System Restore on xp gone bad

J

JDBlack2007

Beta member
Messages
2
I had a friend who got a virus, so i just ran system restore to see if that would work. It did, but then when we restarted it, things went all wrong. Everything boots up seemingly ok, but when it comes time for the desktop to show up, it doesn't. It's a black screen. He said the first time the resolution was way down, icons big, etc. Then he restarted it again and that's when it went blank. It seems to me to be a video driver, but I don't understand how or why. Just thought i'd ask around and see if anyone knew. Hopefully this is in the correct forum, sorry if it's not.
 
Similar thing happened to me once.

I just repaired Windows XP from the XP CD. Repaired, not reformatted.
 
if i were u id repair it... then backup the data, then format otherwise the masties may still be floating around
 
Most viruses are relatively easy to get rid of, until your system does a system restore point, which is when it infects the system restore folder. At this point, your system is basically toast, unless you have the tools to get rid of the system restore folder, and the virus. More times than not, these are bootable type programs. I would recommend trying to go into safe mode- if you're able to get into safe mode, and have the original XP disc, I would go to start>run>sfc /scannow
That's Windows System File Checker, which will check all the system files, and replace the modified ones with the correct ones. At that point, you should be able to get back into Windows with no problems. Then I would run several different virus scans- there are plenty of tools out there. Last resort would to be repair, then the very last, to reformat.
 
pctechmike said:
Most viruses are relatively easy to get rid of, until your system does a system restore point, which is when it infects the system restore folder. At this point, your system is basically toast, unless you have the tools to get rid of the system restore folder, and the virus. More times than not, these are bootable type programs. I would recommend trying to go into safe mode- if you're able to get into safe mode, and have the original XP disc, I would go to start>run>sfc /scannow
That's Windows System File Checker, which will check all the system files, and replace the modified ones with the correct ones. At that point, you should be able to get back into Windows with no problems. Then I would run several different virus scans- there are plenty of tools out there. Last resort would to be repair, then the very last, to reformat.
Click to expand...

Am i right in thinking that if ya system restore is infected, you can disable it and reboot and then enable it again to get rid of the viruses in there? Im sure ive read that somewhere before, any truth in this?
 
Not from my experience. While it is true you can disable system restore, the chances of getting rid of viruses that reside in the system restore folder are slim. Here is an explanation from Microsoft about antivirus programs cleaning the restore folder:

http://support.microsoft.com/kb/263455

It doesn't mention XP, but the system restore is the same program from that OS- the only good thing that came from ME, honestly.

Another question:
Q.What should I do if my anti-virus scanner cannot access the System Volume Information folder to remove a virus?A.If the System Volume Information (SVI) folder is on a FAT partition and a virus infected file has been detected or copied to the data store before it was cleaned, the data store needs to be purged to remove the Restore Point with the infected file. To do this, the user should disable and then re-enable System Restore monitoring on that particular drive as specified in How can I disable System Restore from monitoring a particular drive? If the System Volume Information Folder is on an NTFS partition, the SVI directory can be accessed by a virus utility to clean an infected file as any other part of the file system.

While this article states that the volume is accessable, it's highly unlikely it will clean it. With a bootable CD, such as Winternals, and others, it's possible to delete the system restore folder, effectively ridding the computer of the virus (and all restore points, that could be infected)- this has always been my way of doing it, because it's simple, and full-proof.
 
if the virus gets into your system restore folder just turn system restore off and the folder will clear including the virus in it.
 
You must log in or register to reply here.

Similar threads

P
Blue screen error again?
2
Replies
16
Views
2K
phantom555
P
R
does monitor refresh rate affect fps?
Replies
3
Views
514
raverx3m
R
R
Suddenly there is no display on the computer
Replies
8
Views
907
Flowace
Flowace
Captain Xarzu
How do I ensure I properly get text alerts on my Android phone?
Replies
2
Views
862
Joe C
Joe C
F
Max System RAM for Ryzen 5 5600G iGPU?
Replies
3
Views
517
PP Mguire
PP Mguire
Back
Top Bottom