Win XP System Restore.. (1 Viewer)

[Jay H]

Hi Folks, spent the last night on the phone with a friend of mine trying to clean her laptop running WinXP of almost every spyware, virus known to man. Cashback, Navisearch, bargain, MyDoom, W32.bloodhound, Toolbar, etc. etc.

Since I am not familiar with XP that much cause I run Win2000 at home and at work, I wasn't familiar with how to disble System Restore. (I know that you're supposed to and I know how to now). Anyway, can somebody tell me how System Restore in XP works? From what I gather it's something similar to Win 2k "Last known good configuration" except that it stores multiple points of restoration rather than one. Also, you'll never use it unless there is a problem with bootup or something.

So far, so good, she's able to boot up without any problem after disinfecting a whole boatload of stuff via AVG Free, Spybot and Adaware. But I had to do this with System Restore on. I'm hoping that there isn't any kind of automatic fix that somehow could spring up and reinfect my friend's laptop.

I didn't want her to go online just yet for fear of reinfecting her (she had a bunch of trojan downloaders too) so I didn't want her to go look up how to disable SR). But I think she is at a point where it is safe for her to at least update the AD-Aware, Spybot to the latest definitions and rerun a full system scan. And I think she is safe enough now to email me a Hijackthis logfile so I can check it out myself. I know AVG did not find everything, she still has a couple spyware that I researched a bit and I can tell her how to remove it.

Assuming that everything is fine, how do I permanently delete anything that System Restore has saved? to make sure it is gone for good and then I can turn SR back on so it saves a non-infected saveset?

She's already is using Firefox and I'm going to setup Eudora once everything is OK so she can ditch Outlook Express. Then I can get her to install SP2 for XP and some other simple things...

Jay

 

[Greg*go]

I never heard any complaints, System Restore on XP has saved my butt a few times. Once in a while AVG finds a virus inside the restore folders though, but it takes care of them.

Since her PC is apparently running find now, I would tell her to go into: Start -> Programs -> Accesories -> System Tools -> System Restore

From there tell her to "Create a Restore Point."

Then Go into the System Tools again, and go into Disk Cleanup. After selecting which HDD to clean up, she can go into the "more options" tab and delete all but the most recent restore point. This should get rid of all the restores that contained infected files.


If you just want to flat out turn off that funcion, I would do the above option then right click "My Computer" select properties, select the System Restore tab, and turn off the function. This would keep only one restore point on her PC. I don't know the files to completely get rid of System Restore.

 

[Jay H]

Thanks Greg, that is exactly what I want to do. Delete all the save points that she has and then once we get a completely clean system, go ahead and have XP System Restore take an image of a clean system. I don't intend her to turn it off completely.

Jay