Virus in system restore

Do you have a virus in System Restore ? That must be fixed !

Computer viruses sometimes manage to "back themselves up" in the System Restore data store. The System Restore data store is a directory on your hard disk. Windows keeps all the data it needs to restore your computer to an earlier point in time in the data store.

Whenever a virus-infected file is copied into the System Restore data store before your virus scanner can clean or remove it, you can get into trouble. Especially when your data store is on a FAT partition.

That is because anti-virus programs aren't allowed to access the data store on a FAT partition. Windows blocks that.

How can you tell if you have a virus-infected file in a FAT data store ?

Usually you will be able to tell by the behavior of your anti-virus software. It will ask for your attention.

A lot.

Your antivirus software will come up with warning messages that complain about virus infections in a location that contains "_restore" in the path. This kind of messages is a good indication that you have a virus in System Restore.

The best thing to do to get rid of this is purge the data in the data store : turn off System Restore, shut down your computer and then turn on System Restore again.

If your data store is on an NTFS partition, your antivirus program should be able to access the infected file and clean it, so with NTFS this shouldn't be a problem.

How can you tell if your data store is on NTFS ?

Want to check the amount of disk space used by System Restore ?

The size on disk value is the amount of disk space used by System Restore.

Return from "virus in System Restore" to the general Windows XP System Restore page.

Add to My Yahoo! Add to My MSNAdd to Google