Results 1 to 9 of 9
  1. #1
    New Lounger
    Join Date
    Sep 2013
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Can a virus create or delete System Restore points?

    My machine began acting oddly starting last Friday. I was initially unable to get the System Restore application to run. After taking several other steps over the weekend to locate and remove any possible viruses, I am now able to run System Restore. However, it is only showing me one Restore point which is from a point in time prior to when I believe the infection took place. And that Restore point has a timestamp of just after midnight on the day before the beginning of the infection... even though I am certain the machine was turned off at that time. So I have two questions:

    - Is it possible for a virus to delete system restore points which were created prior to the when the machine was infected?
    - Is it possible for a virus to infect a machine, and then create its own restore point with a phony date and time?

    My machine has more than enough space for restore points, so there is no reason why it should have lost all of those which were created prior to last Friday. I'm probably being paranoid here, but I suspect that this virus may have deleted all the other old restore points, and then saved itself in a restore point which only looks like it was created prior to the infection. Has anyone heard of that happening, or if that is even possible?

    Thanks,
    Ted

  2. #2
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Welcome to the Lounge!

    "locate and remove any possible viruses" <- resulting details would be useful

    Almost anything is possible with malware, Ted. Best advice would be to take it to a specialist malware forum like Majorgeeks, BleepingComputer, TechSupportForum, Sysnative.com, etc.

    If you can access the logs from your anti-malware programs for the current problems, zip and attach them here, it should be possible to gain some clues from them.

  3. #3
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I also would not trust that restore point. If the virus somehow did something, this restore point could re-install the virus and start your problems over again.

    This is one of those times when a System Image created recently would have saved your bacon so to speak.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  4. #4
    New Lounger
    Join Date
    Sep 2013
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Viruses can delete restore points

    Hi,

    I just wanted to mention that you probably not being paranoid in this case. Viruses often do to turn off system restore entirely or remove older restore points. I assume it is done since it makes it harder to easily get around the viruses. I have seen this multiple times in my computer repair business.

    l would not trust the one restore point that is available and as others have mentioned, go to some other web sites for more detailed help in removing the possible virus.

    Good Luck

  5. #5
    2 Star Lounger
    Join Date
    Dec 2012
    Location
    New Hampshire
    Posts
    133
    Thanks
    11
    Thanked 16 Times in 11 Posts
    Totally agree. The "bad guys" who unleash this stuff are continuously getting better at preventing us from using tools to beat their malware. Lately I've seem some that prevents booting into safemode. My last resort (before removing the HD and scanning it as an attached drive) has been to use the Windows 7 Repair Disk that I was wise enough to create. I use it to do a system restore.

  6. #6
    2 Star Lounger
    Join Date
    Feb 2013
    Posts
    158
    Thanks
    36
    Thanked 14 Times in 13 Posts
    I had one recently which prevented safe mode restart but I was able to start in command mode and run malware bytes from dos wo internet, then log onto MBAM updates and run it again. It was the "Extortion Virus." It did delete my restore points and disable "Task Manager".
    It pays to know how to get to A-Virus SW in Dos.

  7. #7
    4 Star Lounger
    Join Date
    Jan 2010
    Posts
    496
    Thanks
    2
    Thanked 49 Times in 46 Posts
    Suppose some malware has somehow gotten into your Windows system but it has not yet shown any obvious symptoms to make you suspect a problem exists. Then Windows creates a new Restore Point (for example, you told Windows to create one before you install some new software, or a Windows Update causes a new Restore Point to be created, etc.) Now, your Restore Point includes the malware so when you use System Restore you are bringing back the malware again. To fix this, delete all Restore Points, then run anti-virus or whatever to remove the malware, then re-boot. With the Restore Points gone the malware should also be gone
    .

  8. #8
    Bronze Lounger DrWho's Avatar
    Join Date
    Dec 2009
    Location
    Central Florida
    Posts
    1,501
    Thanks
    30
    Thanked 205 Times in 163 Posts
    There are several AV and AS programs that you can set to scan inside of Restore Points.
    They can find and remove viruses stored there.

    Another way to eliminate those is to shut off system restore and reboot. That erases all Restore points.
    Then turn System Restore back on and manually make a new restore point.

    I run a script, in my Startup folder, that forces a new Restore Point every time I boot up my PC. That's at least once a day. It's always good to have a fresh Restore Point when you need it. Eh?

    Cheers Mates!
    The Doctor

    PS: If you'd like a copy of that script to Force an Instant Restore Point. Here it is:
    https://app.box.com/s/v0s7fhxx7yah6wgynik2
    Experience is truly the best teacher.

    Backup! Backup! Backup! GHOST Rocks!

  9. #9
    New Lounger
    Join Date
    Oct 2013
    Location
    California
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Most of the malware, viruses now a days able to delete the system restore points and creates their own. Rather than depending on Windows for restoring system, I would like to recommend you to go for third part solution like Faronic Deep Freeze, etc. These type of system software, restore the original configuration on every restart. I have faced same issue several months before and lost my most of the data. At that time, I have repaired my windows 7 os but not able to get the data. That's why rather than depending on the Windows restore, installed deep freeze which works good for me.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •