Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After Virus System Restore


  • Please log in to reply
4 replies to this topic

#1 gaylenr

gaylenr

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 15 September 2010 - 01:48 PM

I posted on or about August 27th that my friend had a virus and her internet was knocked out. I have been trying since then to remove it. I used variouse tools which found various things. Finally nothing showed up in the virus scans.

The internet still did not work; her brother (a tech) said to wipe the HD and reinstall the OS. I instead used System Restore to a point about a month before the infection. I was able to reach her internet provider I ran ESET online scanner it found an infected file cleaned it and the internet connection is still intact.

Was it a good thing to use System Restore instead of wiping the HD?

Gaylen

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:18 PM

Posted 15 September 2010 - 02:08 PM

System Restore is the feature that protects your computer by monitoring a core set of system and application files and by creating backups (snapshots saved as restore points) of vital system configurations and files before changes are made. These restore points are stored in the System Volume Information (SVI) folder and can be used to "roll back" the computer to a clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. Keep in mind that System Restore will back up the good as well as malevolent files, so when malware is present on the system it may be included in some restore points.

Sometimes this method of recovery works but other times it may not. Whether it will be successful depends on what type of infection you are dealing with and what is restored (What's Restored when using System Restore and What's Not).

This is what MVPS.ORG has to say:

NO. System Restore was not designed to be a virus or spyware removal tool and should not be depended on to do so. Click here for more information on virus and spyware removal.

Can I use System Restore to remove virus or malware infection?

Generally its better to leave System Restore alone until the machine is clean and stable. However, in some cases, using System Restore may return some system stability if you are having problems running disinfection tools or booting up. If you are able to successfully use System Restore to return to a previous state there is no guarantee your computer will not still be infected. As such, you should immediately perform scans with your anti-virus and anti-malware tools afterwards, then monitor your system for any signs of infection.


IMPORTANT NOTE if dealing with rootkits, backdoor Trojans, Botnets, and IRCBots.

Please be aware that these types of infections are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. Rootkits are used by backdoor Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised and change all passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


Edited by quietman7, 15 September 2010 - 02:23 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:18 PM

Posted 15 September 2010 - 02:21 PM

If you already read my reply, please see the note I added.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 gaylenr

gaylenr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 16 September 2010 - 10:10 AM

Thank you for your input. Have a great day.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:18 PM

Posted 16 September 2010 - 12:08 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users