using system restore to backtrack malware

G

Guest

I am trying to fix my father-in-laws computer that has been infested with
malware and spyware. I have been scanning and cleaning it for the past 2
days and I havent made headway yet. Im wondering if I could just use the
system restore to restore XP to its state prior to the malware infestation.

He knows the general day it happened, so I wanted to restore to a day prior
to that. Is that possible to get rid of the malware or will it still be in
the system?

Thanks
 
C

Carey Frisch [MVP]

Cleaning a Compromised System
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

"The only way to clean a compromised system is to flatten and rebuild.
That’s right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system disk)
and rebuild it from scratch (reinstall Windows and your applications)."

Clean Install Windows XP
http://www.michaelstevenstech.com/cleanxpinstall.html

--
Carey Frisch
Microsoft MVP
Windows - Shell/User

---------------------------------------------------------------------------­-----

:

I am trying to fix my father-in-laws computer that has been infested with
malware and spyware. I have been scanning and cleaning it for the past 2
days and I havent made headway yet. Im wondering if I could just use the
system restore to restore XP to its state prior to the malware infestation.

He knows the general day it happened, so I wanted to restore to a day prior
to that. Is that possible to get rid of the malware or will it still be in
the system?

Thanks
 
P

PA Bear

I would NOT rely on System Restore.

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Malware removal 19
Help !!! System Restore 25
XP Restore Hung - What Now 2
No prior System Restore points 6
Can't disable system restore 6
system restore not working after fakealert-ck malware infection 6
HOW DO YOU RESTORE SYSTEM RESTORE? 7
Microsoft Anti spyware found malware: IBIS Toolbar 11

Top