Support in other languages: 
Showing results for 
Search instead for 
Do you mean 
Reply
Punch Card
ohno
Posts: 30
Registered: ‎06-28-2008
Location: Southeast United States
0
Accepted Solution

Spyware in System Volume on new machine

My new machine is on line now and so far only been to sites known safe.

 

To my surprise when I installed my spyware program it found a file it considered spyware in one of my system volume (system restore) files.

 

This file was not found in any other location on the computer. That leads me to wonder how this may have happened.

 

Any ideas?

 

I sent a copy of the file to the company to be analyze to verity if this is a false positive.

 

Thanks

buddinggeek
Posts: 2,856
Topics: 105
Kudos: 141
Blog Posts: 0
Solutions: 119
Registered: ‎02-22-2008
Location: Texas A&M University, Commerce
0

Re: Spyware in System Volume on new machine

hi ohno welcome to the forums

 

yes its ofcourse possible that spyware might have crept in to ur system un notice.you must notice that windows makes a snapshot of all files(system info) for every 60 days may be the malware got in as well the first thing you have to do is

 

DISABLE SYSTEM RESTORE IMMEDIATLY

 

other wise it will return once you have used system restore






Cheers and regards,
• » νιנαソѕαяα∂нι ѕαмανє∂αм ™ « •
Think : T410,X220T,Thinkpad Yoga
Idea :3000H,Z500,U410,Yoga 11, Yoga tab 10,Horizon
●๋•کáŕádhí'ک díáŕý ツ


I am a volunteer here. I don't work for Lenovo
Punch Card
ohno
Posts: 30
Registered: ‎06-28-2008
Location: Southeast United States
0

Re: Spyware in System Volume on new machine

I fully under how Windows XP works and how system resotre works. I maintain many of these systems for my job. What I don't understand is how I have a spyware item in a restore point that was created before this machine ever went on line.
Punch Card
ohno
Posts: 30
Registered: ‎06-28-2008
Location: Southeast United States
0

Re: Spyware in System Volume on new machine

No longer an issue. I hated this machine for the approximatly 3 weeks I have owned it. Decided to reformat and not reinstall all the junk.

 

All is well.

Bugbatter
Posts: 754
Registered: ‎05-01-2010
Location: USA

Re: Spyware in System Volume on new machine

[ Edited ]

Lenovo has recently opened this Security & Malware Forum so older topics are being relocated to here. I'd like to include a bit more regarding System Restore for members who come across this discussion today.

It is preferable to clean the system >disable System Restore > immediately reboot and enable it again. Why not before cleaning? That is because a dirty Restore Point is better than none at all. Malware that is in System Restore cannot get out. A user cannot be re-infected by a file that is in System Restore, unless, as mentioned above, he manually runs System Restore to revert to when he was infected.  We've also had people tell us that they disabled System Restore to run routine virus scans, and have forgotten that they have done so. Thus, they have been left with no System Restore Points for long periods. You can imagine what a problem that would be! :smileysurprised:


If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.

Microsoft MVP - Consumer Security

SpywareHammer