System restore to remove viruses ?

  setecio 10:35 19 Jan 2009

Does system restore generally work in removing viruses ?

I'm guessing not, but if not, why not since I thought system restore took a snapshot of the OS at a certain time (ie before the infection).

  kindly 10:39 19 Jan 2009

No it does not setecio. It is a backup part of your computer disc. If you have a virus then do a system backup it will copy its self into it. Really only thing to do after being infected is to get rid of infection then switch of restore and then restart it. This will get rid of anything in there and also your restore points. Hope this helps you.

  Marko797 10:39 19 Jan 2009

I don't know why or how, but a virus seems to remove any restore points...certainly in my experience anyway, so in answer to ur question, I would say 'No'.

I don't know how u can safeguard against it either other than ensuring u have effective, up to date security, and even then a virus can sometimes get thru. Happened to me when I had AVG, so therefore switched to Avast. No such problems since.

  setecio 10:44 19 Jan 2009


So if I knew when the virus infection occurred, and a system restore point still exists before this time, could I restore to this time, then turn off system restore to delete the infected restore points after this ?

Would that work or can viruses even infect previous restore points ?

  kindly 13:05 19 Jan 2009

No, it does not work that way. If you know you have a virus and the computer has done its own checkpoint the virus will still be there. You have to get rid of all the points that it could be in and that I am sure includes the restore part.
Someone else more expert than me should be able to tell you. I am sure though you will have to shut restore down then restart after getting rid of the virus.

  setecio 13:40 19 Jan 2009

I wonder if it is easily possible to save the sytem restore points to an external hard drive which is unplugged afterwards, and then use these if it gets infected.

  Fruit Bat /\0/\ 14:02 19 Jan 2009

Best thing is to get a copy of Acronis True Image and make regular backups to external media.

you can then restore to an uninfected backup in less than 15 minutes.

  postie24 16:52 19 Jan 2009

Do a virus scan in safe mode,and remember to turn the system restore back on.

  setecio 19:13 19 Jan 2009

OK thanks, Acronis sounds the best option.

  gazzaho 22:14 19 Jan 2009

Restore can actually retain a virus. I got a virus warning while using kaspersky quite a few years ago and no matter how many times I tried to remove it, on reboot it kept re-detecting the damn thing. Eventually, after a lot of hair and sanity loss I realised the file was residing inside the system restore. If I remember correctly I had to switch restore off and then do the scan in order to remove it, then switch restore back on.

Also, Acronis is only backup software, if a virus is on your system and you backup you're backing up the virus as well.

the only way to reduce the risk of infections is to get yourself a good virus/malware package, update regularly and keep your fingers crossed.

  hanric 12:44 19 Nov 2009

My daughter got one of those 'scareware' viruses about a month ago. I went online and got a removal programme that, for whatever reason, couldn't/wouldn't work. After 2 hours of messing about, and being assured that all her homework/GCSE projects had been backed up, I picked a restore point about 2 weeks previous. 15 minutes later, no problems and non since.

