Karl's Windows Admin Tips & Tricks

Jan 14 2011   7:16AM GMT

Use system restore to defeat evil fake antivirus apps.

Karl Gechlik Karl Gechlik Profile: Karl Gechlik

I helped restore a buddys virus ridden xp dell laptop yesterday. We could not open system restore, malwarebytes or any other security applications. I burned a shortcut to system restore and burned it to a cd. I was able to launch system restore from there and succesfully restore to right before the infection. Take that fake anti-virus! The shortcut was pointing to the file rstrui.exe. That is the file name for system restore.

Since most malware will allow the system to run Internet Explorer, we have also had some success by changing the name of the file you want to run to iexplore.exe. Sometimes this will work even if the system won’t let you run any other executeables. Would be interesting to know if this would have worked in this case, renaming rstrui.exe to iexplore.exe and attempting to fire it off.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: