Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Will Restore Fix All Viruses Other Issues


  • Please log in to reply
7 replies to this topic

#1 Doofenschmirtz

Doofenschmirtz

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 21 July 2015 - 11:12 PM

Hi all,

 

Friend's PC is running Windows 8.1.

Seems most likely infected.

 

Will Restore to factory settings fix everything or are there other issues to consider?

 

thx

w


Edited by hamluis, 22 July 2015 - 06:22 AM.
Moved from Win 8 to Gen Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,232 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:47 AM

Posted 21 July 2015 - 11:54 PM

It's a rather destructive way of fixing malware issues, but also easy and very effective.

 

ALL personal data will be lost unless backed up and all applications will need to be re-installed. Your friend would also want to be sure their external media has no malicious files, as not to reinfect the brand new installation.



#3 Doofenschmirtz

Doofenschmirtz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 22 July 2015 - 11:14 AM

Thanks,

 

Can System Restore be infected in MBR or other?

Or once Restore is complete we can assume safe to proceed with Kaspersky, Windows Updates etc...

What do you recommend as best way to "harden" against future malware problems?

 

thx

w



#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,232 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:47 AM

Posted 22 July 2015 - 04:30 PM

It is possible to have an MBR infection that would be persistent through OS re-installation. To check for this run TDSSKiller and Malwarebytes anti-rootkit before doing the factory restore.

 

Once the system restore is done the very first thing one would do is add antivirus and complete Windows updates. After this has completed you could look at adding other software (browsers, media players,PDF viewers, etc...).

 

To harden the system against future problems I recommend MBAM and Cryptoprevent as well as the installation of an antivirus.

 

IMHO free antivirus packages from companies like Bidefender and Avast give more than enough protection and the money would be better spent on an MBAM subscription and some nice coffee. Windows Firewall is sufficient for most home users also.

 

Safe computing habits which include

  • not clicking strange links
  • not visiting dodgy sites
  • not downloading cracked software
  • being cautious when installing software with checkboxes
  • not opening any attachment in email you're not expecting (not even from people you know)
  • keeping your software and OS updated

are your number 1 defense against malware. If you get these things right the chances are you will never need software protection anyhow.

 

TsVk!



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:47 PM

Posted 22 July 2015 - 05:19 PM

FYI: For those reading this topic with older operating systems...System Restore was not designed to be a virus or spyware removal tool and should not be depended on. Sometimes using that feature as a method of recovery helps with regaining system stability but other times it may not. Whether it will be successful to some extent depends on what type of infection you are dealing with, what damage the malware has already caused, whether it disabled System Restore and if not, what is restored during the process.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,232 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:47 AM

Posted 22 July 2015 - 05:29 PM

Thanks for pointing that out quietman7... It's good not to be confused with restore to factory settings which we are discussing here. :thumbup2:



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:47 PM

Posted 22 July 2015 - 05:53 PM

Exactly. :)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 rp88

rp88

  • Members
  • 2,999 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:47 AM

Posted 23 July 2015 - 05:09 PM

As a general rule, anything system restore can do a aystsme image can do better. With a system image, then except in the extremely unlikely case of a firmware infection, you will certainly wipenout any viruses, you will alos undo any damamage to system files, and revert all settings to those at the time the image was made. After fixing the computer you should make a system image as soon as you have it in a clean non-infected state with the programs you use installed, the settings you like set and a working antivirus in place. If a system image is made at a time when a system is clean and working nicely then it is also better than a factory image, because with a factory image you have to reinstall all your programs and reset all your settings as you like them.


A system image MIGHT wipe out personal files or it might not when you restore from it, it depends how your drives are partitioned, if the partitioning has personal files on D:\ and windows system files and program files on C:\ then you can make an image of just C:\ and the couple of hidden windows system partitions and when you restore from this image files on D:\ won't be overwritten.

Personal files should always be backed up on external media just in case.

System images should be kept on external media.




To add three extra tips, along with those provided by TsVk! in post #4, for keeping secure in future I also advise:

1. backup all your personal files regularly, every document, image, video file, audio file, zip archive... should be stored on atleast two external devices as well as on the computer. Ideally you should have an offsite (uploaded as an attachemnt to a webmail account, stored in a cloud backup service, on a USB or CD at the house of a trusted friend or relative) backup also.

2. backup your system status using a system image, here is how http://www.bleepingcomputer.com/tutorials/create-system-image-in-windows-7-8/#manual . Do this on a clean system once when it is brand new, then twice when you have your programs installed and all your settings as you like them. Do this before any browsing on the internet, and before starting to fill up the hard-drive with large personal files. In total this requires 3 external devices, each atleast 50GB in size (precisely how big depends on how many programs you use, 50GB is the minimum for someone who doesn't have that many programs). If you ever have an emergency in future you can restore from the image, then copy your personal files back into place( you backed them up under suggestion 1.), then just update your programs, your browsers, your antivirus and any windows updates you need and you are back as you were before the problem began, within 3 or 4 hours maximum.

3. run a script blocker in your browser, NoScript in firefox is good, and run an anti-exploit program, malwarebytes anti exploit is good. Both of these, the examples I give will happily run together on the same machine providing two defensive layers on-top of your antivirus, help prevent drve-by infections, which is one of the scariest ways a user can get infected (just visit a page and instantly you've had a plugin, or the browser itself, exploited and you've got a virus). Careful browsing is helpful, but because malvertising adverts can appear on reputable sites it isn't enough alone, you need to take action to block drive-bys from being ble to run.

Edited by rp88, 23 July 2015 - 05:09 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users