Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Clear infected Windows system restore points

- - - - -

  • Please log in to reply

#1
Mythio

Mythio

    Member

  • Member
  • PipPipPip
  • 130 posts
 

Welcome to this guide about clearing infected system restore points on a Windows machine and creating a new, clean restore point to use in the future (but let's hope it is not needed :D)

Important: this guide should be followed AFTER your computer was cleared of malware

Written by Mythio, last updated: 01/05/2011


 General Information (READ THIS BEFORE PROCEEDING) 
System restore is a handy feature in Windows that basically let's you go back in time. You can restore your computer to an earlier state, no losing any of your files, but reversing any changes from say installing a program or cleaning out the wrong entry in the registry. When your computer has been infected and you either cleaned it yourself or had help from an expert at one of the help forums, it is likely that your restore points are infected. Imagine an infection being present on your system, nesting in the registry, changing settings to help itself and than Windows comes along and makes a complete back up of these changes by creating a system restore point. Windows makes these restore points automatically and does not check for any infection or malware present on your system. For pretty much all infections, it is impossible to say with certainty when the computer got infected. Therefor you cannot assume that any of your older restore points is safe. System restore monitors all operating system files, installed programs and Windows registry settings. It also monitors batch files, scripts and executable files. Places that malware likes to hide in...

If your computer was infected, there is only one thing left to do: clean out all restore points and create a new one after you are sure the computer is clean again!


Why not turn off system restore completely?
It has been a trend for some time to completely turn off system restore in Windows and although this is possible it is highly recommended not to do this. System restore can save your computer should settings be mistakenly changed, important files deleted, etc. (I'm sure many of us can think up a whole list of doom scenario's). Even though system restore takes up space on the computer (the restore points have to be stored), this is only a small sacrifice to make for the benefits it provides. It is also possible to adjust the amount of space all your restore points together are allowed to use; Windows will simply delete the oldest restore point, if it runs out of space to make a new one.

In this guide you will find instructions for the following Windows types:

  • Windows XP Home & Professional
  • Windows Vista (All versions)
  • Windows 7 (All versions)
Under every set of instructions is a collection of thumbnails; clicking on these thumbnails will open larger versions of screen shots to help guide you in finding the right buttons and tabs.

One last note: you will need Administrator privileges on your computer to make changes to Windows system restore.


 Windows XP Home & Professional 
For clearing out the infected restore points and creating a new, clean one on Windows XP Home & Professional follow these steps:

  • Click Start, right-click My Computer, and then click Properties. (Screen 1)
  • The system properties screen will open; click the System Restore tab. (Screen 2)
    If you are unable to follow step 1 and 2 to get to the System Restore tab, try these options, in order, until one works:

    • Press WinKey + Break (The break key on a keyboard is normally around the scroll lock, home and page up key), this should open the system properties screen.
    • Click Start, click Run and type the following, followed by an enter: %WINDIR%\SYSTEM32\sysdm.cpl (Screen 3 & 4)
    • Click Start, click Run and type the following, followed by an enter: %WINDIR%\SYSTEM32\RESTORE\rstrui.exe, then click System Restore Settings. (Screen 3 & 5 & 6)
    • If this all fails, post back to whoever pointed you here for instructions or if you found these instructions on your own go here and post a topic detailing your problem.
  • Check the Turn off System Restore check box or check the Turn off System Restore on all drives check box. (Screen 2)
  • You will recieve a warning message, click Yes. Click apply and wait until the status for each drive turns from "Monitoring" to "Turned off".
  • Clear the Turn off System Restore check box or clear the Turn off System Restore on all drives check box.
  • Click apply and wait until the status for each drive turns from "Turned off" to "Monitoring".
You have now cleared your infected restore points and created a new clean restore point for your drives, Well Done!

Find the screens below, 1 to 6, from left to right (click the small images):

Posted Image------Posted Image------Posted Image------Posted Image------Posted Image------Posted Image

 Windows Vista (All versions) 
For clearing out the infected restore points and creating a new, clean one on Windows Vista follow these steps:

  • Click Start, right-click My Computer, and then click Properties. (Screen 1)
  • Click System Protection and confirm by clicking continue if asked to. (Screen 2)
    If you cannot get to the system protection screen this way, try the following:

    • Go to Start -> Control Panel -> System and Maintenance -> System, and click System Protection
    • Press WinKey + Break (The break key on a keyboard is normally around the scroll lock, home and page up key), this should open the system properties screen. Now go to the system protection tab.
    • Click Start, and in the search box type the following, followed by an enter: %WINDIR%\SYSTEM32\sysdm.cpl , Now go to the system protection tab. (Screen 3)
    • If this all fails, post back to whoever pointed you here for instructions or if you found these instructions on your own go here and post a topic detailing your problem.
  • The system protection screen pops up, clear the check box in front of every disk. (Screen 4)
  • A message box will pop up, click Turn System Restore Off.
  • The restore points are now cleared, let's turn system restore back on.
  • Check the check box in front of every disk and click apply.
  • Click Create and give a name for your restore point identifying it as a clean restore point (Example: AfterCleanRP) (Screen 3)
  • A message will pop up that the restore point was created successfully, click Ok and close all screens.
You have now cleared your infected restore points and created a new clean restore point for your drives, Well Done!

Find the screens below, 1 to 4, from left to right (click the small images):

Posted Image------Posted Image------Posted Image------Posted Image

 Windows 7 (All versions) 
For clearing out the infected restore points and creating a new, clean one on Windows 7 (All versions) follow these steps:

  • Click Start, right-click My Computer, and then click Properties. (Screen 1)
  • Click System Protection and confirm by clicking continue if asked to. (Screen 2)
    If you cannot get to the system protection screen this way, try the following until one works:

    • Go to Start -> Control Panel -> System and Security -> System, and click System Protection
    • Press WinKey + Break (The break key on a keyboard is normally around the scroll lock, home and page up key) and click System Protection.
    • Click Start, and in the search box type the following, followed by an enter: %WINDIR%\SYSTEM32\sysdm.cpl , Now go to the system protection tab. (Screen 5)
    • If this all fails, post back to whoever pointed you here for instructions or if you found these instructions on your own go here and post a topic detailing your problem.
  • The system properties screen will pop up, with focus on the system protection tab. You can see the box labeled "Protection Settings", the following has to be done separately for every drive that is labelled "On" under Protection:

    • Select the drive by clicking on it in the list (it gets the blue focus). (Screen 3)
    • Click Configure, the "System Protection for local disk" screen pops up. (Screen 4)
    • Click Delete and then click continue in the box that pops up. A message will tell you all restore points where deleted, click Close.
    • Click Ok to close the screen, then click Create (with the same drive still selected).
    • Give a name for your restore point identifying it as a clean restore point (Example: AfterCleanRP).
    • Close the message that pops up when the restore point is created and repeat the process for all other drives as needed.
  • Close all open screens
You have now cleared your infected restore points and created a new clean restore point for your drives, Well Done!

Find the screens below, 1 to 5, from left to right (click the small images):

Posted Image------Posted Image------Posted Image------Posted Image------Posted Image
  • 0

Advertisements


#2
blueblue

blueblue

    Member

  • Member
  • PipPipPip
  • 270 posts
THANK YOU Very Much for posting this, I've been searching awhile for these instructions. :thumbsup:

Sincerely, blueblue
  • 0

#3
AnotherNana

AnotherNana

    New Member

  • Member
  • Pip
  • 6 posts
I'm pretty happy these instructions were posted myself! Hopefully, I can find a restore point somewhere inside the 'puter!Posted Image
  • 0

#4
Helloyou824

Helloyou824

    Member

  • Member
  • PipPipPip
  • 218 posts
Thanks ..helpful infos:
-----------------------------------------------------------------------------
Delete restore point Tutorials from microsoft:


Windows-7
WIndows-vista
Windows-xp

Edited by Helloyou824, 17 December 2012 - 01:28 AM.

  • 0

#5
heyheychoco

heyheychoco

    Member

  • Member
  • PipPip
  • 12 posts
Is it safer to reformat?
  • 0

#6
heyheychoco

heyheychoco

    Member

  • Member
  • PipPip
  • 12 posts
I heard that restore points can still be infected
  • 0

#7
heyheychoco

heyheychoco

    Member

  • Member
  • PipPip
  • 12 posts
Any suggestions?
  • 0

#8
heyheychoco

heyheychoco

    Member

  • Member
  • PipPip
  • 12 posts
So?
  • 0

#9
sari

sari

    GeekU Admin

  • Administrator
  • 21,659 posts
  • MVP
You do not need to reformat in order to clean infected system restore points. You do need to clear the existing restore points, however, to avoid restoring any infections.
  • 0

#10
LeeGrant

LeeGrant

    New Member

  • Member
  • Pip
  • 4 posts
Re Vista system restore points

Pardon my non-tech language.

I assume that it is not possible to do a system restore back to when the system was pristine — after purchasing the computer, or using recovery disks to "reinstall" the system.

The post by Mythio seems promising and I can see how I could get rid of dodgy restore points but I haven't tried it because I'm not sure about this item:

7. Click Create and give a name for your restore point identifying it as a clean restore point (Example: AfterCleanRP) (Screen 3)


What does this mean? I might not have a restore point which is a certain "clean restore point" since I might have put up with a bit of systems crap for some time and the "clean restore points" might have dropped out as new dodgy restore points took their place.

I guess I should try to execute item 7 to see what happens but am reluctant to do so as I am no computer whiz.

I don't know what my question is but it may be: "How can I create a clean restore point if I have deleted the dodgy ones and there's no earlier restore points remaining that are certifiably clean to be restored?"

Cheers

Lee Grant
Sydney
Australia

Edited by LeeGrant, 19 October 2013 - 10:07 PM.

  • 0

#11
LeeGrant

LeeGrant

    New Member

  • Member
  • Pip
  • 4 posts
As a follow up to my previous post (#10 on this thread)…… if I decide to use my recovery disk to reinstall Vista Windows, then process all the updates I will be prompted to do, and then reinstall the programs I want to add back in …… would I be able to create a restore point at that time, save it, and use it repeatedly, if necessary?

In other words: is there a way to save a restore point in a way that it will not be superseded by more recent restore points that are automatically generated?

This would save a heap of work.

I'm guessing that it's not possible, in which case a strategy may be to keeping restoring the righteous restore point every now and then so it is always current enough to use, though replacing it after subsequent programs have been added or downloads made — and they scan OK.

PS My Windows is a Vista Home Premium version, 32 bit, I don't know what other info is needed and my queries are fairly generic anyway.
.
  • 0

#12
sari

sari

    GeekU Admin

  • Administrator
  • 21,659 posts
  • MVP
LeeGrant,

You wouldn't want to save just one restore point to go back to. A better option would be to manually set a restore point prior to downloading and installing any programs. That way, you could go back to that point. If you manually set it, you can give it a name, making it easier to determine which restore point you'd like to use. Using the above example, you could reinstall Vista, process updates, reinstall programs, then create a restore point. You could also reinstall Vista and process the updates, then create a restore point prior to installing any additional programs, so you have a clean restore point of just the OS install and Microsoft updates. You wouldn't be able to keep that restore point, indefinitely, however. You wouldn't want to go back to that particular restore point, (the righteous one, as you call it), as you would lose subsequent changes, so creating a new one prior to installing new software is your best bet.

The reason we clear infected restore points after cleaning a PC is so we know that the user can't inadvertently restore any viruses that might be contained within them. Unless you are downloading and installing cracks, participating in file sharing, or other dubious activities, you really shouldn't have a lot of concerns about having infected restore points.

sari
  • 0

#13
LeeGrant

LeeGrant

    New Member

  • Member
  • Pip
  • 4 posts
Thanks for that sari.

You indicate that a restore point can be made manually and can be given a name. I don't want to try a reinstall of the Windows Vista OS then try that manual restore, just yet, but I suppose that it would be easy enough to do if you click on the right options which are offered — or is it more involved than that?

Having never done a manual restore, I don't know.

Another question: is it possible to repress the automatic creation of Vista Windows restore points so that the "righteous" restore point, or points, do not drop out after time?

Or, alternatively, is it possible to zap the automatically created restore points on a regular basis, so that the "righteous" restore points remain?
.
  • 0

#14
sari

sari

    GeekU Admin

  • Administrator
  • 21,659 posts
  • MVP
LeeGrant,

I think what you really want is a program like Acronis TrueImage. This will essentially take a snapshot ofyour PC, and you can restore it back to that time. In your case, for instance, you can reinstall Vista, do all the updates, then take an image of the disk.

Sari
  • 0

#15
LeeGrant

LeeGrant

    New Member

  • Member
  • Pip
  • 4 posts
Thank you for your help on this matter.

Cheers

Lee Grant
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP