UK Edition
FeedsYou Are In: Home > Forums
> Internet and Technology Forums
> Computing and Networks
> Virus In System Restore
|
|
| Register | Blogs | FAQ | Calendar | Search | Today's Posts | Mark Forums Read |
| Computing and Networks For discussion of personal computing and home networking issues. |
 |
|
|
Thread Tools |
30-11-2009, 00:18
|
#1 |
|
Forum Member
Join Date: Jan 2006
Location: Preston
Services: Freeview, Windows XP & Win 7, 8meg Broadband, Quiz Call Winner
Posts: 8,059
|
Virus In System Restore
How do or what manages to get in the system restore volume of the pc? it's a right pain when it happens.
TR/Agent.146800.A 
|
|
|
| Most Popular on Digital Spy |
|
Please sign in or register to remove this message. |
|
30-11-2009, 00:35
|
#2 |
|
Forum Member
Join Date: Nov 2005
Posts: 1,167
|
If you are asking how to get rid of a recurring virus then you need to turn off system restoe and delete the backup files.
Reboot and do a virus scan. If all comes back clear enable system restore. |
|
|
|
|
30-11-2009, 04:06
|
#3 |
|
Forum Member
Join Date: May 2009
Gender: Male
Location: East Devon (UK)
Services: LotsOfServices.30yr EngSci, so TechLit 'ish
Posts: 960
|
Yeah I dunno either. I have Avira and WinPatrol.
And am also very PC savvy for last 30 years. First prog was on punched card (dont ask) Still get hit, Dont open attachments, but you can click on an advert by mistake. Even these here in DigiSpy. Most seem to bugger up restore pts. Several hours work. If you can archive off to external HDD or network disc and then do a recovery that is last resort. See cnet.com for downloads first. Run Avira full scan. Malware Btyes (mbam.exe) Combofix.exe (ignore amateur warnings it is fine) Ccleaner Kaspersky if you have to. But it tends to delete all of the above without asking. Although it tells you while it is doing it. Cheers Ivan. |
|
|
|
|
30-11-2009, 04:17
|
#4 |
|
Forum Member
Join Date: May 2009
Gender: Male
Location: East Devon (UK)
Services: LotsOfServices.30yr EngSci, so TechLit 'ish
Posts: 960
|
Make sure Avira options set to Quarantine then delete.
You need to click "Expert Config" Then go thru every menu and sub menu...scanner and guard. Takes about 5 mins. I still love Avira tho'. Avast and AVG were worse. |
|
|
|
|
30-11-2009, 11:32
|
#5 |
|
Forum Member
Join Date: Oct 2009
Posts: 1,007
|
open pc in safe mode switch off system restore ,scan and quarantine all suspect files found ,
restart in normal mode switch system restore on and re scan . might take a couple of scans to clear all infected files but that should do it if virus is identified , check out rising and trend online scans they are shit hot and try trend house cleaner for a bleached clean finnish . |
|
|
|
|
30-11-2009, 12:45
|
#6 |
|
Forum Member
Join Date: Oct 2000
Location: East Sussex
Services: SkyHD, PlusNet ADSL, Pointless Posts: 6,954
Posts: 8,430
|
I don't believe it's possible to remove any infection that's in the system restore files, they are protected to ensure they cannot be tinkered with so that backups do exactly that, backup (virus and all)
System restore files don't get infected as such, they might have a virus in it because they were created when the infection was in the PC. More info here |
|
|
|
|
30-11-2009, 19:29
|
#7 |
|
Forum Member
Join Date: May 2009
Gender: Male
Location: East Devon (UK)
Services: LotsOfServices.30yr EngSci, so TechLit 'ish
Posts: 960
|
Restore files are in c:\System Volume Information and they do get infected.
Try Create a restore Point then Restore that point. If it fails...you are infected. Also, SysVolInfo is a hidden folder. Tools/Options View Hidden System files to see it. But a virus disables that. Google "cannot see hidden files" there is a quick registry fix. And then....I am running out of breath here....System Volume Information remains locked, as does your recovery partition. Download File Unlocker from cnet.com to have a nose around. Works up to XP SP3. Dunno about Vista or W7. It seems to run but hmmmmmm. |
|
|
|
