Computer and Software Support


System keeps getting reinfected by a virus

If your anti-virus software detects a virus on your Windows Me, Windows XP, or Windows Vista operating system and reports that it cleaned the system of the virus, and then you get infected by the same virus again over and over, then you will need to delete your restore points. 

 

 For discussion, I am going to make up a virus name of Lawson. The anti-virus finds the Lawson virus, notifies you about it and then removes it. You scan the system again to make sure it is clean. The anti-virus software will tell you the system is clean. Then hours or days later, you get notified that you got infected by the Lawson virus again. You keep removing the virus, but it keeps coming back. Below is one of possible causes of this.

 

Windows makes a copy of your system in the event that you have a problem. This way you can return the system to a date before the problem began.  In order to keep the restore point from getting altered and rendered helpless, windows will not let anything touch the restore point. This protection doesn't go both ways. The operating system will not let anything touch the restore point but doesn't keep the restore point from touching the system. This means that your anti-virus software can't scan that point. If you had a virus on the system when it made the restore point, that restore point will have the virus in it.  The anti-virus software will clean the system and report that the virus has been removed, but then the restore point will re-infect the system. This is because the anti-virus software has no access to the restore point and therefore cannot detect the virus that is stored in it. You do not have to open the restore point for the restore point to re-infect the system. The virus in the restore point will infect the system on its own.

 

Note: After deleting the restore points, you will have no restore points to use in the event your system crashes until more restore points are made.

 

WARNING!

You should back up your important files before doing any of these steps. Virus can alter settings and there is always a risk of data loss when you try to remove a virus. After you back up your data, be sure to scan it for viruses before putting it back on the system.

 

This puts the system at risk when you turn off the system restore. Below is a suggested method of protecting yourself but yet get rid of infected restore points.

 

  1. Turn off System Restore to delete the restore points.

  2. Once they are turned off, turn System Restore back on

  3. Create a Restore Point

  4. Scan the system for viruses and spyware. If you need guidance, use the Virus Troubleshooter

  5. Once you determine the system is clean, delete the restore points again.

  6. Then turn System Restore back on

  7. Create a Restore Point

This way the infected system restore point has been cleared and hopefully will not re-infect the system. However, there is a chance that a restore point will be created while you are doing a scan and before the scan can get rid of the virus, so there is a possibility of an infected restore point could be created. This would mean your problem could continue. You may not discover the issue for a couple of hours or a day. If you see that your still getting infected, you may have to turn off the System Restore and leave it off while you scan your system. Once you determine your system is clean, then turn System Restore back on. Be sure to manually create a restore point.

 

The best way to deal with the virus issue is to leave the restore points turned off and all points deleted till the system is clean. The only drawback about that is that you leave your system unprotected. If it was me, I would not enable system restore and delete all points, scan your system and then enable it. This is a decision the owner will have to make.

 

WARNING!!!

 Viruses and spyware can alter system settings, cause data loss, or irreversible damage to your operating system. Sometimes by removing the virus will cause the system not to work or perform worse. Sometimes the only way to fix the issue is to re-install the operating system. This is not always the case but can happen. You should back up your important files in the event the infection causes loss of data or unable to boot into Windows. Be sure to scan the files after you back them up to be sure they are clean.

 

The above warning is important if you turn off the system restore and leave it off while you scan for viruses and spyware. Sometimes the removal of spyware and viruses can cause the system to have issues. If you have the system restore off and something goes wrong, you won't be able to access your data to back it up, so please back it up before hand.

 

If you are still getting an infection, it could be from the following