PDA

View Full Version : System Restore Question



Chris09
20-12-2009, 10:44 PM
Rather than hijacking a post, which I see a lot of about turning System Restore off before cleaning the system, I've made another one.

Essentially to get rid of System Restore, would not give you any chance of a recovery to a former state. Why do you(people who say so) turn it off, before hand? The system will only restore the nasties if you do.

Here is an example of what I mean.

Turn Off System Restore > Malware Clean etc > Computer crashes and burns > no System Restore to recover back to former self - although infected files are better than none right?

So wouldn't it be better to... Create a System Restore Point as is, before clean > Malware Clean etc > Computer crashed and burns > If needed, recovery is available, otherwise we can turn it off, and back on after the clean.


Now I understand if this were happen, and the operating system was damaged due to removal of infected registry files, that you would repair the operating system with a disc. For those that do not have one, or do not know how, wouldn't this be a additional back up for a recovery - whatever circumstance that may need it?

Am I right to say the only way the System Restore would reinfect, is by restoring the PC back to that point, or can the files from that System Restore reinfect on next restart? If that was the case, I would understand. But if not, then what is the reason for not having that chance of recovering the PC back to an infected - but working state?

I wouldn't have thought about it, but I've seen on bleeping forums and others, that some do it that way.

So just wanting some enlightenment on that.

Thanks.

Coaster
20-12-2009, 11:03 PM
My method is ccleaner > malwarebytes > hjt > system restore off > reboot > system restore on > maybe spybot > NOD32 > windows update > malwarebytes > finally ccleaner.

Should only take half an hour of your actual time, total time may be 1 to 2 hours including scans.

Chris09
20-12-2009, 11:09 PM
Well, my personal method for cleaning basics..

System Restore Point Made > Ccleaner > Safe Mode > Trojan Remover > Malwarebytes > Spybot (Depending) > NOD32 > Back to OS > System Restore turned off > Restart > System Restore turned on > NOD32

But I see your logic.

Speedy Gonzales
20-12-2009, 11:11 PM
Well no turning SR off wont bring the nasties back. Thats why you disable it.

Because it removes the files that are in the SR folder/s. And this is where malware maybe hiding. And you'll have to turn it back on (after you remove whatever). But if you use SR to go back too far you'll wipe out programs you've already installed. What would you prefer? To disable SR, get rid of whatever, then turn it back on after, or reinstall all the programs all over again? Which will take longer.

feersumendjinn
20-12-2009, 11:31 PM
It's up to you, the user to decide if you clear the system restore points or not, just be aware that if you use that restore point thats infected, you will be reinfected, which makes any disinfection efforts pointless/redundant. Why not clear them, it's not as if they're any use to you (my two cents anyway). The only time I might do it your way, is if I had no OS images, restore partition & discs, or the original OS disc, but I wouldn't let myself be in that position (remember the 1st law of Murphy, sh1t happens).

gary67
21-12-2009, 06:46 AM
Make an image before doing anything then you can just re install if it crashes

pctek
21-12-2009, 07:53 AM
Turn Off System Restore > Malware Clean etc > Computer crashes and burns > no System Restore to recover back to former self - although infected files are better than none right?

So wouldn't it be better to... Create a System Restore Point as is, before clean > Malware Clean etc > Computer crashed and burns > If needed, recovery is available, otherwise we can turn it off, and back on after the clean.

.
No. Infected files are NOT better then none.

If the PC has corrupted or overwritten system files I do a Repair install.

SolMiester
21-12-2009, 08:14 AM
You dont have to disable SR if there are no nasties reported there, only if there is!

Blam
21-12-2009, 03:40 PM
No. Infected files are NOT better then none.

If the PC has corrupted or overwritten system files I do a Repair install.

+1 To that.

I used to leave SR on, in case a serious Windows file was infected....but having an infection on a PC is never good, so I turn it off, remove malware, then attempt a repair install if needed(or replace the system file if possible) then reformat.

SolMiester
21-12-2009, 04:26 PM
+1 To that.

I used to leave SR on, in case a serious Windows file was infected....but having an infection on a PC is never good, so I turn it off, remove malware, then attempt a repair install if needed(or replace the system file if possible) then reformat.

??

LOL

Blam
21-12-2009, 04:28 PM
lol...sleepy:p

Should be:

...then attemp a repair install if needed(or replace the system file is possible) and if that fails, a reformat:p

lol I Don't troubleshoot them randomly reformat :p