Computer Question

Malware and viruses will change registry settings in your computer. Some of them are designed to change all of your previous registry settings back to the beginning.

Step 1: Get rid of malware, trojans, viruses, etc. I like the free software AVG, it works very well, even on already infected computers.

Step 2: See if your computer is now OK (it probably will now be fine). If not, reset to an earlier registry setting.

One very effective trick I use is to have a full copy of my primary hard drive and keep that physically installed inside my computer but not plugged in.

By doing that I have a full backup of everything including the drivers as well so should I have a problem I just unplug my primary hard drive and hookup the secondary unit and from there I can that with an external hard drive adapter to run a safe re scan of the primary drive without problems. Once I am sure the primary drive is clean again I then copy any new stuff to the backup drive and switch drives again.

I have only needed to use the secondary drive a few times to clean the primary drive but its well worth it.

The second option is to have a second independent computer or laptop with all the antivirus systems up to date that you can use to clean the drive with. All that involves is using a hard drive to USB adapter and the second computer to scan the infected hard drive as an external secondary unit.

Safe effective and rather easy to do once you get familiar with using external hard drive adapters and setting your antivirus program to drive specific scans.

It can or may not. A lot of the time virus will infect the restore points also. So you can't use them to get rid of it.

Best to make an image and use it for back up.

Some of the newer computers have an image installed on a separate partition. Usually accessible by hitting an F key during start up.

You may want to get a portable hard drive to address this problem in the future. Also, use of AVG software (mentioned by another commenter) may be an option.

Hi, Ron,

I assume you're using some version of Windows that supports restore points? Setting a point means capturing a 'snapshot' of your system at that moment in time. Theoretically, you could (in the event you had a virus or other problem at a later date) jump back to a previously created setpoint and restore your system to the state it was in back at the time the point was created. But, that would be too easy. As others have pointed out, restore points can be corrupted or otherwise made useless (or, worse, infected with no outward sign of infection). Depending on the size of your hard drive, making lots of restore points can put a squeeze on your drive space, too.

There are ways around this problem, as others have pointed out, most of which don't involve using restore points.

I'm sure there are lots of solutions, and everyone uses what works for them, but what I do is to use image-making software (in my case, Acronis (usual disclaimer)) to create an image (sometimes called a 'ghost image') of your hard drive and store this image on a separate hard drive via the USB port and an external hard drive housed in a hard shell case. Once you get the hang of making an image, it's fairly easy to keep several archived images dating back as far as you like. When the inevitable problems arise, I boot from the Acronis CD and use the program to restore the most recent image to my hard drive. This has the same effect as traveling back in time, which is good. What's not so good is if the previous image had the infection at the time of creation, in which case you'd have to go back even further until you reach a point before the infection occurred. But, then, you'll discover that everything that was added to your hard drive from that day forward is gone like it never existed. Programs, program updates, Windows updates, data, photos, music, drivers--everything will have to be recreated. That's one good reason to keep important data files (drawings, music, photos, financial files, or anything else of value) backed up on a folder on the external drive, separate from the ghost images. The cool thing about image files is that one can be created any time you're about to do something that is risky (IE: running beta programs, letting someone use your computer/laptop, etc.) It's not a perfect solution but it's a start.

Another way to beat the bugs is to buy a hard drive cloner. I use one of these at work and so far it seems to work OK. What this is is a small electronic device into which two hard drives are plugged. One drive is the Source drive and one is the Destination drive. And, trust me, you do not want to get them switched. Once activated, the device will do a 1:1 copy from the Source drive to the Destination drive, overwriting whatever happens to be on the Destination drive. The caveats to this method are: a) you have to remove the Source drive from your computer, b) the Destination drive absolutely must be at least the same capacity as the Source drive, preferably a little larger, c) if the Destination drive is a whole lot larger than the Source drive, the cloner will most likely only use enough to make the 1:1 copy; the rest of the space will be unused. Though, it can be made usable if you wanted to take the time to 'reclaim' it by turning it into a partition, which is a whole 'nother topic for discussion.

In short, we could write books about the digital war between virus-makers and anti-virus gurus. In the end, it comes down to 1) selecting AV software that you think will work for you, though I would recommend doing lots of research before installing anything as there have been instances of supposed AV software actually acting more like a virus, spyware, adware, etc., 2) research into the terms 'imaging' and 'cloning' and consider the potential costs and pros/cons of each and how they fit into your situation, 3) for all irreplaceable or critical data: backup, backup, backup.

OK, I'll shut up. Sorry, didn't mean to ramble on...and on...and on...

I've found that hard disks need reformatting every year or so to get rid of programs that didn't un-install correctly, ones that won't go away, ones you don't use now but can't remember the name of, etc and viruses from those dark places on the Internet.

I have paid version of Malwarebytes, but the free one is OK too.

I have 2 hard disks and reformat the other one periodically and make it C:. I leave the current disk intact, allowing me to transfer data and reinstall programs as I need them and if I haven't done that after a year, then I don't need them.

I use Carbonite for backup which backs up off-site automatically leaving a green spot on the file icon when done or an orange one when not backed up and I have retrieved files with no trouble. I have had some problems with Carbonite when changing disks from F: to C:. The initial backup takes 1-2 weeks. There maybe better systems out there now and I'll be interested in other comments.

Sorry we don't have a simple answer, Tony

You must also be aware that certain persons/companies sell computers that are purposely infected when sold brand new. Spyware is used by these to track whatever you do. My point is you cannot trust even a new computer to be clean no matter how well you know the salesperson/company, and all the anti-virus programs and switching of drives is not going to change the basic operating systems of these computers. I am also not the sharpest tool in the shed, but I know there are always people trying to be, and some are very sharp.

Lots of good answers so far. I also use AVG (paid version since my wife pays for it, otherwise the free one or Microsoft Security Essentials). I also have Malwarebytes, Spybot, and CCleaner. Now have the new Acronis 2013 for backups on an external hard drive. Plus I backup all data files on a flash drive by saving everything twice.

But perhaps one thing that has helped me have almost zero problems with viruses is that the Internet is turned off when not using it for a while. In addition the computer is turned totally off every night until sometime the next day. This hopefully makes me an "uninteresting" target for the virus and malware folks.

As to how far back, who knows? I think the computer limits the number of restore points, plus you would have to pick one before the virus arrived--when was that???

Some of those bugs they have going around, like the ones that hijack your computer and give you a pop up that says you are infected with a virus and need to purchase this particular software to get rid of it are pretty nasty. You have a little bit of time to get an icon for your restore program on your desk top, then next time you reboot you have to get to that restore program up and going to activate it before the virus loads up. If you can't do that then take it in to computer geeks or similar to get rid of it.

Run your computer in SAFE MODE and then run your anti spyware/adware and anti virus programs. You also need a registry cleaner and run that too.

It is also recommended that you just deactivate your restore program because it will just keep reintroducing the virus if it's also in an earlier store point.

I would also like to add that it is a good idea to have more than one anti-malware program handy because each anti-malware program is only as good as the signatures reported to it, what one will pick up another might miss because that virus signature hasn't been updated to their database. However, too many will bog your computer down, especially if they are running in the back ground. AVG is light when running in the back ground and so is Microsoft Essentials. Microsoft Essentials is a good program and it's free. That Norton one, get rid of it. Norton seems to work fine at first but as time goes on it will eventually bog your computer down to where it is unusable all by itself, I completely fixed a computer by just uninstalling that before. Kaspersky is also a good program.

I don't know but worked fine for me several times.-

The most important things about sharp tacks is to avoid the boom...

All answers here are on track and target...it's a great idea to always have a backup of at least your most important files. A clone disk or DVD restore set is also great.

As to your question, specially crafted trojans can be (and increasingly are) designed with droppers which also infect restore point files and even the (Microsoft) archive files, and even the restore partition files.

They can also infect the Master Boot Record with another small trojan which will undo all of your actions the next time you boot the device or if partition information is accessed or modified during normal operations.

Whenever I reload a drive I keep it offline for as long as possible until I have restore all of my files, and then access only the (Microsoft) update server until I have the computer up to a reasonable restore point. I then clone the drive to another or create a set of DVD's using resident backup software.

If you use a third party backup or cloning solution be aware that the software must be loaded and functional (activated) before you can restore a backup set using the automated features.

Answer to your first question - it depends. Several factors will determine this. Normally your computer will make a daily restore point, but more will be made when system changes occur such as software installs. Another factor is how much hard drive is available for System Restore to use for restore points. Larger the hard drive the more restore points can be stored. The only way to find out is to open the Sytem Restore proram and see what restore points are available.

Second question - in some cases, yes this can stop viruses and malware from running, but it is far from being a reliable method. Many malware programs will incorporate themselve into major system components that may not be fully replaced with a System Restore. Keep in mind that system restore does not fully replace the entire system, just the registry and many of the system files.

If you suspect a virus or other malware, you should first try to run a suite of programs designed to remove malware and viruses. I generally use AVG, or Microsoft Security Essentials, both free and very effective. Then I go back with more spyware oriented programs like SuperAntiSpyware and MalwareBytes. Run all of these tools from safe mode for the best results. Once you have done that then you can use system restore to restore system settings that may have been changed.

Be aware that some vurises are so pervasive that removal wil effectively destroy the operating system, necessitating a complete system re-installation. This procedure will vary greatly depending on the computer maker.