FlyerTalk Forums - View Single Post - I got a virus. How do I 'restore' my computer to the day before
Old Jul 8, 2007, 6:28 pm
  #3  
SpaceBass
 
Join Date: Nov 2002
Location: San Francisco, CA
Programs: US CP, *wood Gold, Marriott gold, Hilton something
Posts: 1,458
Its likely the virus will still be present and that the system restore may not work at all... in fact it could leave you worse off.

I've said this before and its often not what anyone wants to hear, but...
Your only real viable option is to backup all your files to an external or 2nd disk. Wipe the computer, re-install windows, install some good virus protection and then move the files back.

I did just this to a friends box that was severally compromised just this week.

Specifically, here are the steps I recommend.

1) Download Blink from eEye, install it on the infected computer and do a full scan. (its tempting to leave it at that and move on, but since you are infected, you can never trust the system again, you cannot even trust the Bink is reporting accurately) the goal here is to try and clean the files before you back them up, as a cautionary measure against bringing them back over to the new system.
2) copy your documents and settings to a 2nd drive or external USB drive. I actually like the built in "transfer settings" wizard that its in the Accessories folder in the start menu. It will do all the hard work, including copying in-use protected files
3) wipe the drive, format it during a fresh install of windows
4) Install the latest service packs and updates
5) install Blink from eEye again ... this is the best virus/malware/intrusion detection software out there, period.
6) bring your files back over... either through the transfer wizard again, or by manually copying
7) re-install programs

Its not a fun process at all...it sucks in fact. But its the only way to know that your system is clean. Blink will do an amazing job of keeping you clean and safe going forward. But you might also take the time to change a few habits and processes...install Firefox, or use the VMware Player and a browsing appliance (www.vmware.com) ... start making weekly backups, etc

Good luck!
SpaceBass is offline