself wouldn't be happy with malware present in the restore files though and would scan for the malware, when it is only reported as showing in the restore files turn restore off then on again to wipe the restore points.
The reasoning behind leaving the malware in the restore files until it has been removed from the system is that it may be better to restore to an infected state than have to completely re-install your system if something goes drastically wrong while removing the malware.
Malware reinfects from system restore after a restart or reboot of windows.
Although system restore is a windows protected folder and you wouldn't expect to access it until doing a restore. It seems that malware can hide there during a scan as windows prevents access, but the restore files are active during a reboot.
Some disagreement here then. woodchip: "it will only reinfect if Restore is used" Fruit Bat /\0/\: "Malware reinfects from system restore after a restart or reboot of windows." Never heard of this, FB, can you provide further info or a link? Most opinions seem to suggest this can only happen if restore is actually run.
Whatever the arguments, I've cleaned a lot of 'friends' PCs, and on a lot of those I've needed to stop sys restore, reboot, run the antimalware/virus scans again. Reboot and infection gone. The magic word is reboot I think. If the malware returns then it must be hiding somewhere. Stopping sys restore and running the security software again, rebooting and the virus/malware is gone can only mean one thing to me.
This thread is now locked and can not be replied to.