Virus in System Restore Information

Just to add one thing... If I remember (I had this one before), you also want to turn off "system restore" while you run your virus scanner. This keeps the virus from reproducing itself on the current restore. Once the virus is gone or quarantined, you can go back and turn on you system restore.

Is this correct, Sparkstation?

Hello vermin and other readers

It all depends on which Security Utility you use.

a-Squared Personal is able to remove all instances of malware both in the compressed "System Restore Archive" and ordinary areas of the Hard Drive/s.

There may be others (Webroot) which are now also able to remove from the "System Restore compressed Archive.

It does appear that certain Antivirus makers have a vested interest in being pleased about Virus and Malware proliferation.

As I stated earlier, the GoBack Deluxe, by Roxio was an excellent Utility, and it appears - REVIEW DATE: 06.17.03 here: http://www.pcmag.com/article2/0,1759,1091173,00.asp

I note that Symantec do not seem to actively promote GoBack Deluxe, but it may be downloaded from the Symantec Site here: http://www.goback.com/

GoBack Deluxe is the best of these type of Utilities. (I don't get any commission on referrals folks).

If you are using any other Security Utility to remove malware, which cannot remove the compressed version of that malware in the "System Restore Archive", then as vermin said above, it is best after you have removed the malware item from the ordinary part/s of the Hard Drive/s, to turn on System Restore, Remove all earlier Restore Points, Turn off System Restore, then Re-boot, after which you should make a new Restore Point, once the Computer has stabilised after the Boot.

GoBack Deluxe will work on older PC's up to Win2000 at 500MHz CPU Pentium3 with 640MB of PC133 SDRAM - It will use about 12% of System Resources, more if other things are being done on the PC at the same time.

If WinXP or later Operating System is installed on an older machine such as the above, you'll get very little done, because of the operation of GoBack Deluxe, which saves every tiny alteration on the Hard Drive/s in its Archive Base.

Later PC's such as a Pentium4 equivalent or faster PC with 1GB+ of DDR2 RAM will have no problems with GoBack Deluxe.

If you do instal GoBack Deluxe, it will automatically shut down "Windows Restore", as that is no longer required.

I hope that clarifies the situation, and thanks vermin for bringing up that point, so I give you a Good Answer Mark.

Kind Regards....

two thing you can do, go to norton's and download their trail software of spyware and remove the trojan that way or you can go to www.spybot.com and download spybot seaqrch & destory 1.3 and remove it that way the main thing you need to do is disconnect from the internet and show all hidden files then run the programs and before disconnect from internet get all update to these programs after removing the spyware do a create a new restored went installing the spybot prgram do not create a backup of the register. or you can reformat the hard drive and reinstall all of you programs

Vermin is correct. You want to turn off System Restore.

I also want to add because I don't see it noted by anyone else is that when running your anti-virus programs, you want to boot your computer up in Safe Mode first, otherwise the Trojan will continue to rewrite itself.

I would like to know (as I am sure many others would too) just which Anti Virus Software you were running when the problem made itself known, as this would appear to be a pretty bad state of affairs that it has got you into, one way or another....

Thanks in advance.

The anti-virus software I am using is Rising Antivirus - a product from Tshinghua University in Beijing - comes also with Rising Firewall, and a Onetime purchase price of 130 RMB, about A$22, and may be installed on three separate computers from the CD - one may choose the Language of Installation and updates are available just about every day - it continues updating year after year after year for no extra charge.

The virus disappeared from my system on February 24 after appearing every day previously.

Maybe Tshinghua University tumbled to this compression/System Restore problem and incorporated a solution is an update.

They are a pretty smart lot there, some of the best software boffins in the world. I cannot speak highly enough of them.

I carried out the actions suggested, of turning off System Restore, doing a scan and then turning it back on again.

The scan was clear and investigation of the scan log showed the virus had been removed as mentioned above on February 24.

I assume all the previous System Restore information is automatically deleted when the System Restore is turned off - is this the case?

This System Restore must consume an enormous amount of disk space, so is it advisable to delete this information on a regular basis similarly to other disk management activities such as Defragging and Cleaning Up?

May I take this opportunity to thank all those who submitted comments about this problem - I have learned quite some more about XP operation in the process.

Thanks

GAC

Hello cirreb217

<"System Restore must consume an enormous amount of disk space">

It normally uses around 10% of Disk space, which is well worth it, if you manage to save essential information..

The Archive is super-compressed, so lots of information is stored there, it only records the changes.

System Restore, and similar Software Utilities, regularly discard old Restore Points, on a regular basis, as the new Restore Points are created, on a FIFO (First in = First Out) basis.

Kind Regards....