System Restore

  • Thread starter Thread starter Peter
  • Start date Start date
P

Peter

is it ok to delete one of the System Restore folders?

I had some virus activity in one of them and would be happier if I just got
rid of the thing altogether!
 
Peter said:
is it ok to delete one of the System Restore folders?

I had some virus activity in one of them and would be happier if I
just got rid of the thing altogether!
Click to expand...


First of all, note that any virus (or any other kind of malware) in a
restore point is completely innocuous and can't hurt you in any way *unless*
you do a System Restore from that restore point.

If the virus is only in the restore point, presumably you recently removed a
virus from your system. The virus remains in restore points made before the
virus removal, but isn't present in restore points made afterwards.


Unfortunately, you can't selectively delete restore points. Your only
choices are to delete them all, all but the most recent, or none.


One choice is to delete them all (turn off System Restore, then turn it back
on again), but that choices throws out the clean restore points too. Another
choice is to do nothing (keep the infected restore points), but make sure
that you keep track of when you did the virus removal and be sure never to
restore from any restore point before then. If you choose that option,
within the next several weeks, the infected restore poits will disappear by
themselves, because older restore points are automatically removed to make
room for newer ones.
 
Hi

If you have a virus in System Restore the best way is to turn SR off then on
again. That way you will definitely get rid of it. However that means that
you will lose all existing checkpoints. How do you know which checkpoint
the virus is in and which other System files will have to be deleted at the
same time?

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups
 
Hi Peter,

No, individual restore point can not be deleted. The reason being is
that all restore points are linked or chained together. When a restore
is performed, all previous restore points are needed to complete the
restore. Deleting one restore point will brake the chain and cause the
restore to fail. At this point all existing restore point would need to
be deleted to correct the problem.

In the event of a restore point containing a virus it is best to delete
all existing restore point after the virus has been cleaned from the
system and the system is running correctly, not before. To delete all
restore points, disable System Restore then re-enable it.
How to Disable and Enable System Restore:
http://bertk.mvps.org/html/disablesr.html
 
Peter said:
is it ok to delete one of the System Restore folders?

I had some virus activity in one of them and would be happier if I just
got rid of the thing altogether!
Click to expand...

Turn off System Restore for all drives and restart. Turn on for the
drive hosting the operating system only. The infested system restore
points should be gone now. Anyway, you have no idea about the backdoors
created by the malware. "Cleaning a Compromised System"
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
 
Back
Top