DOWNLOAD: Best tool to repair Windows problems & optimize system performance | Best driver update software for your PC
 
Results 1 to 9 of 9

Thread: Can System Restore reinfect your PC after you have cleaned it of Malware?

  1. #1
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,572

    Lightbulb Can System Restore reinfect your PC after you have cleaned it of Malware?

    This cannot happen so long as you have the AntiVirus or AntiSpyware application running that initially cleaned the infection. During a restoration, an active AntiVirus program scans for infected files.

    If the AntiVirus program detects any infected files, the AntiVirus program tries to modify, move, or delete the infected files. If the AntiVirus program successfully cleans the infected files, System Restore restores the cleaned files.

    However, if the AntiVirus software cannot clean a file, the AntiVirus software deletes or quarantines the file. As a result, the restoration does not work because these actions to the file cause an inconsistent restoration state.

    As a result, System Restore reverts to the state immediately before the restoration. Signature files for AntiVirus programs are updated as viruses become known.

    As a result, a restoration that did not work several days ago might succeed after the AntiVirus program is updated. However, if you undo and retry a restoration to a point that succeeded before, the restoration may not work if a new signature or definition detects a virus that the AntiVirus program cannot clean on a backed-up file."



    Nice read at source: How antivirus software and System Restore work together

  2. #2
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    A key point from the KB article is the following:

    As a result, the restoration does not work because these actions to the file cause an inconsistent restoration state. As a result, System Restore reverts to the state immediately before the restoration.
    Thus, if the program does not completely clean the file, there may not be a good restore point available. This is why my recommendation with MBAM and similar programs that scan SR to uncheck items in System Restore for removal. After the computer is clean, create a fresh restore point and then use Disk Cleanup to remove all but the last restore point.

    Errors in the cleanup process and f/p's are the reason I so adamantly disagree with recommendations by Symantec and others to clear System Restore prior to cleaning. An infected restore point is better than a doorstop.

  3. #3
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,572

    Default

    I used to suggest that one should disable system restore before running your AV, in case of a severe malware attack; but its looks like this isnt a good idea then, right?

  4. #4
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    Correct. If there is a false/positive (f/p), as does happen on occasion, there is no restore point to return to. It is much better to clean the system, create a fresh restore point and then use Disk Cleanup to remove all but the most recent restore point.
    Last edited by Corrine; 24th August 2010 at 18:20. Reason: clarify

  5. #5
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,572

    Default

    Thanks for this Corrine

  6. #6
    rkonit's Avatar
    rkonit is offline Gold Member
    Join Date
    Jul 2008
    Location
    Pilani, India
    Posts
    1,363

    Default

    Nice read... Thanks Andy for sharing this. Most of users do such mistake and get their PC infected again.

  7. #7
    jelson's Avatar
    jelson is offline Beginner
    Join Date
    Jan 2010
    Posts
    28

    Default

    Quote Originally Posted by Corrine View Post
    An infected restore point is better than a doorstop.


    Very true. But a partition image of a clean system drive is even better. Who needs System Restore then? But that's just MHO.

  8. #8
    roraniel's Avatar
    roraniel is offline Gold Member
    Join Date
    Oct 2008
    Location
    Pinehurst, NC
    Posts
    860

    Default

    Quote Originally Posted by jelson View Post


    Very true. But a partition image of a clean system drive is even better. Who needs System Restore then? But that's just MHO.
    System Restore still has a purpose even though you have a disk image. It can be a quick solution that does not affect your personal data files.

  9. #9
    satyamy's Avatar
    satyamy is offline Beginner
    Join Date
    Jul 2008
    Location
    Mumbai
    Posts
    31

    Default

    ohhh, never thinked of this......
    thanks, really nice info

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22