using system restore to backtrack malware

  • Thread starter Thread starter shimmyhanna
  • Start date Start date
S

shimmyhanna

I am trying to fix my father-in-laws computer that has been infested with
malware and spyware. I have been scanning and cleaning it for the past 2
days and I havent made headway yet. Im wondering if I could just use the
system restore to restore XP to its state prior to the malware infestation.

He knows the general day it happened, so I wanted to restore to a day prior
to that. Is that possible to get rid of the malware or will it still be in
the system?

Thanks
 
Cleaning a Compromised System
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

"The only way to clean a compromised system is to flatten and rebuild.
That’s right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system disk)
and rebuild it from scratch (reinstall Windows and your applications)."

Clean Install Windows XP
http://www.michaelstevenstech.com/cleanxpinstall.html

--
Carey Frisch
Microsoft MVP
Windows - Shell/User

---------------------------------------------------------------------------­-----

"shimmyhanna" wrote:

I am trying to fix my father-in-laws computer that has been infested with
malware and spyware. I have been scanning and cleaning it for the past 2
days and I havent made headway yet. Im wondering if I could just use the
system restore to restore XP to its state prior to the malware infestation.

He knows the general day it happened, so I wanted to restore to a day prior
to that. Is that possible to get rid of the malware or will it still be in
the system?

Thanks
 
I would NOT rely on System Restore.

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin; DTS-L.org


shimmyhanna wrote:
> I am trying to fix my father-in-laws computer that has been infested with
> malware and spyware. I have been scanning and cleaning it for the past 2
> days and I havent made headway yet. Im wondering if I could just use the
> system restore to restore XP to its state prior to the malware
> infestation.
>
> He knows the general day it happened, so I wanted to restore to a day
> prior
> to that. Is that possible to get rid of the malware or will it still be
> in
> the system?
>
> Thanks
 
Hi,

System Restore was not designed to remove malware or virus infection.

How long ago in time was the computer infected?

Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org
Member: http://dts-l.org

shimmyhanna wrote:
> I am trying to fix my father-in-laws computer that has been infested with
> malware and spyware. I have been scanning and cleaning it for the past 2
> days and I havent made headway yet. Im wondering if I could just use the
> system restore to restore XP to its state prior to the malware infestation.
>
> He knows the general day it happened, so I wanted to restore to a day prior
> to that. Is that possible to get rid of the malware or will it still be in
> the system?
>
> Thanks
 

Similar threads

F
Restore windows xp default theme
Replies
0
Views
29
Flinn078
F
AWS
Toll fraud malware: How an Android application can drain your wallet
Replies
0
Views
250
AWS
AWS
AWS
Tarrask malware uses scheduled tasks for defense evasion
Replies
0
Views
243
AWS
AWS
AWS
A closer look at Qakbot’s latest building blocks (and how to knock them down)
Replies
1
Views
292
Tony D
Tony D
AWS
How cyberattacks are changing according to new Microsoft Digital Defense Report
Replies
0
Views
550
AWS
AWS
Back
Top