0 Replies Latest reply on Nov 17, 2011 7:26 PM by stephe

    Turn off System Restore before running stingers and GetSusp -- or not?

    stephe

      I don't know how politically incorrect it is to ask this question

      here, but I feel a need to.

       

      McAfee recently found a trojan on my computer during a scheduled

      scan.  At the Anti-Spyware, Malware & Hijacker Tools page at

      https://community.mcafee.com/docs/DOC-2168 and its related page

      Required Reading - Home User Assistance Malware Troubleshooting

      at https://community.mcafee.com/docs/DOC-1294 it is suggested

      that McAfee subscribers use the following protocol:

       

      01 run Windows update

      02 update McAfee

      03 download McAfee's Stinger and McAfee's Fake Alert Stinger

      04 download GetSusp

      05 boot up in Safe Mode with Networking Support

      06 turn off System Restore

      07 update each stinger and update GetSusp

      08 run a McAfee scan

      09 run McAfee's Stinger

      10 run McAfee's Fake Alert Stinger

      11 run GetSusp

      12 run Malwarebytes' Anti-Malware

      13 boot up in regular mode

      14 turn on System Restore

       

      About three years ago, I had trouble with system glitches after

      McAfee had removed four copies of a trojan.  I thought everything

      was fine, so I turned off System Restore -- to flush any possible

      copies of the trojan out of the System Restore Archives -- then

      re-enabled System Restore.

       

      Shortly after that, someone told me to go to my C:\WINDOWS\system

      and C:\WINDOWS\system32 folders and search for items that had

      been changed on the same date and same time as the trojan

      infection occurred.  Lo and behold, about six folders-worth of

      files had been affected or created.  Since System Restore had

      been disabled on a date after the trojan had occurred, however, I

      was stuck with my present system configuration. 

       

      I wish I hadn't switched off System Restore after McAfee having

      removed the trojan, but had instead used System Restore to return

      My system to a time prior to the infection, then run McAfee and

      Malwarebytes again, and maybe then turned off System Restore if

      McAfee found a copy of the trojan in an archived System Restore

      file -- something which I've seen McAfee do in the past.

       

      What I would like to ask is whether the following approach to

      Scanning for and eliminating a trojan might not be as good if not

      better than the approach suggested by McAfee's online

      documentation:

       

      01 run Windows update

      02 update McAfee

      03 download McAfee's Stinger and McAfee's Fake Alert Stinger

      04 download GetSusp

      05 boot up in Safe Mode with Networking Support

      06 update each stinger and update GetSusp

      07 run a McAfee scan

      08 run McAfee's Stinger

      09 run McAfee's Fake Alert Stinger

      10 run GetSusp

      11 run Malwarebytes' Anti-Malware

      12 if any malware is found, boot up regularly

      13 use System Restore to go to a date before the trojan arrived

      14 boot up in Safe Mode with Networking Support again

      15 turn off System Restore

      16 run McAfee's Stinger

      17 run McAfee's Fake Alert Stinger

      18 run GetSusp

      19 boot up in regular mode

      20 turn on System Restore

       

      I don't like the idea of "burning your bridges" by turning off

      System Restore while System Restore might yet provide assistance

      in restoring one's system to a safer environment than would be

      possible if System Restore had been disabled before McAfee,

      GetSusp, and Malwarebytes did their follow-up work.

       

      Or am I somehow missing the point?