Pin Me

Will System Recovery Eliminate a Trojan?

written by: Karishma Sundaram•edited by: Jean Scheid•updated: 5/20/2010

System recovery is a useful tool to salvage a computer after a major system failure. Quite often it is used to eliminate residual files after an infection has been cleaned out. However, it may not be the best way to get rid of a Trojan. Find out here if system recovery can eliminate a Trojan virus.

  • slide 1 of 4

    A Brief Look at Trojans

    Infection A Trojan is a malignant malware program that pretends to be useful application. In reality, however, it opens a back door through a system’s defenses for access by an attacker. The backdoor access is then used for any number of malicious activities, ranging from information or identity theft to complete system control.

    Usually Trojans are downloaded by unsuspecting users along with a seemingly useful or desirable applications. The Trojan installs itself onto the computer and then transmits data to an external computer. This characteristic is the easiest way to detect a Trojan infection because a firewall can monitor all incoming and outgoing connections for unauthorized use. Here, we'll find out if system recovery can eliminate a Trojan virus.

  • slide 2 of 4

    What is System Recovery?

    System recovery is a useful tool incorporated into Windows operating systems, which allows the user to rollback their system to a previous state in the event of a major failure. It is composed of two steps: backup and restore. Users are encouraged to create periodic backups of their systems using the automated tool. In the event of a system failure and when all other mechanisms fail, system recovery can be used to resurrect the computer.

  • slide 3 of 4

    Using System Recovery to Get Rid of Malware

    System recovery is sometimes used to rid the computer of stubborn infections. Although most malware files can be removed through the use of anti-malware applications, in some cases an odd file can remain on the system.

    Since system recovery rolls the entire system to a previous state or earlier system date, it is possible to rid the computer of residual malware provided the previous version did not have the unwanted malware. This is an important condition because if the system is restored with the infection intact, it may also restore the malware state to active, thereby undoing the work done by the anti-malware application.

    Although the system recovery method is effective, it should be used as a last resort because there are other means of removing malware infections. Additionally, the user must be completely sure that the malware was not present when the restore point was created.

  • slide 4 of 4

    Stored Malware Infections

    As previously mentioned, there can be occasions where malware is stored in a system restore file. In these cases, the anti-malware application will detect the infection, however, it will not be able to remove it because all system restore files are protected from modification.

    To get rid of the infection, the user needs to disable system restore on the infected computer. The restore files will then become accessible for manipulation by the anti-malware application and can then be removed accordingly. The user can then reactivate system restore.

    Although the system restore point may not be valid, it is probably best to rid the computer of an infected restore file in any case. After the infection is removed, a new system restore point can be created with ease.

    To answer the question will system restore eliminate a Trojan virus depends upon whether infected files exist within the system restore saved files.