[Mythio]

 

Welcome to this guide about clearing infected system restore points on a Windows machine and creating a new, clean restore point to use in the future (but let's hope it is not needed )

Important: this guide should be followed AFTER your computer was cleared of malware

Written by Mythio, last updated: 01/05/2011

 General Information (READ THIS BEFORE PROCEEDING) 
System restore is a handy feature in Windows that basically let's you go back in time. You can restore your computer to an earlier state, no losing any of your files, but reversing any changes from say installing a program or cleaning out the wrong entry in the registry. When your computer has been infected and you either cleaned it yourself or had help from an expert at one of the help forums, it is likely that your restore points are infected. Imagine an infection being present on your system, nesting in the registry, changing settings to help itself and than Windows comes along and makes a complete back up of these changes by creating a system restore point. Windows makes these restore points automatically and does not check for any infection or malware present on your system. For pretty much all infections, it is impossible to say with certainty when the computer got infected. Therefor you cannot assume that any of your older restore points is safe. System restore monitors all operating system files, installed programs and Windows registry settings. It also monitors batch files, scripts and executable files. Places that malware likes to hide in...

If your computer was infected, there is only one thing left to do: clean out all restore points and create a new one after you are sure the computer is clean again!

Why not turn off system restore completely?
It has been a trend for some time to completely turn off system restore in Windows and although this is possible it is highly recommended not to do this. System restore can save your computer should settings be mistakenly changed, important files deleted, etc. (I'm sure many of us can think up a whole list of doom scenario's). Even though system restore takes up space on the computer (the restore points have to be stored), this is only a small sacrifice to make for the benefits it provides. It is also possible to adjust the amount of space all your restore points together are allowed to use; Windows will simply delete the oldest restore point, if it runs out of space to make a new one.

In this guide you will find instructions for the following Windows types:

• Windows XP Home & Professional
• Windows Vista (All versions)
• Windows 7 (All versions)

Under every set of instructions is a collection of thumbnails; clicking on these thumbnails will open larger versions of screen shots to help guide you in finding the right buttons and tabs.

One last note: you will need Administrator privileges on your computer to make changes to Windows system restore.


 Windows XP Home & Professional 
For clearing out the infected restore points and creating a new, clean one on Windows XP Home & Professional follow these steps:

• Click Start, right-click My Computer, and then click Properties. (Screen 1)
• The system properties screen will open; click the System Restore tab. (Screen 2)
  If you are unable to follow step 1 and 2 to get to the System Restore tab, try these options, in order, until one works:
  
  
  • Press WinKey + Break (The break key on a keyboard is normally around the scroll lock, home and page up key), this should open the system properties screen.
  • Click Start, click Run and type the following, followed by an enter: %WINDIR%\SYSTEM32\sysdm.cpl (Screen 3 & 4)
  • Click Start, click Run and type the following, followed by an enter: %WINDIR%\SYSTEM32\RESTORE\rstrui.exe, then click System Restore Settings. (Screen 3 & 5 & 6)
  • If this all fails, post back to whoever pointed you here for instructions or if you found these instructions on your own go here and post a topic detailing your problem.
• Check the Turn off System Restore check box or check the Turn off System Restore on all drives check box. (Screen 2)
• You will recieve a warning message, click Yes. Click apply and wait until the status for each drive turns from "Monitoring" to "Turned off".
• Clear the Turn off System Restore check box or clear the Turn off System Restore on all drives check box.
• Click apply and wait until the status for each drive turns from "Turned off" to "Monitoring".

You have now cleared your infected restore points and created a new clean restore point for your drives, Well Done!

Find the screens below, 1 to 6, from left to right (click the small images):

------------------------------

 Windows Vista (All versions) 
For clearing out the infected restore points and creating a new, clean one on Windows Vista follow these steps:

• Click Start, right-click My Computer, and then click Properties. (Screen 1)
• Click System Protection and confirm by clicking continue if asked to. (Screen 2)
  If you cannot get to the system protection screen this way, try the following:
  
  
  • Go to Start -> Control Panel -> System and Maintenance -> System, and click System Protection
  • Press WinKey + Break (The break key on a keyboard is normally around the scroll lock, home and page up key), this should open the system properties screen. Now go to the system protection tab.
  • Click Start, and in the search box type the following, followed by an enter: %WINDIR%\SYSTEM32\sysdm.cpl , Now go to the system protection tab. (Screen 3)
  • If this all fails, post back to whoever pointed you here for instructions or if you found these instructions on your own go here and post a topic detailing your problem.
• The system protection screen pops up, clear the check box in front of every disk. (Screen 4)
• A message box will pop up, click Turn System Restore Off.
• The restore points are now cleared, let's turn system restore back on.
• Check the check box in front of every disk and click apply.
• Click Create and give a name for your restore point identifying it as a clean restore point (Example: AfterCleanRP) (Screen 3)
• A message will pop up that the restore point was created successfully, click Ok and close all screens.

You have now cleared your infected restore points and created a new clean restore point for your drives, Well Done!

Find the screens below, 1 to 4, from left to right (click the small images):

------------------

 Windows 7 (All versions) 
For clearing out the infected restore points and creating a new, clean one on Windows 7 (All versions) follow these steps:

• Click Start, right-click My Computer, and then click Properties. (Screen 1)
• Click System Protection and confirm by clicking continue if asked to. (Screen 2)
  If you cannot get to the system protection screen this way, try the following until one works:
  
  
  • Go to Start -> Control Panel -> System and Security -> System, and click System Protection
  • Press WinKey + Break (The break key on a keyboard is normally around the scroll lock, home and page up key) and click System Protection.
  • Click Start, and in the search box type the following, followed by an enter: %WINDIR%\SYSTEM32\sysdm.cpl , Now go to the system protection tab. (Screen 5)
  • If this all fails, post back to whoever pointed you here for instructions or if you found these instructions on your own go here and post a topic detailing your problem.
• The system properties screen will pop up, with focus on the system protection tab. You can see the box labeled "Protection Settings", the following has to be done separately for every drive that is labelled "On" under Protection:
  
  
  • Select the drive by clicking on it in the list (it gets the blue focus). (Screen 3)
  • Click Configure, the "System Protection for local disk" screen pops up. (Screen 4)
  • Click Delete and then click continue in the box that pops up. A message will tell you all restore points where deleted, click Close.
  • Click Ok to close the screen, then click Create (with the same drive still selected).
  • Give a name for your restore point identifying it as a clean restore point (Example: AfterCleanRP).
  • Close the message that pops up when the restore point is created and repeat the process for all other drives as needed.
• Close all open screens

You have now cleared your infected restore points and created a new clean restore point for your drives, Well Done!

Find the screens below, 1 to 5, from left to right (click the small images):

------------------------

[Advertisements]

THANK YOU Very Much for posting this, I've been searching awhile for these instructions.

Sincerely, blueblue

[blueblue]

THANK YOU Very Much for posting this, I've been searching awhile for these instructions.

Sincerely, blueblue

[AnotherNana]

I'm pretty happy these instructions were posted myself! Hopefully, I can find a restore point somewhere inside the 'puter!

[Helloyou824]

Thanks ..helpful infos:
-----------------------------------------------------------------------------
Delete restore point Tutorials from microsoft:

Windows-7
WIndows-vista
Windows-xp

Edited by Helloyou824, 17 December 2012 - 01:28 AM.

[heyheychoco]

Is it safer to reformat?

[heyheychoco]

I heard that restore points can still be infected

[heyheychoco]

Any suggestions?

[heyheychoco]

So?

[sari]

You do not need to reformat in order to clean infected system restore points. You do need to clear the existing restore points, however, to avoid restoring any infections.

[LeeGrant]

Re Vista system restore points

Pardon my non-tech language.

I assume that it is not possible to do a system restore back to when the system was pristine — after purchasing the computer, or using recovery disks to "reinstall" the system.

The post by Mythio seems promising and I can see how I could get rid of dodgy restore points but I haven't tried it because I'm not sure about this item:

7. Click Create and give a name for your restore point identifying it as a clean restore point (Example: AfterCleanRP) (Screen 3)

What does this mean? I might not have a restore point which is a certain "clean restore point" since I might have put up with a bit of systems crap for some time and the "clean restore points" might have dropped out as new dodgy restore points took their place.

I guess I should try to execute item 7 to see what happens but am reluctant to do so as I am no computer whiz.

I don't know what my question is but it may be: "How can I create a clean restore point if I have deleted the dodgy ones and there's no earlier restore points remaining that are certifiably clean to be restored?"

Cheers

Lee Grant
Sydney
Australia

Edited by LeeGrant, 19 October 2013 - 10:07 PM.

[LeeGrant]

As a follow up to my previous post (#10 on this thread)…… if I decide to use my recovery disk to reinstall Vista Windows, then process all the updates I will be prompted to do, and then reinstall the programs I want to add back in …… would I be able to create a restore point at that time, save it, and use it repeatedly, if necessary?

In other words: is there a way to save a restore point in a way that it will not be superseded by more recent restore points that are automatically generated?

This would save a heap of work.

I'm guessing that it's not possible, in which case a strategy may be to keeping restoring the righteous restore point every now and then so it is always current enough to use, though replacing it after subsequent programs have been added or downloads made — and they scan OK.

PS My Windows is a Vista Home Premium version, 32 bit, I don't know what other info is needed and my queries are fairly generic anyway.
.

[sari]

LeeGrant,

You wouldn't want to save just one restore point to go back to. A better option would be to manually set a restore point prior to downloading and installing any programs. That way, you could go back to that point. If you manually set it, you can give it a name, making it easier to determine which restore point you'd like to use. Using the above example, you could reinstall Vista, process updates, reinstall programs, then create a restore point. You could also reinstall Vista and process the updates, then create a restore point prior to installing any additional programs, so you have a clean restore point of just the OS install and Microsoft updates. You wouldn't be able to keep that restore point, indefinitely, however. You wouldn't want to go back to that particular restore point, (the righteous one, as you call it), as you would lose subsequent changes, so creating a new one prior to installing new software is your best bet.

The reason we clear infected restore points after cleaning a PC is so we know that the user can't inadvertently restore any viruses that might be contained within them. Unless you are downloading and installing cracks, participating in file sharing, or other dubious activities, you really shouldn't have a lot of concerns about having infected restore points.

sari

[LeeGrant]

Thanks for that sari.

You indicate that a restore point can be made manually and can be given a name. I don't want to try a reinstall of the Windows Vista OS then try that manual restore, just yet, but I suppose that it would be easy enough to do if you click on the right options which are offered — or is it more involved than that?

Having never done a manual restore, I don't know.

Another question: is it possible to repress the automatic creation of Vista Windows restore points so that the "righteous" restore point, or points, do not drop out after time?

Or, alternatively, is it possible to zap the automatically created restore points on a regular basis, so that the "righteous" restore points remain?
.

[sari]

LeeGrant,

I think what you really want is a program like Acronis TrueImage. This will essentially take a snapshot ofyour PC, and you can restore it back to that time. In your case, for instance, you can reinstall Vista, do all the updates, then take an image of the disk.

Sari

[LeeGrant]

Thank you for your help on this matter.

Cheers

Lee Grant