Go Back   FlyerTalk Forums > Travel&Dining > Travel Technology
Sign in using an external account

Reply
 
Thread Tools Search this Thread
Old Jul 8, 07, 2:12 pm   #1
FlyerTalk Evangelist
 
Join Date: Sep 2000
Programs: UA Million Miler (lite). NY Metro area.
Posts: 13,096
I got a virus. How do I 'restore' my computer to the day before

My wife was able to restore our Dell computer once, after a virus. She somehow managed to get the computer to go back to the day before.
It worked.

She doesn't remember how she did the restoration. I've been entrusted (as are you) to help solve this problem.

A search of restore/restoration didn't help. Can you.

Thanks.
dhammer53 is offline   Reply With Quote
Old Jul 8, 07, 2:30 pm   #2
FlyerTalk Evangelist
 
Join Date: Apr 1999
Location: Bryn Mawr PA & Wailea HI
Posts: 15,734
if xp

system> all programs> accessories > system tools > system restore.............. then pick your date from the calendar

MisterNice
MisterNice is offline   Reply With Quote
Old Jul 8, 07, 6:28 pm   #3
 
Join Date: Nov 2002
Location: Richmond, Va, USA
Programs: US CP, *wood Gold, Marriott gold, Hilton something
Posts: 1,402
Its likely the virus will still be present and that the system restore may not work at all... in fact it could leave you worse off.

I've said this before and its often not what anyone wants to hear, but...
Your only real viable option is to backup all your files to an external or 2nd disk. Wipe the computer, re-install windows, install some good virus protection and then move the files back.

I did just this to a friends box that was severally compromised just this week.

Specifically, here are the steps I recommend.

1) Download Blink from eEye, install it on the infected computer and do a full scan. (its tempting to leave it at that and move on, but since you are infected, you can never trust the system again, you cannot even trust the Bink is reporting accurately) the goal here is to try and clean the files before you back them up, as a cautionary measure against bringing them back over to the new system.
2) copy your documents and settings to a 2nd drive or external USB drive. I actually like the built in "transfer settings" wizard that its in the Accessories folder in the start menu. It will do all the hard work, including copying in-use protected files
3) wipe the drive, format it during a fresh install of windows
4) Install the latest service packs and updates
5) install Blink from eEye again ... this is the best virus/malware/intrusion detection software out there, period.
6) bring your files back over... either through the transfer wizard again, or by manually copying
7) re-install programs

Its not a fun process at all...it sucks in fact. But its the only way to know that your system is clean. Blink will do an amazing job of keeping you clean and safe going forward. But you might also take the time to change a few habits and processes...install Firefox, or use the VMware Player and a browsing appliance (www.vmware.com) ... start making weekly backups, etc

Good luck!
__________________
NickDawson.net
twitter | photos | dopplr
SpaceBass is offline   Reply With Quote
Old Jul 8, 07, 7:30 pm   #4
FlyerTalk Evangelist
 
Join Date: Sep 2000
Programs: UA Million Miler (lite). NY Metro area.
Posts: 13,096
We'll give it a go tomorrow. Wish me luck. Otherwise, iMac, here we come.

dh
dhammer53 is offline   Reply With Quote
Old Jul 8, 07, 7:34 pm   #5
 
Join Date: Sep 2003
Location: Rockville MD USA
Programs: UA former 1K MM
Posts: 2,181
Do you have any idea which virus?
There are a bunch of specific tools here:
http://www.f-secure.com/security_cen...val_tools.html
and you can downlaod an evaluation version of their product here:
http://www.f-secure.com/home_user/su...s/evaluations/
redburgundy is offline   Reply With Quote
Old Jul 8, 07, 9:13 pm   #6
FlyerTalk Evangelist
 
Join Date: Jun 2005
Posts: 17,737
And then get yourself some anti-virus software.

AVG still has a free version.
Loren Pechtel is offline   Reply With Quote
Old Jul 9, 07, 6:18 am   #7
 
Join Date: Nov 2002
Location: Richmond, Va, USA
Programs: US CP, *wood Gold, Marriott gold, Hilton something
Posts: 1,402
Quote:
Originally Posted by Loren Pechtel View Post
And then get yourself some anti-virus software.

AVG still has a free version.
The Blink product http://www.eeye.com/html/index.html that I mentioned above is free for the first year and then somewhere around $25/year.

I'm still blown away by how powerful yet lightweight it is... I'd recommend it over anything else that I've tried.

My second choice is ClamWin - free as in speech followed by AVG's free version...

As we all know, Norton is a virus in and of itself
__________________
NickDawson.net
twitter | photos | dopplr
SpaceBass is offline   Reply With Quote
Old Jul 9, 07, 8:31 am   #8
 
Join Date: Jul 2004
Programs: CO Gold; SPG Gold***; AvisFirst;
Posts: 3,971
One other approach - a bit safer.

Install a fresh copy of Windows (preferably to a different drive or partition). If the same drive/partition, choose to install into a different directory (like c:\safeboot). Not a bad time to purchase a second hard drive, IMHO. Do not access anything on the infected drive/partition (unless you install to the same drive, in which case you have no choice).

Install your virus scanner and update to current definitions.

Update Windows with all current security patches (windows update).

Scan & clean. Note: by booting to an alternate Windows, you can effectively clean system files.

Check the cleaned (or quarantined) files. If any seem to be critical windows files, copy a replacement from your safe windows to the "bad" one. (Alternatively, after cleaning, do an upgrade install of Windows on top of the "bad" install. As before, update with all security patches & make sure your virus scanner is installed and up to date).

This is why the TCO for Mac (or Linux) is probably way lower than for Windows.
mbreuer is offline   Reply With Quote
Old Jul 9, 07, 9:07 am   #9
 
Join Date: Feb 2000
Location: Menlo Park, CA, USA
Programs: UA 1MM 0P, AA, DL, *wood, Lifetime FPC Plat., IHG, HHD
Posts: 5,802
Virus

I would run a virus scan, the online version of bitdefender works well, free and runs background and memory too. Then, let it do its work, then download something like the AVG free product and run that.

Then, once all are done, then do the restore if all things are clear. then, run the bitdefender and AVG again.

Then, keep the AVG running forever!
nmenaker is online now   Reply With Quote
Old Jul 9, 07, 10:45 am   #10
 
Join Date: Aug 2002
Location: SJC
Programs: AA EXP
Posts: 3,686
Not sure to help in this situation, but I did want to mention backups again.

I'm a bit more geek than most, so this may not work for everyone -- but I dump an image of my HD to an external drive once a month -- and the drive can hold three images. Restoring an image will lose any new data you've saved -- but it will bring your machine back clean.

I had a laptop stolen last year on a Saturday; on Sunday I got another identical laptop we had at work -- Monday morning I walked into work with a fully operating machine. Since I don't store email on the laptop but on servers...I lost virtually nothing.

And as a mention for backups -- keep them separate from your computers for just those kinds of reasons. If the external drive had been inside my house, I am sure it would have gotten taken as well.

Steve
sllevin is offline   Reply With Quote
Old Jul 9, 07, 11:23 am   #11
 
Join Date: Jul 2004
Programs: CO Gold; SPG Gold***; AvisFirst;
Posts: 3,971
Quote:
Originally Posted by sllevin View Post
Not sure to help in this situation, but I did want to mention backups again.

I'm a bit more geek than most, so this may not work for everyone -- but I dump an image of my HD to an external drive once a month -- and the drive can hold three images. Restoring an image will lose any new data you've saved -- but it will bring your machine back clean.

I had a laptop stolen last year on a Saturday; on Sunday I got another identical laptop we had at work -- Monday morning I walked into work with a fully operating machine. Since I don't store email on the laptop but on servers...I lost virtually nothing.

And as a mention for backups -- keep them separate from your computers for just those kinds of reasons. If the external drive had been inside my house, I am sure it would have gotten taken as well.

Steve
Yes - backups are hugely important. But... if you're trying to recover from a virus, especially a new one, it's possible that the backups are infected. This typically happens when a signature update & subsequent scan (usually weekly) find the virus. The infection could be as old as the oldest useful backup. So, use the backup, but scan it from a clean machine before applying it.
mbreuer is offline   Reply With Quote
Old Jul 10, 07, 9:17 am   #12
 
Join Date: Jun 2005
Location: Near an airport
Programs: FB, EB, Delta, AC, PC, HH.
Posts: 1,991
Star by TURNING OFF RESTORE! If you go back the virus is till present. You won't remove it that way.

So TURN OFF RESTORE!

Then download a trial of an antivirus software that you plan to eventually purchase. Burn that on a disk as well so you have a back up.

Close browser and mail and anything you can think of.

Install antivirus. Run the updated and run a complete check of your system. Go away and have lunch/coffee and come back to see the results. If anything is moved to quarantine - delete.

Then go to symantec.com and download (for free) every concievable virus removal tool you can find. Burn them on a disk.

Get your computer OFF LINE so it is not connected to the internet anymore.

Run ALL of the removal tools (even if you have a tool for a virus that didn't get flagged) one after another.

Run your antivirus software and see if it finds anything. If it does - see if you have the tool for it and run it again. If not - go online and find the removal tool.

If you go about it as above you will not have to do a complete install. However - Once your system is cleaned I'd recommend you back up your files, format the hard drive and reinstall everything including the antivirus.

Also make sure your firewall is activated and get anti spyware while your at it. Including pop-up blockers.

This is what I used to do when I was working for a small ISP and servicing client computers.

Just note that for removal tools to efficiently work RESTORE MUST BE TURNED OFF!!

Then leave it off. Restore is evil. It is much better to get a good back up software/workflow and stick with that than using restore.

Remember - Restore is EVIL!

:-)
Emma65 is offline   Reply With Quote
Old Jul 10, 07, 10:32 am   #13
Original Member
 
Join Date: May 1998
Location: Rochester, NY USA
Posts: 1,133
Quote:
Originally Posted by Emma65 View Post
Star by TURNING OFF RESTORE! If you go back the virus is till present. You won't remove it that way.

So TURN OFF RESTORE!

Then download a trial of an antivirus software that you plan to eventually purchase. Burn that on a disk as well so you have a back up.

Close browser and mail and anything you can think of.

Install antivirus. Run the updated and run a complete check of your system. Go away and have lunch/coffee and come back to see the results. If anything is moved to quarantine - delete.

Then go to symantec.com and download (for free) every concievable virus removal tool you can find. Burn them on a disk.

Get your computer OFF LINE so it is not connected to the internet anymore.

Run ALL of the removal tools (even if you have a tool for a virus that didn't get flagged) one after another.

Run your antivirus software and see if it finds anything. If it does - see if you have the tool for it and run it again. If not - go online and find the removal tool.

If you go about it as above you will not have to do a complete install. However - Once your system is cleaned I'd recommend you back up your files, format the hard drive and reinstall everything including the antivirus.

Also make sure your firewall is activated and get anti spyware while your at it. Including pop-up blockers.

This is what I used to do when I was working for a small ISP and servicing client computers.

Just note that for removal tools to efficiently work RESTORE MUST BE TURNED OFF!!

Then leave it off. Restore is evil. It is much better to get a good back up software/workflow and stick with that than using restore.

Remember - Restore is EVIL!

:-)
Come one, what do you really feel about RESTORE
Larrude is offline   Reply With Quote
Old Jul 10, 07, 11:12 am   #14
 
Join Date: Jun 2005
Location: Near an airport
Programs: FB, EB, Delta, AC, PC, HH.
Posts: 1,991
Quote:
Originally Posted by Larrude View Post
Come one, what do you really feel about RESTORE
Restore is God's punishment to I.T. people. Restore is what virus makers count on as they know their virus will ressurect and do it's evil things. Restore is a virus created by microsoft and users are fooled to think it is not.

I really hate restore.

Apple is coming out with something similar in Leopard. Unless it is really really really good I am so not going to activate it on my mac.

Oh yeah - the best advice is actually folow my list of what to do, back up files, reinstall PC, sell PC, buy Mac, put files on Mac.

*ducking*
Emma65 is offline   Reply With Quote
Old Jul 10, 07, 12:20 pm   #15
 
Join Date: Jul 2004
Programs: CO Gold; SPG Gold***; AvisFirst;
Posts: 3,971
Quote:
Originally Posted by Emma65 View Post
Star by TURNING OFF RESTORE! If you go back the virus is till present. You won't remove it that way.

So TURN OFF RESTORE!

Then download a trial of an antivirus software that you plan to eventually purchase. Burn that on a disk as well so you have a back up.

Close browser and mail and anything you can think of.

Install antivirus. Run the updated and run a complete check of your system. Go away and have lunch/coffee and come back to see the results. If anything is moved to quarantine - delete.

Then go to symantec.com and download (for free) every concievable virus removal tool you can find. Burn them on a disk.

Get your computer OFF LINE so it is not connected to the internet anymore.

Run ALL of the removal tools (even if you have a tool for a virus that didn't get flagged) one after another.

Run your antivirus software and see if it finds anything. If it does - see if you have the tool for it and run it again. If not - go online and find the removal tool.

If you go about it as above you will not have to do a complete install. However - Once your system is cleaned I'd recommend you back up your files, format the hard drive and reinstall everything including the antivirus.

Also make sure your firewall is activated and get anti spyware while your at it. Including pop-up blockers.

This is what I used to do when I was working for a small ISP and servicing client computers.

Just note that for removal tools to efficiently work RESTORE MUST BE TURNED OFF!!

Then leave it off. Restore is evil. It is much better to get a good back up software/workflow and stick with that than using restore.

Remember - Restore is EVIL!

:-)
Actually, you should never count on the integrity of any part of the system you're trying to recover. Do NOT download and make disks of the anti virus software on the infected machine. You'll likely end up with infected cd's. Also, you really want to boot from something clean. You could even install a minimal Window's partition onto a USB drive (if you can't boot from an external USB drive, you can install a new boot loader (grub, for example, or a multitude of commercial offerings) which redirect booting to the usb device.

You really want to do the scan from a clean system. That will, btw, usually detect infections in the RESTORE area. Doesn't make restore useful, but prevents re-infection.
mbreuer is offline   Reply With Quote
 
 
Reply

Bookmarks


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off
Forum Jump


All times are GMT -6. The time now is 12:04 pm.