Malware hiding in system restore

  Number six 23:33 17 Nov 2010
Locked

I often see posts on here refering to this. Am I right in assuming that malware "hiding" in system restore can only re-infect a machine if the user actually restores to a point when the malware was present? Or can it somehow self-execute without any input from the user to re-infect the system?

  Sea Urchin 23:53 17 Nov 2010

Some reading material

click here

click here

  Taff™ 01:34 18 Nov 2010

The reading material is very interesting but in my experience if you suspect your machine is being "reinfected" I would recommend disconnecting from the internet, turning off System Restore, reboot and scan for viruses and malware. Reboot.

Then turn System Restore back on and make a manual restore point if you are using Vista or W7. Rescan everything again!

  gazzaho 05:23 18 Nov 2010

The general consensus I believe is that it can't re-infect unless you use a restore point. I myself wouldn't be happy with malware present in the restore files though and would scan for the malware, when it is only reported as showing in the restore files turn restore off then on again to wipe the restore points.

The reasoning behind leaving the malware in the restore files until it has been removed from the system is that it may be better to restore to an infected state than have to completely re-install your system if something goes drastically wrong while removing the malware.

  Fruit Bat /\0/\ 09:55 18 Nov 2010

Malware reinfects from system restore after a restart or reboot of windows.


Although system restore is a windows protected folder and you wouldn't expect to access it until doing a restore.
It seems that malware can hide there during a scan as windows prevents access, but the restore files are active during a reboot.

  VCR97 20:21 18 Nov 2010

Won't scanning in Safe Mode do the trick?

  MAT ALAN 21:03 18 Nov 2010

Won't scanning in Safe Mode do the trick?

No, best and simplest way to be rid if spy/malware in "system volume info files" is to turn off and then turn on again...
click here

  woodchip 23:05 18 Nov 2010

As above it will only reinfect if Restore is used, Its up to you if you want to restore Malaware. Me if PC running okay would turn Restore off then back on to create a new clean point

  Number six 22:59 19 Nov 2010

Some disagreement here then.
woodchip:
"it will only reinfect if Restore is used"
Fruit Bat /\0/\:
"Malware reinfects from system restore after a restart or reboot of windows." Never heard of this, FB, can you provide further info or a link? Most opinions seem to suggest this can only happen if restore is actually run.

  rdave13 23:46 19 Nov 2010

Whatever the arguments, I've cleaned a lot of 'friends' PCs, and on a lot of those I've needed to stop sys restore, reboot, run the antimalware/virus scans again. Reboot and infection gone. The magic word is reboot I think.
If the malware returns then it must be hiding somewhere. Stopping sys restore and running the security software again, rebooting and the virus/malware is gone can only mean one thing to me.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

50 best online Adobe XD tutorials

iPad Pro 10.5in (2017) review

Comment connecter un MacBook à une TV ?