Can a system restore to a past time remove the virus from the computer?
Add a comment
|
7 Answers
The short answer is no.
System Restore can help spread a virus though.
See here for more info: Removing Viruses with System Restore. Quoting the relevant parts:
When System Restore first appeared in the market, computer manufacturers and other companies claimed ... that it could remove viruses and fix other problems with the computer.
In reality, System Restore can create copies of the infected files. And some viruses may be capable of infecting the restore volume as well as the actual system files. When a person cleans their computer using an anti-virus, then uses System Restore, they may inadvertently re-infect the computer. Or if they use System Restore as a means of removal, either the restore will fail (if the anti-virus cleans the virus out during the restore process) or the restore will replace the file with an infected version.
-
Also from microsoft: windows.microsoft.com/en-US/windows-vista/…– MussnoonCommented Oct 20, 2010 at 13:10
-
1
-
@FahadUddin It depends on the point at which the system was restored. If you do a fresh OS install, you should be fine. If you back up your system after some use, however, you might also be backing up those infected files. In that example, if the guy had created a system restore point after he installed his program to 'remove spyware', he would be in the same bind. Commented Jan 2, 2014 at 18:44
No.
In fact, to make sure that no virus is still residing on your computer you should first delete all system restore points and do a manual cleaning of the virus or let your antivirus software handle it if it can.
-
1Why should I remove the restore points?– user46959Commented Oct 21, 2010 at 1:25
-
Because there is the possibility that the virus might have attached itself to some of the files in the restore points. If you do a cleaning and then restore to a previous time you might infect yourself once again. Commented Oct 21, 2010 at 11:07
The only sure-fire way to remove a virus is to re-install the operating system.
Once you're infected you never know if you are still infected. Virus scanners are always updating their list of threats they can detect, but virus authors are updating their threats just as fast. There are always threats out there that are not (yet) able to be detected.
Good virus authors will infect every piece of the system needed to stay alive. You can never be sure how thorough the virus author is. The best will include cutting edge rootkits, which, in a real-world case, could include infecting your BIOS (although I've never seen that in theory, not in the real world).
-
2The only people willing to put the time and money to infecting a system that deep would be a government agency... and if they're attacking your computer you've got more problems that viruses to worry about. Commented Oct 20, 2010 at 16:29
-
@KronoS:I heard that some wellknown OS's also produce virus for their absolete products so that the users may shift to the newer version.– user46959Commented Oct 21, 2010 at 1:23
-
Well I did say "in theory". I've yet to hear of a bios rootkit, just that they are possible. My main point still stands... Assuming that BIOS kits aren't out yet, you can only ever clear a computer absolutely via a new OS install. You can never be sure that some trace isn't there to reinstall the virus/trojan/whatever...– WernerCDCommented Oct 21, 2010 at 22:27
YES system restore CAN INDEED get rid of a virus. But (OBVIOUSLY) you have to pick a point prior to which the infection occurred!
I had the "services.freshy.com" (browser hijacker) and tried a variety of things, used various spyware removers, but nothing worked. Of course there was one on-line tech help that was eager to take my $65 for a removal service.... almost fell for that, figured in the worst case I would re-install the entire OS (Windows 7, btw). Then I remembered the system restore point. Tried it, and.... BINGO! It worked! Now I'll go back and try to remove any restore points that were created when the malware was active.
So yes, if you're going to re-install anyway, try this. What harm can it do? None. It might just save your day.
-
See the other answers. This is not a guaranteed way to remove a virus.– DavidPostill ♦Commented Jan 12, 2015 at 8:57
-
@DavidPostill It's not guaranteed to remove a virus but is practically a lot easier and faster to try and see its result than reinstalling OS and software packages and setting the environment that may take days or weeks. But I recommend you don't trust Windows 10 system restore points and always schedule to backup your system image. Commented Nov 23, 2016 at 17:28
That depends on the virus. If it resides in the registry or in a driver of somesort then I think it may be able to or if it was installed using a rogue windows update. Most likely it will not remove the virus because most viruses replicate themselves and make it difficult to remove.
99.7% of the time it will not remove the virus.
Theoretically, it can -at best- stop the virus from working. That'd be if it only infected some files that start up now and didn't start up in the past, and if it has left the system restore points intact. But viruses aren't ever that useless to not infect any system files! So no, it won't. Since in practice, it won't even prevent the virus from working, since the virus will infect a bunch of files, some system files.. that'll run inevitably. If it's a virus, then the best thing is to "disable system restore", this wipes system restore folder clean(so if there was a virus stored there it is gone). Then run the virus scan. Then enable it. System restore really won't help you at all for a virus. It can help with other types of malware though.
Malware other than viruses, like spyware or adware, can sometimes be -not removed- by system restore, but stopped from working via a system restore. (if the malware left the system restore intact). By the way, you can make your own registry backup with ERUNT.
system restore does remove viruses but it would be better to do a system restore as soon as your computer has been infected that way you get the best restore point. doing it at a later date wont help get the best restore point some viruses can attack even with an anti-virus active thats when you have to do a system restore... and be sure to update/re-install your anti virus each time you do it
-
Welcome to Super User! This duplicates another answer and adds no new content. Please don't post an answer unless you actually have something new to contribute.– DavidPostill ♦Commented Jun 23, 2015 at 12:33