System Restore point

Parman

Parman

confused.....
Guru
Local time
10:53 PM
Messages
880
Location
Topeka Kansas
Figured this would be the best place for this discussion. If incorrect please move.

System restore point.... They're used a lot to fix viruses. Its one of the first thing I check when one is brought to me. I'm sure that a virus could find its way into your restore point data but how likely is that to happen?

Has anyone ever experienced restoring a PC and it still be infected?
 

My Computer

OS
Windows 7 Ultimate x64
Yes. It has happened with me. Because the virus was present in a different drive on the HDD. So it did not make a difference restoring system (C Drive).
 

My Computer

Computer Manufacturer/Model Number
Samsung NP530U4B-S02IN
OS
Windows® 8 Pro (64-bit)
CPU
Intel® Core™ i5 Processor 2467M (1.60GHz, 3MB L3 Cache)
Motherboard
Samsung Electronics
Memory
6GB DDR3 System Memory at 1,333MHz (on BD 4GB + 2GB x 1)
Graphics Card(s)
AMD Radeon™ HD7550M 1GB DDR3 (Ext. Graphic)
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
35.56cm (14.0) SuperBright 300nit HD LED Display
Screen Resolution
1366x768
Hard Drives
1TB S-ATA II Hard Drive (5400RPM) with ExpressCache 16GB SSD
Internet Speed
sucks
Antivirus
Microsoft Security Essentials
Browser
Google Chrome (Sync enabled)
I didnt even think of that. Was the PC's partitioned out user data or program files?
 

My Computer

OS
Windows 7 Ultimate x64
Some virus target system restore just for this purpose as AV often do not have access to "hidden" files, ensuring the virus can stay after removal
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Pauly Special
OS
Win7 Ultimate X64
CPU
Intel i5 3570K
Motherboard
Gigabyte Z77X-DS3H
Memory
8GB DDR3 1600
Graphics Card(s)
Onboard
Sound Card
Onboard
Screen Resolution
1280x1024
Hard Drives
Samsung 840 Evo SSD (OS)
1TB Spinner (Data)
PSU
800W Arctic
Case
Cooler Master
Cooling
3x120mm Fans
Keyboard
MS Wireless
Mouse
MS Wireless
Internet Speed
20M
There were 3 drives. The C drive contained the programs. The E drive contained all user media like music, video, etc. which also contained some infected files.

After system restore, the PC looked fine but the viruses would enter in few hours again. Hence we determined that the viruses were hidden in another partition altogether. ;)
 

My Computer

Computer Manufacturer/Model Number
Samsung NP530U4B-S02IN
OS
Windows® 8 Pro (64-bit)
CPU
Intel® Core™ i5 Processor 2467M (1.60GHz, 3MB L3 Cache)
Motherboard
Samsung Electronics
Memory
6GB DDR3 System Memory at 1,333MHz (on BD 4GB + 2GB x 1)
Graphics Card(s)
AMD Radeon™ HD7550M 1GB DDR3 (Ext. Graphic)
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
35.56cm (14.0) SuperBright 300nit HD LED Display
Screen Resolution
1366x768
Hard Drives
1TB S-ATA II Hard Drive (5400RPM) with ExpressCache 16GB SSD
Internet Speed
sucks
Antivirus
Microsoft Security Essentials
Browser
Google Chrome (Sync enabled)
Most viruses can infect restore points nowadays, but it's usually the 1st restore point (although I'm sure some are quite capable of infecting all of them). I usually tell people when they are restoring due to a virus, to go the 2nd, or better yet, 3rd restore point.

As Dinish pointed out, if you have a hidden partition somewhere on the system, usuall written by a rootkit, a system restore doesn't do any good.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Hell oh Well
OS
Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
CPU
Intel Core 2 Duo 2.93GHz
Memory
Not much with my ADHD
Graphics Card(s)
ATI Radeon HD 4350
Monitor(s) Displays
24" HDTV/Monitor
Screen Resolution
Blurry after a Scotch or 2
Hard Drives
1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals
Case
Don't get on my case...man :D
Cooling
I have an Air Conditioner & Diet Pepsi
Keyboard
Saitek Cyborg
Mouse
10 yr old MS optical mouse that still works
Internet Speed
Never fast enough
Antivirus
Various
Browser
Various
Why do they target just one? And by first do you me the lasted one created or the first one ever created?
 

My Computer

OS
Windows 7 Ultimate x64
It's usually the last one created, the one most people will roll back to in an attempt to purge the virus. Hence the reason it embeds itself into that point. I have seen systems though where the virus will either delete or disallow access to restore points altogether.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Hell oh Well
OS
Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
CPU
Intel Core 2 Duo 2.93GHz
Memory
Not much with my ADHD
Graphics Card(s)
ATI Radeon HD 4350
Monitor(s) Displays
24" HDTV/Monitor
Screen Resolution
Blurry after a Scotch or 2
Hard Drives
1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals
Case
Don't get on my case...man :D
Cooling
I have an Air Conditioner & Diet Pepsi
Keyboard
Saitek Cyborg
Mouse
10 yr old MS optical mouse that still works
Internet Speed
Never fast enough
Antivirus
Various
Browser
Various
Borg 386 said:
I have seen systems though where the virus will either delete or disallow access to restore points altogether.
Click to expand...

I actually think i have seen one of them before. Unless the user just turned them off. LOL
 

My Computer

OS
Windows 7 Ultimate x64
You must log in or register to reply here.
Back
Top