System restore question

[Guest]

Hi all
Don't know if I am posting this in the correct forum but here goes,
Can a virus (in this case bloodhound) be eliminated by system restoring to a
previously "clean" date. Any helpful response appreciated.
Thank you.
Franktee

 

[dave xnet]

Hi all
Don't know if I am posting this in the correct forum but here goes,
Can a virus (in this case bloodhound) be eliminated by system restoring to a
previously "clean" date. Any helpful response appreciated.
Thank you.
Franktee

it's sometimes possible.
However, if the virus is this one,
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BLOODHOUND.A

It's infected the harddrive MBR. You'll have to resore that
first. You'll have to use something like fixmbr from the recovery
console.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;314058

Then boot safemode and try systm restore.
Dave

 

[S.Sengupta]

You have to disable System Restore.
If a computer is infected, System Restore may back up the virus, worm,
or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from
modifying System Restore. Therefore, antivirus programs or tools cannot
remove threats in the System Restore folder. As a result, System Restore
has the potential of restoring an infected file on your computer, even
after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even
though you have removed the threat.

When you have completely removed the threat, re-enable System Restore.


Do some reading here:-
How antivirus software and System Restore work together
http://support.microsoft.com/?kbid=831829

regards,
S.Sengupta[MS-MVP]

 

[Bert Kinney]

Hi,

System Restore was not designed to remove virus infection. If there's no
virus software installed on the system, you can find several free ones
at the link below. Once installed, scan the system and identify the
exact name of the virus and use that information to remove it if the
virus scan does not.

Once the system is confirmed clean, then disable System Restore to
delete all the existing restore points to prevent reinfection. If
something goes wrong in the virus/malware removal process you will have
no way to reverse your actions. Sometimes the removal process can be
more damaging to the system than the infection. Two examples would be if
the system became unbootable, or if the ability to connect to the
internet to retrieve additional cleaning utilities is lost. So it is a
good practice to leave System Restore intact until the cleaning process
is over.

Virus infection detected within restore points will not re-infected a
system unless the system is restored using System Restore.

 

[Ken Blake, MVP]

Don't know if I am posting this in the correct forum but here goes,
Can a virus (in this case bloodhound) be eliminated by system
restoring to a previously "clean" date. Any helpful response
appreciated.

I don't know the answer with respect to Bloodhound in particular, but in
general the answer is, at best, sometimes.

If all the virus has done is modify a system file (and not all viruses are
that simple), you may be able to remove it by doing a system restore to a
date before the system was infected, thereby replacing the infected file
with the original one.

But the important thing is that this is *not* a reliable way of removing
viruses. It *may* sometimes work, buut it is probably more likely *not* to
work. System Restore is not meant to be a virus removal tool. Viruses should
be removed with a tool designed for that purpose--anti-virus software.