System Restore and Malware Removal
System Restore is a feature in Windows 7, Vista and XP (also in Windows ME that is no longer supported as of July 11, 2006) to roll back the system to a previous system state. It contains a snapshot of the system files, installed programs, and registry keys.
End-users who may have problem using Windows after installing a buggy software can simply use System Restore to go back to previous snapshot of Windows. In some cases, when the system has become infected, using system recovery to eliminate a Trojan, virus, spyware, Internet or computer worms and other types of malware, may help bring back the system to previous state.
System Restore and Recovery Console
Windows 7 and Vista also include a startup repair that allows PC users to recover or fix by starting up Windows. The startup repair in
newer operating systems is similar to Recovery Console in XP.
System Restore and Recovery Console options allow people to eliminate malware infections without the need of using antivirus or anti-malware programs. This method is only recommended using if any of the following applies:
- Windows will not boot normally, or by using Safe mode or the Last Known Configuration.
- A system backup is not available.
- The restore point is not infected with malware. It is important that antivirus or anti-malware programs regularly scan the system restore point directory to ensure that the computer is not keeping an infected snapshot of Windows.
- A malware infection is using file extensions that System Restore doesn't monitor. You can view the list of monitored file extensions by System Restore on the MSDN website. If you have Windows XP, you can view the said file extensions monitored by System Restore in C:\Windows\System32\restore\Filelist.xml.
- System Restore and Volume Shadow Copy Service are running and working, or not disabled by malware.
Will System Recovery Eliminate a Trojan Virus?
If you are a backup person, you are probably confident that you can always restore to existing backups that are located in external or networked drives, CDs or DVDs, or online backup storage like Mozy Backup. However, if you don't backup your system and files, the only option is by using system recovery options – System Restore or recovery console.
System Restore is the easiest way to eliminate the existing system that is currently infected. By simply choosing a restore point that does not contain any virus or malware infection, you will be able to use Windows again without the need to re-format or reinstall a fresh copy of Windows. The only disadvantage to using System Restore is that you have to reinstall the programs and updates that the restore point or snapshot doesn't contain.
So yes, using system recovery tools such as having a complete system backup, system restore points, and access to recovery console will help eliminate infections.
Note: Recovery tools should be used if an antivirus or anti-malware software could not remove malware in Windows, or if you would rather roll back to previous system state or system backup.
Image credit: Screenshot taken by the author.