Using Windows Restore Points to Remove Malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by gman863, Oct 12, 2010.

  1. gman863

    gman863 MajorGeek

    This is a malware removal tip I discovered. It may not work in all cases; however it killed off the fake virus warning scamware on two PCs I recently worked on.

    Using Windows System Restore, go back to a restore point date/time a day or two prior to when you first noticed the malware pop-ups on your screen and run System Restore. In both cases where I did this, it solved the problem; the only minor issue was having to let the PC reinstall newer Windows Updates.

    Although I'm not sure of the exact reason this worked, I suspect it has something to do with restoring the registry to a point before the malware modified it.

    This was easier and less time consuming than downloading cleaning software or manually editing the registry.

    This is my personal experience; it may not work with all malware issues. Any other thoughts or counter-points on this tip are appreciated.
     
    gman863, Oct 12, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We are happy to hear this worked for you.

    This will sometimes work to help get you to the point where some of the outlying effects of the malware have been negated but it does not necessarily remove all the malware. You just possible remove the registry related aspects by doing the restore. This however does not necessarily get rid of all the files that the malware may have put on your system. Proper scan really should be performed anyway.

    In addition, you could have also reinserted any malware that was ineffect 2 days ago.

    While using System Restore can be helpful to get started for some minor malware issues, it will not work for most of the malware we tpycially see these days because most more "effective/smarter" malware breaks the ability to use System Restore and in some cases even delete all your restore points. In addition, there are many many infection occurring now the use the Master Boot Record and doing a System Restore will not repair this either.

    So in short, this is sometimes useful but more often then not ( especially with newer malware) it will not be of use.
     
    chaslang, Oct 13, 2010
    #2
  3. gman863

    gman863 MajorGeek

    For what it's worth, I ran scans after doing System Restore that came out clean. In both cases, the malware did not reappear in later days or weeks.

    I'm not debating the issue; you know more about this than I do. My only question: Based on your experience, does more advanced malware automatically delete System Restore Points or is the deletion specifically triggered by an attempt to use System Restore?
     
    gman863, Oct 13, 2010
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Great but some scans do not always find what we find by running our full procedures. I'm not saying you are infected. I'm just stating that facts. In many posts here scans with AV programs and SUPERAntiSpyware, and Malwarebytes and similar all turn up clean, but we still frequently find malware in our scans with ComboFix and MGtools.

    Some malware ( not all ) will delete restore points completely by disabling System Restore. And some malware just makes it impossible for you to even begin to run System Restore.
     
    chaslang, Oct 15, 2010
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds