Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Virus in system restore

Status
Not open for further replies.
zestril5

zestril5

Technical User
Sep 30, 2002
102
0
0
US
I have a customer that calls at least once a week. The problem is always the same. His computer reports a virus and tells hime to run AVG. He does and the virus is still on the computer. The virus is in c:\restore...... or c:\system_restore.. or something like that.
I take him through the steps to turn off system restore and then restart it, which of course deletes the virus.
My questions are: if a virus is in the system restore folders is it active? and how does he wind up with a virus in system restore all the time. Yes it happens to other customers occasionally but it happens to this guy weekly.
 
Sort by date Sort by votes
It's always a trojan downloader virus but whether or not it's the same one I don't know right now. I'll try to keep track.
 
Upvote 0 Downvote
I dont use an os that has a system restore, so I dont know a lot about how that works, I'll be interested too, to see what others say about that.

The kind of thoughts I was having with my question were if it was the same thing all the time, maybe avg needs some help in the removal process or maybe your customer is repeatedly accessing the same site containing the virus after you go through cleaning the system, creating restore points for backup purposes, and if you could figure out what it was and where it's coming from, then maybe there's a specific protection activity in addition to avg that needs to be taken.
 
Upvote 0 Downvote
It's very likely that this particular user has particular web surfing habits (maybe even picking this up from the same site). Trojan.downloaders aren't really trojans unto themselves, but are rather built to deploy trojans to the users pc. Often, these are "inserted" to install newer versions of malwares, etc. You might look into augmenting their existing protection with something along the lines of SpyBot with Immunize activated), SpySweeper, or the like. More likely, you need to give this user some education as to how careless surfing habits can cripple one's pc.

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
Thanks all for the information, but one question remains. When a virus has been detected by AVG but can't be removed, most times it's because it is in the system restore folder. I know if system restore is activated to "go back" that the virus will definitely be rinstated.
BUT, is the virus Inactive (or ecapsulated, so to speak, as thought it were in the virus vault) while it is in the system restore folder?
 
Upvote 0 Downvote
Yes the virus is inactive - until System Restore is used.
Best to turn off System Restore, reboot, run the A/V scan to check it is clear; if it isn't, delete the restore folder. Once the PC is clean, enable System Restore and make a new restore point (or two)!

Andy.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
99
Oorde
Oorde
Mike Lewis
  • Locked
  • Question
MsMpEng.EXE in MSE: necessary? desirable?
Replies
3
Views
85
Mike Lewis
Mike Lewis
andyv2011
  • Locked
  • Question
Looking at Virus Actions
Replies
0
Views
48
andyv2011
andyv2011
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
72
goombawaho
goombawaho
kharrison70
  • Locked
  • Question
Meskisift Visaal Studie Virus? 6
Replies
6
Views
81
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top