Results 1 to 6 of 6
  1. #1
    New Lounger
    Join Date
    Jun 2012
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    How do I stop System Restore from bringing back a couple of viruses?

    Good Evening;
    I've got a doozy of a problem that has resulted in me shutting off system restore on my computer. Last weekend I managed to get a couple of real nasty viruses and a windows installer trojan that just wouldn't stop coming back no matter what. No sooner would my AV program remove them but they'd pop back up. Finally I shut off system restore ran my scan again and got rid of them. But upon reactivating System Restore there they were again. So,again, I shut off System Restore and left it off.
    The other problem I'm having is that when System Restore is working properly it will not allow me to go back any more than a couple of hours. I tried going back a week before I contracted these viruses to no avail. It failed to do the restore and I have no idea why. This isn't the first time I've had system restore go on the fritz on me like this, but I'd love to know how to stop it from doing so.
    Regards,
    Walter Reinhart

  2. #2
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Walter, Welcome to the Lounge. Always nice to see new members.

    This MS article should help. You cannot delete just 1 restore point. You can delete them all, or delete all but the last 1 created. I would think deleting them all would be appropriate in your case.

    After doing so you might want to defrag your system, then use the Drive Wiper section of CCleaner to wipe the free space. Since deleting something does not actually remove it, just makes the space available for something else, wiping the free space will overwrite the virus code.

    DriveWiper.jpg
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  3. #3
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    Fishkill, New York, USA
    Posts
    435
    Thanks
    96
    Thanked 35 Times in 31 Posts
    You might also run TDSSKiller.
    http://kaspersky-tdsskiller.soft32.c...FQjf4AodXF1MuA

    Rich

  4. #4
    New Lounger
    Join Date
    Jun 2012
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi, and thank you for the welcome. I have already run TDSSKiller and it came up clean. I am currently running a defrag as requested as well and will also run the drive wiper to wipe the free space. The only thing is I had already deleted all the restore points before I restarted System Restore and was more than surprised when the blasted virus and trojan installer came back. That's when I decided to shut the system restore off. Since I've done that I haven't had any alerts about malware or viruses being blocked and moved to the virus chest.
    Once I've run everything suggested I will re-enable System Restore and let you know what happens.
    Thank you.

  5. #5
    4 Star Lounger
    Join Date
    May 2012
    Posts
    404
    Thanks
    0
    Thanked 49 Times in 39 Posts
    You need to allow adequate space for Restore Points which include an image of the installation at that point in time together with all the programs you have installed. It depends on the latter as to how many of those that there are.

    By default, System Restore takes 12% of each drive unless you only use SR for the root (C). If you reduce it to say 1 or 2%, then you may only have one Restore point you can use at any one time.

    As regards the virus or trojan reappearing, it's often the case that one trojan is used to install more malware and one of those may not be included on your AV DAT file yet.

    Also, you need to make sure that when you run a scan, you've configured the options to include Packers which aren't necessarily used on Windows systems. A typical example is "Gzip" which is normally only used in UNIX systems, but which has now started to appear on Windows infections.

    There are plenty of standalone AV apps you can download which don't need to be installed and therefore won't interfere with whichever AV you use at the moment. Here are a couple of examples.


    In addition, I suggest downloading the free edition of Malwarebytes: http://www.malwarebytes.org/products/malwarebytes_free and running regular scans.

    Also, a good free utility is "CurrPorts" which is available here: http://www.nirsoft.net/utils/cports.html
    It shows which ports are open on your system and which applications are using them. Suspicious activity will be highlighted in pink. Right click to kill a process or close a connection.

  6. #6
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Vermont
    Posts
    131
    Thanks
    1
    Thanked 11 Times in 10 Posts
    You say your AV is identifying the virus, what is the name of it? A little more information on anything you know about the virus plus what its symptoms are doing would help in a solution. Also, you've run all the standard maleware programs I assume, Malwarebytes, SuperAntiSpyware? This isn't the fake system restore virus is it? http://answers.microsoft.com/en-us/w...c-68b599b31bf5

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •