need to explanation

Looks like a conflict but the MA one is basically saying the same as Chas's in that once your PC is clear of malware and the only reference to it is in a System Restore point, then your only cause of action is to disable System Restore to clear the Malware, MAs post will refer to once all your PC is clear of Malware but the only location left is the SR point in which most if not all scanners cannot access to clear.

Funny enough I would probably once SR was disabled do a quick few malware scans then re-enable, it's just a quick check before enabling SR again.



System Infomation is the folder where SR points are housed.

 

Cool infoseeker, Chas is a bit of a genius with malware

 

The idea is that if you clean, or are in the process of cleaning and do a restart with restore still enabled, there is the chance that the malware will "come out of hiding in your restore and screws what you just did....so if you leave it on, do all the cleaning, and then turn if off before you reboot (killing all the info saved in the restore files...then on the reboot you have a clean restore file and can reinitialize restore with a clean system point.

(Pretty good for a 1 yr old!!!!)

 

Oh, like the commercial where the auto pilot says "turn left .......(as the driver crashes into the building) ....in 50 feet."

 

The very first line of Step 1 reads as below:

So how far do you actually have to read to know that you only disable after malware has been removed? You only need to read the very first line to the end of the sentence. Look before you leap! You only need to read one whole sentence. And you should be reading the whole section before you do anything.

The second sentence adds more reinforecement and reads as below:

Again telling you only to disable after all malware has been removed. That's twice in the first few sentences. So if you are reacting after reading only the first 4 words of step 1 that is your first mistake.


It is a very long story as to why this is written in this order but to try briefly explain it:

• if step 1 were put at the end of the procedure most people would never read it or do it afterwards. Just like we seem to have a problem reading the first few sentences, no one will read something down at the end of the READ ME if their noticable malware issues are cured at some point in between. Posting it up front is your Warning Notice that it is important to do this later.
• we do not disable System Restore before removing malware like many websites do because of a few reasons.
  • main reason - if something goes really wrong during the removal procedure an infected restore point could be better than no restore point at all. It could even save your butt. We have had many users not follow directions properly and remove the wrong thing. Malware tries to confuse you by using very similar names to valid files, processes and services. Reverting back to an infected store point can be a life saver even though you may need to run all the malware cleaning steps all over again.
  • contrary to popluar opinion just having infection in System Restore does not mean as soon as you reboot they reinstall. Something would have to kick off a System Restore procedure or the malware itself would have to be smart enough to locate which restore point it has copies of itself in in order to use it like a backup to restore from. This is highly unlikely. If did not remove old restore points that were infected after cleaning your PC and then at some later time actually ran System Restore to fix a problem on your PC, you could reinstall any malware that had already been removed from your PC in the past that is present in the restore point.
  • once your PC is free from active infections, if you do not remove old retsore points, your AV & AS scanners will pickup the infections in System Restore. That does not mean you are reinfected. It just means the final stage of the cleaning procedure (albeit number step 1) has not been completed yet.

 

There is no conflict! All that is being said is that inorder to remove infections from System Restore you must disable system restore. The FAQ by Major Attitude does not say when to do this. It just is simple telling you that if you still have infections being reported that do not seem to be getting fixed that it is possible that your scanners are picking them up in System Restore. Even though your scanners may report that they are fixing the malware, they are not.

 

Highly unlikely as I stated in message number 15. And in addition the fact that we have cleaned many thousands of PCs with many reboots occuring while System Restore is still enabled indicates that not only is it unlikely, it indicates that it never happens.

You just need to remove the bad restore points when finished removing all existing active malware problems for the below reasons:

1. to prevent the possible use of an infected restore point in the future
2. to avoid seeing messages from you scanning programs indicating that you are still infected and sending you into a state of mass hysteria since you just spent a week cleaning all of your problems.

 

Yes! That is what I said In message # 15! See the bullet list item that begins with the text main reason

 

I was thinking about doing something like that, but it will not matter much because so many people really do not read and follow all the instructions anyway. I have no problem changing the wording, and in fact I did change step 1 just a little while ago. It even repeats three times NOT TO DISABLE system restore until all malware is removed. These three repeats of the same message were always there in an effort to drive the message home. If we cannot understand what it says now, I would like to know why.

But where! Some people stop someplace during step 5. Some stop someplace during step 6. And for anyone who goes on to step 7, they are posting in the forum anyway. And our final messages to them are always to toggle SR and then to run the How to protect thread. And do you know what.....there have been many users that never even see those final steps from us because they never come back once their problem is gone. Happens all the time! So since we had at least told them up front, maybe they would know enough to do it on their own.

I know it will never be seen if moved down later for the exact same reason that some users cannot even read a whole sentence before reacting. Many users will read no further than the point where their problems have been resolve.

 

This is a serious discussion not a joke!

 

Just a total lack of common curtesy ....no one seems to say please and thank you anymore ....it's as if they feel entitled to your services and demand attention, without any recognition of the gratitude for the sacrifice of your time. Would p*ss me off to no end!
And brings back the thought that we could maybe use an addon button on the thread titles that indicates that a thread/issue is resolved.
You just can't please everybody ....but everybody should be pleased with you and the Malware team!!

 

I kinda like that one Tim

 

Thanks Halo ...it does get frustrating to keep checking on threads that the op never comes back to ....or doesn't acknowledge that the issue is resolved ...might express that when they sign up.

 

It is really not needed because all threads are resolved unless the user do not come back to finish what they started. Also I make a habit of being the last one to post (most of the time anyway) so that I know the thread does not need anymore input from me. If I'm the last to post, there is nothing more to add.

We already have another method to handle completed/resolved threads but we don't normally do that. The reason for not closing the threads is that it gives the user the ability to come back even in a couple days to say "hey, my problem is still there" or "it came back". We would spend more time opening closed threads and answering PMs to open the threads then I care to spend. Also, if the user just started a new thread for something we just finished working on within a weeks time, it is better for all parties to just pickup where things left off.

 

@Chaslang .....point taken.

 

I knew you would understand the reasoning! And thanks for the below!

 

Thanks for the Kudos!

No! Not me! I do it so that some day I can call in all my markers and get free room & board while traveling around the world visiting everyone who owes me.

.

 

We won't be following that tack in closing threads when resolved for a few reasons,

1. It looks bad if a new member comes and sees multiple closed threads, puts out the wrong impression.
2. What would happen if we closed a thread as potentially resolved on the word that the original poster said "Looks like that fixed it, thanks", then the original poster pops back a day or so later to say its not, we would be opening and closing threads all over the place, I for one wouldnt be able to keep up with that.
3. The Malware forum is special in that respect as only authorised members can post on any thread, but other members can only post in the thread they started, so this removes the potential for "hey help me I have same problem here is my HijackThis log" which would confuse matters no end.

If someone hijacks an old post its fairly easy for us to split their question from that thread and move it into its own ( this is where Report a Post helps ) so th equestion can start afresh as we all know even though a problem may sound the same it may not have the same fix.

Similar to if an old post from last year and beyond is replied to, in thinking it was a current thread, we would then generally close/lock them, nto that we generally have many of that type.