You scan your computer for malware – viruses, spyware and adware – the defensive software finds them, quarantines the files and you confirm their removal. When you later scan the machine, you see that the same virus or spyware or adware has been again found by your software.
One reason may be your unsafe surfing habits online has drawn another attack. The other is likely to be a Windows feature called System Restore. This utility takes a snapshot of your Windows system files on, or rather, before any significant changes are made.
It is in the nature of viruses, spyware and adware to infiltrate your machine under the name of Windows system files, which System Restore is programmed to save whenever such files are updated or changed. When your anti-malware program quarantines or deletes infected system files, System Restore is on watch to repair the damage, which it does by replacing them from a previous Restore Point, or snapshot. Which is likely to be one taken when the malware made a change to your system files!
I went through this once with a Windows XP machine several years ago.
So what should one do? Turning off System Restore permanently will solve this particular problem, but takes away the utility of System Restore for the times you need it. There are those analysts who have said for years that System Restore isn’t really that useful and disable it from Day One, but I reserve judgement.
One solution is to turn off System Restore temporarily while you run your virus or spyware scan. After scanning and removing the malware, turn it on again. However, there is a flaw in this. How do you know when the malware got into your system and how many restore points have been contaminated with it? A more complete solution is to perform your cleanup, then using System Restore, delete Restore Points going back in time to one you are sure is uncontaminated. This might mean deleting all of them.
Follow the steps before performing the malware scan:
- Right click on My computer,go to properties.
- Under the System restore tab put a tick on ‘Turn off system restore on all drives’.
- Press Apply.Then restart your PC
- Now perform the scan,remove the virus or spyware (or quarantine it).
- Turn on system restore again.
Once you are sure your system is clean, that is the time to re-enable System Restore and create a fresh restore point. It is worth pointing out that in Windows 7, you have much more control over restore points. AJS