If you select to view hidden files and folders (windows
explorer/Tools/View/) you'll see the restore points. This
is a system folder, but if you had a virus when your
system chose a restore point (can be arbitrary) then one
of your restore points may have the virus. If you want to
be sure, consider these steps:
1. Turn off system restore
- Start button/Settings/Control Panel
- Open System
- Select System Restore tab
- Check "Turn off System Restore on all drives"
- Click OK
2. Delete the RPxxx files in the System Volume folder
(don't delete the actual Sys-Vol folder)
- Open Windows Explorer
- Select Tools/Folder Options/View
- Select the "Show hidden files and folders" radio button
- Click OK
- In windows explorer, go to C:\System Volume\_restore
{GUID}
- Select and delete the RPxxx files (WindowsXP will make
more. Read about this if you want to know more about
System Restore. An XP user's guide works well for this).
3. Run the virus removal program
4. Reboot
5. Enable System Restore.
- Start button/Settings/Control Panel
- Open System
- Select System Restore tab
- Un-check "Turn off System Restore on all drives"
- Click OK
Check for Windows Updates weekly:
http://v4.windowsupdate.microsoft.com/en/default.asp