I client brought an infected machine to me which I cleaned up with my normal process. After the clean up I continued to get warnings about spyware and virus activity from system restore files. Here is how to remove those files to eradicate the virus completely. There are 2 ways to do this, I prefer the first way here.
System Restore slider feature
- Click Start, point to Settings, and then click Control Panel.
- Double-click System, and then click System Restore Tab.
- Next click settings
- Move the slider to the Min posistion.
- Cick OK/Apply and restart the computer.
- This will purge the sys restore data.
- After restart return the slider back to desired amount.
Manually Purge the Data Store
To completely and immediately remove the infected file or files in the data store, disable and re-enable the System Restore feature.
WARNING: Using the following steps will completely remove all restore points from the data store. Do not use this method if this will cause problems. When you enable the System Restore feature again, the System Restore feature will create a new restore point and then resume monitoring your computer.
|1.||Click Start, point to Settings, and then click Control Panel.|
|2.||Double-click System, and then click the Performance tab.|
|3.||Click File System, and then click the Troubleshooting tab.|
|4.||Click to select the Disable System Restore check box, click Apply, click to clear the Disable System Restore check box, click Apply, and then click OK.|
|5.||Restart the computer when you are prompted to do so. When the computer restarts, the data store is purged and the System Restore feature begins monitoring the system again.|