PDA

View Full Version : is using system restore to remove a virus a good idea?



davidhe
26-01-2005, 08:37 AM
I recently came across a virus called "backdoor.trojan" and I decided the easiest way to remove it is to use system restore. Is this the best way to remove the virus? and is the virus still on my harddrive?

agent
26-01-2005, 08:47 AM
System Restore is not designed to allow the removal of viruses, trojan horses, and other similar nasties.

You'll want to download a free virus scanner such as Avast (http://www.avast.com/) or AVG (http://www.grisoft.com/).

Speedy Gonzales
26-01-2005, 08:59 AM
Some people disable system restore to remove it with a virus scanner or something, then turn it back on after.

godfather
26-01-2005, 09:05 AM
System Restore only restores Windows System files to an earlier date.

Unless the trojan had infiltrated a system file or was posing as one, it would be unaffected. If it had posed as one, then its likely to have been stored in system restore, and require all restore points to be purged.

So, no it is not a good idea to try to eliminate trojans by that method.

fox1mc
26-01-2005, 04:22 PM
Some people disable system restore to remove it with a virus scanner or something, then turn it back on after.

The reason this is done is that, with some virus scanning software, after a virus has been removed from the system, the windows system restore points dating to the period when the system was infected may contain enough references to infected data to trigger a virus warning. However, no anti-virus I've used was able to clean these protected files.

Thus, the simple solution is to go into the recovery options and turn off system restore (this deletes all previous restore points). System restore can be immediately turned back on, and the seemingly infected records will be gone.
-------------------------------
As for using system restore, that won't work, as several people above mentioned, since, at best, the restore would only clean infected registry entries. Pretty much any respectable virus will use a variety of back-up files in other areas to re-insert itself in the registry, leaving you back where you started.