Is what you do in safe mode permanent and irreversible?

Question

For example, if you are convinced that you just got a virus today, and no time before that. You've backed up everything you need, and your computer allows you to restore it back to 3 days ago. (System restore under Windows 7) 

Let's say I deleted the virus after I found it, under safe mode, is that permanent? After that, I'd restore my computer to it's state 3 days ago (under the rule "won't affect your files and documents") how does Windows know what are "files" and not protect viruses from being "restored" to non-existent?

I WOULD love for my restoration and deletion to be irreversible and permanent, would being in safe mode ensure this? Or what would?

Lastly, can I create new restore points? (Such as set new restore points every week, every day?)

Chris G · Accepted Answer

Most viruses survive a restore back to a previous time.  Files are not altered by system restore, only the registry.  To get rid of the virus properly, you need to download, install, update and do a full scan with either SUPERAntiSpyware (SAS) or MalwareBytes Anti-Malware (MBAM) (or both, even -- but one at a time), and let them remove whatever they find.  Make sure you turn off System Restore before you do this.  You'll most likely need use Safe Mode, and you may need to download them on another computer if your internet access is compromised.  You may also need to run rkill to kill the malware process, and maybe rename the SAS and Malwarebytes executables' file names as well.

SAS download:  http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe
MBAM download:  http://majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26
Rkill download:  http://www.bleepingcomputer.com/download/anti-virus/rkill
  
There are excellent tutorials on this at Bleeping Computers:

SAS tutorial:  http://www.bleepingcomputer.com/virus-removal/how-to-use-superantispyware-tutorial
MBAM tutorial:  http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial
Rkill tutorial:  http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial#rkill

Once it's cleaned up, install a good hosts file to help block unwanted popups, parasites, adware and spyware.  You can read about, download and install an excellent one from http://www.mvps.org/winhelp2002/hosts.htm   This hosts file blocks hundreds of known malicious URLs.  I've been using one from this website for several years now and rarely get popups and annoying ads.  Revisit the page every couple of months as it is updated from time to time with new sites.

Also, never use an administrator account for day-to-day use.  Always use a Standard or Limited account.  This will limit the amount of damage these things can do, and prevent them from installing by themselves.

Additional Details
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Yes, the registry is one of the places harm is done.  System Restore is an attempt to undo any harm.

Yes, MBAM free version is quite adequate.  The only thing you really get with the full paid version is a resident scanner, but a manual scan ever so often is fine.

vespa · Answer

You quite must gain knowledge of what secure mode is. Its a elementary mode, most effective the fundamental drivers, methods etc which are used to run home windows are loaded (because of this your display good seem distinctive). You do not have got to run your anti-virus in secure mode. It possibly a bit less complicated (no longer as many methods going for walks, might blank a few methods less complicated) Then whenever you reboot (flip off your pc) it good boot identical to usual till you hit the f8 and decide on to enter secure mode.

Trending News

Is what you do in safe mode permanent and irreversible?

2 Answers