Recommended Posts

It is not always immediately apparent that you have a virus. During the time between when you discover you have a virus and when you try to remove it, Windows XP (and ME) may have automatically created a restore checkpoint.

Depending on the type of virus and the files it has infected, System Restore may save a copy of infected files as it creates a restore point. The problem is that restore point information is protected by the system so anti-virus software can’t gain access to the infected files to remove the virus.

(a checkpoint is where windows will load the operating system from)

The solution is to turn off the System Restore feature then run a scan with the anti-virus software.

If you don't have a restore point set, it could come from a highjack of your browser. Or a renaming file.

Edited by JSKY
Link to post
Share on other sites

Thanks Jsky I understand what you are saying but that does not really satisy my curiosity. Does the virus reappear when you reboot your computer or does it wait until it is released by using that restore point. For example; if a virus was removed by a virus scan will the operating system remain clean if you never use the restore program again. This stems from discussion with a friend of mine.

Bryan

Link to post
Share on other sites

Your Computer sets a starting point. It uses the checkpoints as your startup list. It will restart from this point.

If, lets say today, you set a restore point. at 9:AM and your virus protection has an update at 10:AM and updates your protection. Then at 11:AM you restore your PC back to the restore point you set at 9:AM. Your virus update will not have yet been installed and will need to be reinstall agian. Because restore will remove the update.

This is because it makes a copy of everything on your PC (kind of like a ghost image). The computer will remove any changes you made after the restore point was made.

This is why it is a good idea to clean out the restore points from time to time. and creat freash ones. If you make alot of changes, and then try to do a restore. You can end up corrupting files.

If the virus was in your PC when it sets the restore point. It has made a startup list with the virus as part of it. Everytime you reboot your PC it will see the virus in this startup list and reinstall it.

Kinda like having a virus on a floppy, everytime you run the floppy, you reinstall the virus. unless you redo the floppy without the virus installed on it.

Gee! did I make this sound more confusing or what....LOL

Edited by JSKY
Link to post
Share on other sites

Thanks again Jsky but yes I am still a little confused. I understand what you are saying but let us take this scenario:- I get a virus, I clean the virus by using say Panda inline scan but ommitted to close my restore system. I know the virus will come back because it is in the restore. Will it come back when I reboot the computer or when I use restore at some later date.

Thanks for your response

Bryan

Link to post
Share on other sites

It will come back when you reboot your computer.

Your computer uses the restore point as a starting point. If the virus is in the starting point, it will load the virus on a reboot.

The same goes for spy and adware programs.

Link to post
Share on other sites

valid comment Jsky but incorrect, I have had viruses in my restore points before, but they did not reinfect my computer until I did a restore.

May I ask you how you validated your response on how system restore works?

Link to post
Share on other sites
MORE INFORMATION

The _Restore folder is protected by default and prevents programs from using or manipulating the files that are within this folder. These files are inactive while in the data store and are not used by any utility other than System Restore.

The above quote is straight from the link that HandPlane supplied.

Thanks handplane

Link to post
Share on other sites

OOOPs! I guess I WAS wrong with ME.

I offer my apology, For the Miss-information on Win ME.

Thanks to both of you for keeping my straight on this one. And will put this in my notes so as not to make the same incorrect statement again. Thats why I'm glad we have everyone here to catch incorrect statements any of us might make.

JSKY

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...