Share via

What did system restore do to my virus?

Anonymous
2011-01-09T20:32:05+00:00

I got a virus from a sketchy website which told me that my files could not be found whenever I tried running a program, even system restore wouldn't load. I knew about the virus only because windows kept popping up every second telling me about it and telling me to buy their anti virus ____ while I already had Norton. I got Norton to work and ran a complete scan to find nothing. So, since I was scared watching the pop up windows appear one by one saying they have lost my files to various things, I panicked and took out my battery and put it back in(I didn't know how else to get into safe mode).  Once in safe mode, I ran the restore to a few days ago when i know i didn't have the virus.  Every thread I read says that system restore cannot remove viruses but doesn't explain why.  My computer is fine now so where did the virus go then?? Will it come back? Norton says everything is fine but then again it didn't find it before either. 

I don't know if tis matters but I have a toshiba laptop(L655) that I got a few months ago.

Windows for home | Windows 10 | Recovery and backup

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

  1. Anonymous
    2011-01-09T20:47:31+00:00

    Hi,

    Some virus can be removed by using System Restore however the danger is that using it

    will allow many types of malware to infect the Restore Points.

    If you need to check for malware here are my recommendations - these will allow you to do

    a thorough check and removal without ending up with a load of spyware programs running

    resident which can cause as many issues as the malware and maybe harder to detect as the

    cause.

    No one program can be relied upon to detect and remove all malware. Added that often easy

    to detect malware is often accompanied by a much harder to detect and remove payload. So

    its better to be overly thorough now than to pay the high price later. Check with these to an

    extreme overkill point and then run the cleanup only when you are very sure the system is clean.

    These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run 

    them in regular Windows when you can.

    TDSSKiller.exe. - Download to the Desktop - then go to it and Right Click on it - RUN AS ADMIN

    it will show any infections in the report after running - if it will not run change the name from

    tdsskiller.exe to tdsskiller.com. Whether it finds anything or not does not mean you should not

    check with the other methods below.

    http://support.kaspersky.com/viruses/solutions?qid=208280684

    Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone.

    (If Rootkits run UnHackMe)

    Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

    Malwarebytes - free

    http://www.malwarebytes.org/

    Run the Microsoft Malicious Removal Tool

    Start - type in Search box -> MRT  find at top of list - Right Click on it - RUN AS ADMIN.

    You should be getting this tool and its updates via Windows Updates - if needed you can

    download it here.

    Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

    (Then run MRT as above.)

    Microsoft Malicious Removal Tool - 32 bit

    http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

    Microsoft Malicious Removal Tool - 64 bit

    http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

    also install Prevx to be sure it is all gone.

    Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

    Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other

    security programs. This is a scanner only, VERY EFFECTIVE, if it finds something come back

    here or use Google to see how to remove. 

    http://www.prevx.com/   <-- information

    http://info.prevx.com/downloadcsi.asp  <-- download

    PCmag - Prevx - Editor's Choice

    http://www.pcmag.com/article2/0,2817,2346862,00.asp

    Try the trial version of Hitman Pro :

    Hitman Pro is a second opinion scanner, designed to rescue your computer from malware

    (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security

    measures you have taken (such as anti virus software, firewalls, etc.).

    http://www.surfright.nl/en/hitmanpro

    If needed here are some online free scanners to help

    http://www.eset.com/onlinescan/

    New Vista and Windows 7 version

    http://onecare.live.com/site/en-us/center/whatsnew.htm

    Original version

    http://onecare.live.com/site/en-us/default.htm

    http://www.kaspersky.com/virusscanner

    Other Free online scans

    http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1

    After removing any malware :

    Also do these to cleanup general corruption and repair/replace damaged/missingsystem files.

    Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -  RUN AS ADMIN

    Enter this at the prompt - sfc /scannow

    How to Repair Windows 7 System Files with System File Checker

    http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

    How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program

    generates in Windows Vista cbs.log

    http://support.microsoft.com/kb/928228

    Also run CheckDisk so we can rule out corruption as much as possible.

    How to Run Disk Check in Windows 7

    http://www.sevenforums.com/tutorials/433-disk-check.html

    If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)

    http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/

    ======================================

    If needed AFTER you are sure the machine is clean of all malware.

    How to Do a Repair Install to Fix Windows 7

    http://www.sevenforums.com/tutorials/3413-repair-install.html

    Hope this helps.

    Rob Brown - MS MVP - Windows Desktop Experience : Bicycle - Mark Twain said it right.

    1 person found this answer helpful.
    0 comments

7 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2011-01-10T07:02:10+00:00

    Hi,

    SFC only repairs some Windows files, it does not check for malware and you could have malware

    even thoough and SFC scan shows no issues. Running SFC before malware is clear carries the

    same risk as running System Restore in that it can actually help spread some malware.

    Please use the methods in the reply above to do a thorough check.

    Are you still getting the messages from the scan antivirus that you need protection? If so is there

    any name or site associated with it?

    Rob Brown - MS MVP - Windows Desktop Experience : Bicycle - Mark Twain said it right.

    0 comments
  2. Anonymous
    2011-01-10T01:45:03+00:00

    Windows will notify you that your are not protected (popup in lower right corner). However in your original post "I got a virus from a sketchy website which told me that my files could not be found", if the website originated the warning it fake.

    What version of Norton do you have? N360V3 or 360V4, NIS 2010 or 2011, NAV 2010 or 2011 or other.

    JS

    http://www.pagestart.com

    Never be afraid to ask. This forum has some of the best people in the world available to help.

    0 comments
  3. Anonymous
    2011-01-10T01:15:22+00:00

    The windows pop ups telling me to get an anti virus software looked like it was part of windows.  It didn't look like any anti virus scams I've seen before(and I've had a lot unfortunately).  It looked really legit.  So will windows ever ask me to get their preferred brand of anti virus software(does it even have one)? and are you sure this was fake?  The sfc scan said everything was fine.

    0 comments
  4. Anonymous
    2011-01-09T21:03:48+00:00

    The web site was trying to fool you into installing their software to remove a non existant virus. The popups may have been the tip of the iceberg and system restore fixed that. As long as you did not download the fake AV software or run their online scan you should be OK.

    Run the SFC  /SCANNOW  command. This will check and repair if necessary any critical Windows system files.

    Click on Start/All programs/Accessories then

    Right click on Command Prompt option and select 'Run as administrator'.

    At the command prompt enter:  SFC  /SCANNOW

    Windows 7 - SFC SCANNOW Command - System File Checker

    http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

    How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7

    http://support.microsoft.com/kb/929833

    How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program generates in Windows Vista:

    http://support.microsoft.com/kb/928228

    JS

    http://www.pagestart.com

    Never be afraid to ask. This forum has some of the best people in the world available to help.

    0 comments