AumHa Forums

It is a common recommendation, when cleaning for viruses in Windows ME or Windows XP, to advise that System Restore be disabled and all old stores cleared before starting on your cleaning. We do not recommend this approach.

The reason for the recommendation is that many viruses are stored when a System Restore point is created and, should you use System Restore, you will bring these back onto your computer. This is useful to know! But it is also true that, in cleaning highly infected systems, sometimes you make mistakes that cripple Windows and it is better to be able to take a step back to a working version of Windows - even an infected one! - rather than have Windows trashed completely. To quote Mow Green, "a leaky lifeboat is better than no lifeboat in a storm."

What we recommend is: (1) Understand that using System Restore on an infected system might bring back virus-infected files you don't want. (2) Leave System Restore in place until your computer is clean and stable. (3) Then get rid of the old infected restore points.


TO CLEAR OLD SYSTEM RESTORE POINTS

On an infection-free computer, make a new restore point:

- Launch System Restore from its Start Menu | Programs | Accessories shortcut (or directly launch C:\Windows\System32\restore\rstrui.exe from a Run box).
- Select "Create a restore point." Click Next and follow out the menus.

Then, purge all restore points except the most recent:

- Run Disk Cleanup, either from its Start Menu shortcut, or from right-click + Properties on C: in My Computer, or from directly launching C:\Windows\System32\cleanmgr.exe from a Run box).
- After it scans, click the More Options tab, then Clean Up in the System Restore section, confirm the action, then click OK to run it.

That's it!


BOTTOM-LINE SUMMARY OF RECOMMENDTIONS

(1) Know the risk of reinfection if you System Restore before it is cleaned.
(2) Until it is cleaned, don't use it unless you absolutely have to.
(3) Leave SR cache in place during cleaning since a leaky boat in a storm is better than no boat in a storm, and returning to an
infected computer state is better than losing everything.
(4) Clean the machine.
(5) After the machine is clean, make a new SR point and purge all the old ones.
(6) Rescan to make sure things remain clean.

<applause>

Laziness prevailed again!

I got tired of typing this over and over again, and just wanted a link to use! (I kept thinking this was already spelled out somewhere on the site, but couldn't find it. So here it is!)

BTDT:

http://aumha.net/viewtopic.php?t=5877

http://aumha.net/viewtopic.php?t=5878

&c.

What, you couldn't point them to my article which says basically the same thing? <pout>

Feel free to add the link here... I didn't know you had one on it

http://www.microsoft.com/windows/IE/com ... sting.mspx

If I may say so myself, it is a much better article than Charlie Russell's article - that guy recommends disabling system restore before cleanup!
http://www.microsoft.com/windowsxp/usin ... tedpc.mspx

I've complained about Charlie's article, to no avail. Perhaps if you guys threw a few sticks as well we could get the article changed.