Using System Restore to Remove Spyware?

macman

I am trying to help someone remove an infection of 'System Security' and/or 'Malware Defender' by telephone assistance (he's not nearby). Usual problem of uncontrollable pop-ups, hijacked web browser etc. But he's completely panicked by the whole thing, so impossible to talk him through calmly running MBAM, Superantispyware etc.
He's got Spyware Doctor and McAfee installed and these cannot detect it or remove it. I got him as far as checking Sys Restore and that is still working-he can access and create Restore Points. He is fairly sure of the date of infection too.
Under these circumstances is it wise to get him to do a System Restore to a pre-infection date? If the later (infected) Restore Points are then deleted, will this clear it, or does the spyware remain in files unaffected by Sys Restore?

thomas01155

It might remove the infection but i would try to get him to do a quick scan with Malwarebytes shouldn't take to long.

aliEnRIK

Restoring could possibly make it worse. All depends on the infection

macman

Please could you expand on that a bit aliEnRIK? I'm unclear if doing a sys restore simply 'masks' the spyware or what exactly?
Otherwise I need to physically get to his PC to try to sort it.

Browntoa

go with the restore point , then talk them throught Malwarebytes. You may find that Restore is disabled by the infection though

you could both download crossloop and you could do it remotely

http://download.cnet.com/CrossLoop/3000-2654_4-10602416.html


they click on Share and give you the code, you click on access and enter it

macman

Thanks, Sorry I should have said, he did do a successful Sys Restore but the infection remained. However we then established that this restore point was later than the suspected infection date.
But because it 'didn't work' he just got cold feet at that point and shut down.
I'll try to get him to do an earlier restore point and then try MBAM.

aliEnRIK

macman wrote: »

Please could you expand on that a bit aliEnRIK? I'm unclear if doing a sys restore simply 'masks' the spyware or what exactly?
Otherwise I need to physically get to his PC to try to sort it.

I mean that some trojans 'hide' in restore points and so by restoring to an earlier point it actually executes the trojan (meaning you gain nothing)

Im sure restoring will sometimes remove 'some' spyware. All depends on how bad it is

I think Browntoas idea is a fantastic one though. Im kinda intrigued to see if you manage it with that

macman

And do some trojans effectively have a time delay built into them? The reason I ask is that I know his daughter has Limewire installed on it (I know, I know...). I pointed to that as a likely source of infection, but he insisted she hadn't been on it for days prior to the day the infection became 'live'.
Wil take a look at the Crossloop idea too.

aliEnRIK

Well I know that a couple of years ago I had some nasty trojan which 'appeared' to 'lay in wait'. Once id run a particular program so many times it then executed (At least thats how it seemed). And suddenly I was full of them.

They certainly do exist anyways, but I dont think theres many of them about

Reluctant_spender

They may not have a built in time delay but they may require internet access or a certain file to be accessed before delivering its payload.

Patrick20

Delete Limwire immediately. I'm not saying because of copyright infringement or anything, thats none of my buisness, but the possibilities of pc crippling viruses are higher than the benifits of using it. I would suggest utorrent for downloads. And although malware Bytes was good when i tried it SuperAntiSpyware worked better for me and got rid of All of my problems. And in my opinion McAfee is aweful. I deleted it and installed Avast Home edition(FREE) and have had no infection in a year or more.