System restore and virus & spyware scans

  CurlyWhirly 21:42 18 Jun 2005
Locked

I am just curious as to *why* spyware, viruses, etc. that lurk in the System Restore files are detected by scanners after the hard drive has been checked and is all clean?


I thought that the System Restore files were 'protected' by the operating system i.e. *only* the operating system has access to these files?


I know that the cure is to make sure that your system is clean and then disable System Restore to 'clear out' the malware and then reboot and turn System Restore back on but I am wondering *how* scanners can detect that there's something bad in these files in the first place?


As always I am grateful for any help to answer my little query!

  mattyc_92 21:45 18 Jun 2005

They don't normally see anything in this directory because, as you have said, only the operating system can access it.

Maybe, some scanners can act as "SYSTEM" so they can access ALL directories (well unless you remove SYSTEM from the permissions list for a folder)

  VoG II 21:49 18 Jun 2005

They can "see" them but cannot access them to delete the infected files.

  CurlyWhirly 22:09 18 Jun 2005

So that explains it then, they can "see" the malware but as they can't fix the problem then *every* time you run these scanners it is picked up.
Thanks for clearing that up for me!

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Dell XPS 13 9370 (2018) review

No need to scan sketches into your computer with Moleskine's new smart pen

HomePod review

Streaming : Netflix ou Amazon Prime Video ?