What is Restore points?

[oGs]

I just got rid of antiavira and they are in the quarantine now. I saw in the forum that it is good to clear the restore points and get new restore points? Do I have to do it? I mean if I don't will it harm my computer? What is restore points anyways?

Thanks (btw I'm a newb)

[daledoc1]

Hello and welcome, oGs:

Restore points are ~sort of like a snapshot of your computer's operating system.

Windows creates these at certain times, e.g. before installing updates, and the user can create them manually.

The intent is to have an "image" of the computer's OS to roll back to or "restore" to, should there be a problem.

Yes, traces of malware can be left hiding in these restore points.

So, it is often recommended to clear these out after malware removal.

The "system restore" function can be turned back on after doing so, creating new, clean restore points, going forward.

The process differs a bit depending on your computer OS.

What version of Windows do you have: XP, Vista or 7?

daledoc1

[daledoc1]

Here are some links from reliable sources on how to turn it off (and back on) for the 3 Windows OS (Vista and 7 are the same, pretty much; XP is a bit different):

XP:

http://support.microsoft.com/kb/310405

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/app_system_restore_hss_off.mspx?mfr=true

Vista:

http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

http://windows.microsoft.com/en-US/windows-vista/System-Restore-frequently-asked-questions

http://www.bleepingcomputer.com/tutorials/tutorial143.html

7:

http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

When you turn it off, you will get a warning/message telling you that doing so will wipe out all existing restore points.

If you are sure you want to do it, then click Yes or OK.

It might be a good idea to reboot the computer before turning Windows Restore back on (instructions are in the links above).

Also, since this was a malware-related problem to start with, I recommend that you let the malware experts take a look at your system to be sure it is clean.

We do not work on malware removal in this particular sub-forum, but free, expert assistance can be found at the malware removal-HJT forum.

Please go to this page, print out, read and follow as many instructions as you can, skipping any you are unable to complete:

http://forums.malwarebytes.org/index.php?showtopic=69723

Then please describe your computer's symptoms as best you can and post the requested logs by starting a new thread here:

http://forums.malwarebytes.org/index.php?showforum=7

One of the authorized, trained experts will then assist you as soon as possible for one-on-one malware detection and removal.

When you post, please be sure to select Track This Topic & choose one of the email options, so that you will be notified when someone responds; allow 24-48 hours before bumping your thread.

Please use "ADD REPLY" when posting back (see attached screenshot).

Hope this helps!

daledoc1

[Manuel]

Follow up question: the traces of malware hidden in the restore points, are they dangerous while in there? I mean, I understand that if one would use them to restore something, they would be, let's say, awaken... But if not, are they a threat?

[oGs]

ah alright, I get the point. But, if i don't get the new restore points, would the virus come back?

[oGs]

and I have windows xp

[daledoc1]

But, if i don't get the new restore points, would the virus come back?

Hi, oGs:

I'm not sure I understand what you mean.

But let me try to explain again.

If you have traces of malware left in system restore points now after the infection you had, then "turning off" system restore -- which permanently erases all existing restore points, whether they are clean or infected -- will remove those traces.

If the virus has been completely cleaned from the system, then any new restore point created from now on will not contain the old infection.

So the virus will not come back.

Of course, if you become RE-infected with a new infection, then the same process would possibly happen again.

Please read the articles under the XP link in my original post (and disregard the ones for Vista and 7).

They can explain it better than I can.

Then, as I also suggested, please read the article "I'm Infected..." and post at the malware removal forum.

That way, an expert, trained helper will take a look at your system to be sure the infection is gone.

Or, if you are uncomfortable about turning System Restore off & back on, then skip the System Restore thing and start your thread at the malware removal forum.

Unfortunately, we cannot do malware removal in this particular sub-forum.

Does this help?

daledoc1

[oGs]

i believe I have destroyed all of my virus because the virus pop up does not occur anymore. So, if i do have traces of the virus in the restore points, the virus might come alive again? or would it still be alright for me to not do clear the restore points if it is not going to come alive again? how do i know i have traces of the virus left over?

[daledoc1]

Hello, oGs:

We seem to be going around in circles here.

I have answered your questions as best I can.

Unfortunately, I cannot determine whether your system is clear.

I am not trained to do so, and it would need to be done at the malware-removal sub-forum, not here.

If you would like a malware expert to assist you reviewing some logs of your system, to be sure everything is clean, then please follow my instructions in post #3 above, which will provide the instructions and the correct place to post with your system information.

Thanks!

daledoc1