How to remove malware using System Restore
Malware can be one of the most frustrating things to get rid of and can be especially painful and time consuming trying to scan a computer and find infected files and clean the system to a point where it is stable once again. Then there is always the thought about whether or not you truly got rid of the infection. One of the underutilized features to get rid of Malware that is built right into Windows is the System Restore functionality. System Restore takes “snapshots” of your system most of the time before critical updates are installed. So most of the time Windows takes care of system restore points for you. However, you can create your own restore point manually by running the System Restore utility.
Most of the time, when a system becomes infected with Malware, you should be able to find a restore point which will take your system back prior to the Malware infection which effectively eliminates it. Many times, users don’t think about the system restore feature when trying to get rid of Malware. They simply start trying to run scans and find infected files and clean the system instead of returning it to a pre-malware point in time.
Before Restoring
I want to mention this – Some Malware infections are very tenacious and may disable the ability to even use Windows Explorer or launch programs. It is always a good idea to start Windows in Safe Mode before proceeding with System Restore or before attempting to clean your system. This way, most likely all malicious software will not be running when you are in the safe mode shell. To get into Safe Mode on most Windows systems, simply hit F8 while the machine is starting Windows. Most of the time, start hitting F8 after the machine POSTS and right before it starts displying the Windows logo and you will then be presented with the Safe Mode boot options.
Choose either Safe Mode or Safe Mode (with networking) if you need network access.
How to use System Restore
Before we begin, what files does System Restore affect? Straight from the Windows help file:
“System Restore affects Windows system files, programs, and registry settings. It can also make changes to scripts, batch files, and other types of executable files created under any user account on your computer. System Restore does not affect personal files, such as e-mail, documents, or photos, so it cannot help you restore a deleted file. If you have backups of your files, you can restore the files from a backup.”
Using System Restore is very easy and quite intuitive. System restore is found under the System Tools of the Accessories menu in Windows. If you are a command line person, like me, you can also easily get to it without having to navigate through the Windows menus, by typing rstrui.exe at a run or search menu.
When you launch System Restore and then hit the Next button, you will then be presented with the screen allowing you to see and choose your restore points. By default, the System Restore will only show the latest restore points. You can select the check box button at the bottom left to Show more restore points which will show other available restore points. Choose the restore point you want to revert to and click Next.
The next screen will have you confirm your selection. You still have the option to either Cancel or go Back if you think you selected the wrong restore point.
Final Thoughts
System Restore is a great way to rid your computer system of a Malware infection. Often times this is one of the cleanest ways. Many may forget about the System Restore functionality. However, if you are suffering from a really severe Malware infection that has taken over your system and you don’t have the time to spend trying to figure out how to clean it up, leverage the System Restore feature.