Virus in System Restore

Just wanted to add to Thoriphies, but couldnt since it was closed. Anyway if you find that the virus is in the system restore then disabling and then enabling it again would clear restore points, cleaning the virus.

Disabling system restore:

  1. Click Start.
  2. Right-click the My Computer icon, and then click Properties.
  3. Click the System Restore tab.
  4. Check “Turn off System Restore” or “Turn off System Restore on all drives”.
  5. Click Apply.
  6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
  7. Click OK.
  8. Proceed with what you need to do; for example, virus removal. When you have finished, restart the computer.

Also thoriphies recommended that using shutdown -a to prevent automatic shutdown.

If that doesn’t work then in command prompt type in shutdown -i. This will bring up remote shutdown dialog.

Add your computer name (found by right clicking on My Computer and going to properties). Then change the amount of seconds to 9999 or something like that to give you time to run a scan to remove the virus. Add a comment like “Delaying Shutdown” and then hit OK. This happens with many viruses/worms like the sasser worm where the lsass.exe programs is corrupt.

Finally just like to add that I recommend getting SpywareBlaster. It helps to prevent spyware from getting on your computer. Also, there is a new version of Ad-Aware, the SE version and its supposingly really good. I however am still using 6.0. But with anything virus/spyware/adware/firewall scan make sure you keep it updated.

Hope this helps and feel free to ask questions.
Pat