[Dshield] Virus in my restore point

John Holmblad jholmblad at aol.com
Wed Dec 10 14:48:42 GMT 2003


you will need to disable system restore in order to remove the malware 
from the WXP restore files. Here is Symantec's prescription for doing so 
which they embed in their routine malware removal instructions:

1. Disabling System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you 
temporarily turn off System Restore. Windows Me/XP uses this feature, 
which is enabled by default, to restore the files on your computer in 
case they become damaged. If a virus, worm, or Trojan infects a 
computer, System Restore may back up the virus, worm, or Trojan on the 

Windows prevents outside programs, including antivirus programs, from 
modifying System Restore. Therefore, antivirus programs or tools cannot 
remove threats in the System Restore folder. As a result, System Restore 
has the potential of restoring an infected file on your computer, even 
after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even 
though you have removed the threat.

For instructions on how to turn off System Restore, read your Windows 
documentation, or one of the following articles:

    * "How to disable or enable Windows Me System Restore

    * "How to turn off or turn on Windows XP System Restore

For additional information, and an alternative to disabling Windows Me 
System Restore, see the Microsoft Knowledge Base article, "Antivirus 
Tools Cannot Clean Infected Files in the _Restore Folder 
Article ID: Q263455.


Best Regards,


John Holmblad


Televerage International


(H) 703 620 0672

(M) 703 407 2278

(F) 703 620 5388


www page:                      www.vtext.com/users/jholmblad

primary email address: jholmblad at aol.com

backup email address:  jholmblad at verizon.net


text email address:         jholmblad at vtext.com

More information about the list mailing list