Malware/Spyware Removal Guide

Ganyam

Browntoa wrote:

I'm with intel...

I've yet to "kill" or cripple a PC by removing Spyware with the restore points off...and I've done a few !!!

PcHelpman is the real expert on this as he helps out on a Spyware forum elsewhere and he was the one who came up with most of the wording of that part (among many others )

Is that because whats been said has been copied of web sites, with a change of phrase here and there.

Ganyam

intel wrote:

The Above information is incorrect when using Spyware removal software
as spyware will hide waiting to re-infect within the restore points
so disable restore run a scan then re-enable restore.

Unfortunately, some companies and advisors advocate disabling system restore *before* attempting a cleanup. This is dangerous advice. First, things can and do go wrong when attempting to remove malware. Second, the Restore Points may not be infected anyway. Third, any malware that may be in a Restore Point is harmless unless and until System Restore is used to restore a system to an earlier state, and that won't happen without direct user intervention.

intel

Ganyam wrote:

Unfortunately, some companies and advisors advocate disabling system restore *before* attempting a cleanup. This is dangerous advice. First, things can and do go wrong when attempting to remove malware. Second, the Restore Points may not be infected anyway. Third, any malware that may be in a Restore Point is harmless unless and until System Restore is used to restore a system to an earlier state, and that won't happen without direct user intervention.

Go over to here see a few mates and they will even tell you that MS have got it wrong and that restore points dont get damaged by turning off sys restore but they get wiped so no harm there then after running a Spyware scan all a user has to do is create a fresh restore point which is simple.


http://www.experts-exchange.com/

Ganyam

It is a common recommendation, when cleaning for viruses in Windows ME or Windows XP, to advise that System Restore be disabled and all old stores cleared before starting on your cleaning.

The reason for the recommendation is that many viruses are stored when a System Restore point is created and, should you use System Restore, you will bring these back onto your computer. This is useful to know! But it is also true that, in cleaning highly infected systems, sometimes you make mistakes that cripple Windows and it is better to be able to take a step back to a working version of Windows - even an infected one! - rather than have Windows trashed completely. To quote Mow Green, "a leaky lifeboat is better than no lifeboat in a storm."

What's recommended is: (1) Understand that using System Restore on an infected system might bring back virus-infected files you don't want. (2) Leave System Restore in place until your computer is clean and stable. (3) Then get rid of the old infected restore points.


TO CLEAR OLD SYSTEM RESTORE POINTS

On an infection-free computer, make a new restore point:

- Launch System Restore from its Start Menu | Programs | Accessories shortcut (or directly launch C:\Windows\System32\restore\rstrui.exe from a Run box).
- Select "Create a restore point." Click Next and follow out the menus.

Then, purge all restore points except the most recent:

- Run Disk Cleanup, either from its Start Menu shortcut, or from right-click + Properties on C: in My Computer, or from directly launching C:\Windows\System32\cleanmgr.exe from a Run box).
- After it scans, click the More Options tab, then Clean Up in the System Restore section, confirm the action, then click OK to run it.

intel

Proved us right then... Many Thanks. :beer:

Ruin a PC by turning off restore...... Poppyc0ck. :rotfl:

Was this written when 3.1 was about.

Ganyam

intel wrote:

Proved us right then... Many Thanks. :beer:

Ruin a PC by turning off restore...... Poppyc0ck. :rotfl:

Was this written when 3.1 was about.

Yeah right..... thought id agree

saves the hassle..... :rotfl: :rotfl: :rotfl:

Browntoa

I think the risk of leaving restore points on with a Novice is that they don't clear up properly afterwards and the infection re-occurs , but i see your point (at least on here) that maybe the less experienced users should carry out the clean your way with restore on but that they should realise

1) they may need to spend a load more time cleaning the Pc as it could well re-install on a reboot and they are back almost at square one.

2) Until they have deleted the restore points and ensured the PC is clean they should not attempt any secure transactions such as Online banking or Credit card purchases on the infected Pc

The initial steps posted do work for 99% of people without any problems with system restore off

Browntoa

Ganyam wrote:

Is that because whats been said has been copied of web sites, with a change of phrase here and there.

I'll own up to that was not copied wholesale and was collated from various sources

was lazyness on my part (not lack of knowledge), did it rather than typing it all out for the initial draft, changes were then made by the people consulted and added to the draft text

Toxteth_OGrady

Another useful, illustrated tutorial on malware removal here.

"Don't mention the [System Restore] war. I mentioned it once but I think I got away with it!"

I know it's not in there but please don't re-open that debate. It's had enough air time already. Cheers.

:cool:

TOG

Chippy_Minton

Another useful guide: Dealing with Unwanted Spyware and Parasites.