Disabling System Restore Points after a successful restore.

Disabling System Restore Points after a successful restore.: Posted by Rebecca Sansom on February 16th, 2006; Hi

Sorry I have a bit of a sillly question.

I have successfully rolled back my system using system restore to a date
before I got a popup virus that Norton was unable to remove. The virus looks
like it has gone from my pc.

I want to now run a complete virus check and Norton advises that I disable
system restore before I do this. This action will delete all the restore
points and I am therefore afraid that this will then lose me the state that I
now have i.e virus free and return the virus?

Is this the case or can I just go ahead and disable system restore without
losing my restored state.

Any advice much appreciated.

Rebecca; Posted by Ted Zieglar on February 16th, 2006; System Restore cannot remove a virus. You are not virus free. A copy of the
virus is likely included in your restore points.

Turn off SR to delete the restore points, make sure your are using an SP 2
compatible version of NAV and use Live Update to make sure your program and
virus definitions are up to date. Then run a thorough scan with NAV.

--
Ted Zieglar
"You can do it if you try."

"Rebecca Sansom" <Rebecca Sansom@discussions.microsoft.com> wrote in message
news:668A3DF9-C075-4A80-B89B-48C674BE6986@microsoft.com...; Posted by Bert Kinney on February 16th, 2006; Rebecca Sansom wrote:
This is bad advise. Disabling System Restore should be done only after
all infection cleanup is completed. The reason being, if something goes
wrong (anything is possible) you will have no way to reverse your
actions. The only way to re-infect the system is to undo the current
restore point. Update Norton and do a virus scan. If Norton finds the
virus in the System Volume Information fold only, that's the time to
purge all existing restore points by disabling SR.

No, System Restore does not work that way. You will only loose the
ability to undo the current state and restore to a previous date. The
current state of the system will not be changed by disabling SR.

No. By disabling SR it's all or none. Once the system is infection free,
other than the System Volume Information folder (where SR holds it's
restore points) disable SR, then enable it.

For more on System Restore:
Description of System Restore
http://bertk.mvps.org/html/description.html

--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org; Posted by Ted Zieglar on February 16th, 2006; Bert:

Glad you saw this post. I'm a little puzzled by your response, so I hope you
can straighten something out for me on this topic.

I have always understood that the possibility that an infected computer's
restore points contain a copy of the virus is greater than the possibility
that restoring the system would fix whatever problems an antivirus program's
removal procedures might cause. Therefore, if you are fairly certain that
you have a virus, you wouldn't want to keep your restore points.

--
Ted Zieglar
"You can do it if you try."

"Bert Kinney" <bert@NSmvps.org> wrote in message
news:uUCax5wMGHA.1032@TK2MSFTNGP11.phx.gbl...; Posted by Peter on February 16th, 2006; I agree with you Ted.

--
Peter
Toronto, Canada
XP Home SP2
"Ted Zieglar" <teddy.z@notmail.com> wrote in message
news:%23j2M4HxMGHA.500@TK2MSFTNGP15.phx.gbl...; Posted by Bert Kinney on February 17th, 2006; Hi Ted and Peter,

This subject has been highly debated. The following comments sum up
results and options of the debate, which I agree with.

AumHa Forums: Purging old System Restore points
http://aumha.net/viewtopic.php?t=152...2516 fe78cd83

System Restore and malware removal - what is best practice?
http://msmvps.com/spywaresucks/archi.../17/66724.aspx

--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org

Ted Zieglar wrote:; Posted by Rebecca Sansom on February 17th, 2006; Thanks very much, very useful, I am clear on what I need to do now!

"Bert Kinney" wrote:; Posted by Ted Zieglar on February 17th, 2006; Thanks for the links. My point of disagreement - friendly disagreement, of
course - with Jim is on this point that he makes early on:

"...it is better to be able to take a step back to a working version of
Windows - even an infected one! - rather than have Windows trashed
completely."

Then again, I'm someone with a comprehensive backup strategy, so wiping out
my system and restoring a backup, if it comes to that, is no big deal. These
days, I zero confidence in an infected computer.

Like so many other things in computerdom, the answer depends on how well
prepared you are. No solution is perfect. (And for the record, in 12 years
of personal computing, none of my computers have ever succumbed to
infection.)

--
Ted Zieglar
"You can do it if you try."

"Bert Kinney" <bert@NSmvps.org> wrote in message
news:%23bwukZ2MGHA.3144@TK2MSFTNGP11.phx.gbl...; Posted by Bert Kinney on February 18th, 2006; Ted Zieglar wrote:
For users with limited resources, SR can give them a second chance.

Obviously, you are an advanced user, and have a strategy in place, just
in case. <g>

Restoring back to an infected state is a nice options, when all else
fails.

--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org

Similar Posts

System restore points go missing!! (Help and Support) by Tony H.
System Restore not saving restore points (Help and Support) by shqipo
System Restore Points (Performance/Maintainence) by stephenfunari
Where have all my system restore points gone ? (Help and Support) by Si
System Restore points unavailable (Help and Support) by steve