Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Question Regarding System Restore

  • Please log in to reply
3 replies to this topic

#1 GoTwins


  • Members
  • 84 posts
  • Location:Behind you
  • Local time:07:01 AM

Posted 02 June 2007 - 02:45 PM

Ok, I was wondering if say a virus or some kind of malware attack occurs, and say it messes things up pretty bad, is it possible to use system restore to 'restore' everything back to before? No damage done? If it restores it to no damage then what happens to the virus/malware...just disappears?

I was also wondering does XP make restore "points" automatically? Are those restore points large in terms of size?

Thanks in advance!

BC AdBot (Login to Remove)


#2 hillbillygreek


  • Members
  • 397 posts
  • Location:SC
  • Local time:07:01 AM

Posted 02 June 2007 - 08:35 PM

modifications/edits to this are welcome - hbg

System Restore is not reliable when dealing with malware because there is the possibility that the restore itself will fail because of corruption, missing restore points, or System Restore being disabled. See here. Malware may also affect system shutdown. Since System Restore depends on proper shutdown/restart, if the system shuts down improperly the restore would fail leaving the computer in the same condition before the restore was attempted. If the restore is successful, malware would get packed away in a system folder that virus scanners cannot clean. If you undo a restoration point, the computer would become infected again.

System Restore does not monitor files such as emails, Word documents, p2p shared folders, etcÖif a computer becomes infected through one any of these, a restore would not touch them making the restore itself useless. System Restore does not always properly remove a program from your computer. The ideal way would be to use add/remove programs from the control panel & then use System Restore if necessary. The problem is that rouge programs do not uninstall all that easily (malware writers are more clever than that) simply by using add remove. Additional removal steps are usually necessary.

You also have to consider that if any personal information such as passwords, credit card numbers, email addresses are stolen from a computer because of an infection, none of the information can be restored. You have to manually go through the process of changing your passwords, notifying credit card companies or your bank that your information was stolen, & in the event that excessive amounts of e-mailís are being sent from your computer, you would have to contact your ISP in order to prevent them from shutting down your account. Mass delivery of email, or Spam, violate your ISPís Acceptable Use Policy (AUP).

Also, if the security of a computer is lacking, or protective programs such as AVís, AntiSpyware Programs, Firewalls, etc..are not installed, System Restore would not restore a computer to a more secure state. It would probably be just a matter of time before a computer became infected again.

Restore points are automatically created every 24 hours, if your computer is always on, when installing Windows Updates & if a program uses the Windows installer for the installation. If you want to see the size of the folder, follow these instructions:

1. Click on Start, then My Computer

2. Select Tools, click on Folder Options, and then select the View tab

3. In the Advanced Settings option under Hidden files and folders, select Show hidden files and folders and clear the Hide protected operating system files check box, then Click OK

4. Double Click on Local Disk (C:)

5. Double-click the System Volume Information folder

6. Right-click on the_restore directory folder and select Properties


Go back & redo advanced settings when you are done.

More reading available here:

Windows XP System Restore Guide

All About System Restore in WinXP (hover mouse over sub-headings for more)

System Restore FAQ (click on questions for the answers)

#3 GoTwins

  • Topic Starter

  • Members
  • 84 posts
  • Location:Behind you
  • Local time:07:01 AM

Posted 02 June 2007 - 08:53 PM

Wow thanks, really informative. Definitely answered all my questions

#4 usasma


    Still visually handicapped (avatar is memory developed by my Dad

  • BSOD Kernel Dump Expert
  • 25,091 posts
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:08:01 AM

Posted 03 June 2007 - 07:16 AM

Cruising around the BertK website that hillbillygreek linked to, you'll be able to locate the .xml file that controls what System Restore will/will not backup. You can customize what System Restore does from there, but it's pretty complex so I leave it for others (I don't like to use System Restore myself).
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users