2
Many infections, and Trojans in particular, embed themselves in System Restore and any further use of that feature may well bring back malware-infected files you don't want, even after what appears to be a successful cleanup.
At this point I emphasise that this should always be the final step and not a preliminary. If something goes wrong during cleanup, deleting restore points will leave you with no way to reverse any actions. Leave System Restore in place until your computer is clean and stable then get rid of the old infected restore points.
By default Windows allocates an average 12% of hard disk space for system restore points; once this quota has been reached it will automatically delete the oldest restore point and so on. Some users reduce this quota (200MB being minimum) to help increase the amount of free space available but I would only recommend using that option as a last resort.
Deleting the restore points is a simple process of turning off System Restore - don’t forget to turn it back on again
:In XP.
Go to Start\Control Panel\System and in the ‘System Properties’ window click on the System Restore tab. Now you should see an option to Turn off System Restore. Just place a checkmark (left click) in the adjacent box and click on the Apply button. To turn back on; simply navigate to the same location, remove the checkmark and click on Apply.
In Vista.
Go to Start\Control Panel\System and in the left-panel under Tasks click on System Protection. Now, under Automatic Restore Points, you should see the main drive (C) listed with a checkmark in the adjacent box. Just remove the checkmark (left click) and click on the Apply button. To turn back on; navigate to the same location, replace the checkmark and click on Apply.
There is no facility for deletion of individual restore points but there is a way to delete all restore points except for the most recent one: Go to Start\All Programs\Accessories\System Tools\Disk Cleanup and click on the More Options tab. Now click on the Cleanup button under 'System Restore'.
Please use these features sparingly. Contrary to advice from many ‘experts’, I believe System Restore to be the average user’s best friend and often the easiest and quickest way to ‘fix’ simple errors. If, however, you have just finished cleaning up a heavily infected machine or your virus/spyware scanner persistently identifies an infection which has previously been reported as deleted…I recommend removing all saved restore points as per the above procedure.
