system restore and virus question.

if you have an infected system but the system also has a restore point, the system restore was done a few days later of a clean installation. so if i use that restore point, will i be able to get the system to that un-infected state?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

boyles23

The computer company I work for, always has us turn off the restore function before we do virus removal. That would obviously do away with the old restore points, so I can't say for definite but I assumed that it would carry back with a restore point. Hope this helps!

Jon

Danman32

I have to review system restore, but I believe system restore protects certain files (like OS files) so depending on what was infected, the infected files will remain. However, if only files protected by System Restore were infected, your solution would work, as long as a virus process isn't still running waiting to return the system to an infected state.

Malware (not just viruses) these days use the 'buddy system' so if you don't have a good malware program working to prevent these processes from starting in the first place, killing one will cause the other to revive it. Killing the other will have the one revive the other.

RussS

Quite often with a virus that can not be removed by the onboard AV program or by an online scan I will use systen restore to go back to when the system was known as clean and then run a scan (after updating virus definition files).

Of course the easiest way is to just slave to a known clean machine and scan it that way.