cancel
Showing results for 
Search instead for 
Did you mean: 
stephe
Level 8

Turn off System Restore before running stingers and GetSusp -- or not?

I don't know how politically incorrect it is to ask this question

here, but I feel a need to.

McAfee recently found a trojan on my computer during a scheduled

scan.  At the Anti-Spyware, Malware & Hijacker Tools page at

https://community.mcafee.com/docs/DOC-2168 and its related page

Required Reading - Home User Assistance Malware Troubleshooting

at https://community.mcafee.com/docs/DOC-1294 it is suggested

that McAfee subscribers use the following protocol:

01 run Windows update

02 update McAfee

03 download McAfee's Stinger and McAfee's Fake Alert Stinger

04 download GetSusp

05 boot up in Safe Mode with Networking Support

06 turn off System Restore

07 update each stinger and update GetSusp

08 run a McAfee scan

09 run McAfee's Stinger

10 run McAfee's Fake Alert Stinger

11 run GetSusp

12 run Malwarebytes' Anti-Malware

13 boot up in regular mode

14 turn on System Restore

About three years ago, I had trouble with system glitches after

McAfee had removed four copies of a trojan.  I thought everything

was fine, so I turned off System Restore -- to flush any possible

copies of the trojan out of the System Restore Archives -- then

re-enabled System Restore.

Shortly after that, someone told me to go to my C:\WINDOWS\system

and C:\WINDOWS\system32 folders and search for items that had

been changed on the same date and same time as the trojan

infection occurred.  Lo and behold, about six folders-worth of

files had been affected or created.  Since System Restore had

been disabled on a date after the trojan had occurred, however, I

was stuck with my present system configuration. 

I wish I hadn't switched off System Restore after McAfee having

removed the trojan, but had instead used System Restore to return

My system to a time prior to the infection, then run McAfee and

Malwarebytes again, and maybe then turned off System Restore if

McAfee found a copy of the trojan in an archived System Restore

file -- something which I've seen McAfee do in the past.

What I would like to ask is whether the following approach to

Scanning for and eliminating a trojan might not be as good if not

better than the approach suggested by McAfee's online

documentation:

01 run Windows update

02 update McAfee

03 download McAfee's Stinger and McAfee's Fake Alert Stinger

04 download GetSusp

05 boot up in Safe Mode with Networking Support

06 update each stinger and update GetSusp

07 run a McAfee scan

08 run McAfee's Stinger

09 run McAfee's Fake Alert Stinger

10 run GetSusp

11 run Malwarebytes' Anti-Malware

12 if any malware is found, boot up regularly

13 use System Restore to go to a date before the trojan arrived

14 boot up in Safe Mode with Networking Support again

15 turn off System Restore

16 run McAfee's Stinger

17 run McAfee's Fake Alert Stinger

18 run GetSusp

19 boot up in regular mode

20 turn on System Restore

I don't like the idea of "burning your bridges" by turning off

System Restore while System Restore might yet provide assistance

in restoring one's system to a safer environment than would be

possible if System Restore had been disabled before McAfee,

GetSusp, and Malwarebytes did their follow-up work.

Or am I somehow missing the point?

0 Kudos