When an anti-virus or security program quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat
until you take action to delete it. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure
. When the quarantined file is known to be bad
, you can delete
it at any time. I recommend you keep MBAM and use it as part of your anti-malware and security toolkit rather than remove it.
There are basically two types of system recovery back to the factory state:
A Recovery Disk
is a CD-ROM or DVD data disc that contains a complete copy/image of the entire contents of the hard drive that will restore the system to its factory default state at a certain time. Essentially, it will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it
. You will lose all data
and have to reinstall all programs that you added afterwards. This includes all security updates from Microsoft so you will need to download/install them again.
A Recovery Partition
is used by some OEM manufacturers (Dell, HP, IBM, Gateway) instead of a recovery disk to store a complete copy of the hard disk's factory default contents for easy restoration. This consists of a hidden bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition that will allow you to restore the computer to the state it was in when you first purchased it. The recovery software will then re-hide its own partition after creating a new partition and installing the software to it. You will lose all data
and have to reinstall all programs that you added afterwards. This includes all security updates from Microsoft so you will need to download/install them again. System Restore
is a feature that allows you to restore your computer to a previous clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. It protects your computer by creating backups (snapshots saved as restore points) of vital system configurations and files. System Restore is enabled by default
and contains configuration, settings and files that are necessary for your computer to run correctly. This includes:
- registry configuration information for application, user, and operating system settings;
- Windows File Protection files in the dllscache folder;
- COM+ Database; Windows Management Instrumentation Database;
- IIS Metabase configuration;
- Files with extensions listed in the Monitored File Extensions list and Local Profiles.
By design System Restore runs in the background and will automatically create a new restore point every 24 hours (system checkpoints)
. Restore points can also be manually created by the user at any time. When the allotted disk space is reached, the oldest restore point will be purged on a first in first out (FIFO) basis. Otherwise, restore points over 90 days are purged automatically. Each one of these restore points are chained (or linked) together with previous restore points. When a restore point is chosen, all restore point created prior to that restore point are also required to complete the restoration. During the process, a log is created or updated that tracks the consistency between the files System Restore is monitoring, and the files that are actually backed up.
Keep in mind that System Restore will back up the good as well as the bad files
so when malware is present on the system it gets included in any restore points. It may be hard to pinpoint the exact day of an infection as you could have had other malware on the system before all the symptoms began to appear. If you use System Restore you need to go back to the a point before the malware infected your system or you could get reinfected from a restore point that also backed up some bad files. If you go back too far it may undo some software installations and program updates that you have performed.
Edited by quietman7, 29 July 2008 - 11:14 AM.