Skip to main content

How to use System Restore to Remove Viruses

On Windows XP, Vista and Windows 7 machines, there is a feature called System Restore.
It’s normally enabled by default and takes snapshots of your system files and registry settings.

I have used it on several occasions to repair a machine that had a virus/malware infection.

It can be very difficult to repair a virus or malware because as soon as the computer starts up, the virus gets loaded into memory and depending on the virus, it can prevent your attempts at removing it.

Luckily the viruses that I saw were not too harmful. It’s only just annoying.

You can try the following steps.

First shutdown your computer. Turn on the computer again but start it up in Safe Mode. To get into safe mode, you need to press the F8 key so it can display a list of startup options. This can be tricky so I usually hit the F8 key as soon as the computer starts and just keep hitting it until the startup options come up.

Select Safe mode from the list.

Once you have started the computer in Safe mode, go into Start->All Programs->Accessories->System Tools->System Restore.

Choose a system restore point previous to the date that you were infected with the virus.

When your computer restarts, in theory you will not see the virus or malware loading up.

This is the time now to install or update your anti-virus program and signatures. Run a full scan of your hard disk. Install the anti-malware products like Spybot or Malaware Bytes, update the signatures and scan your whole disk.

That should be it.

However, if you find that you haven’t been able to get rid of the virus or malware with System Restore, then the next step is to find it’s name or symptom or message. You can then Google to find out how to remove that particular virus. If after this you still aren’t able to remove the virus, then you will most likely need a computer professional to do it.


Popular posts from this blog

How To Migrate Mailboxes from Exchange 2010 to Exchange 2016 using PowerShell

The Scenario

Your organisation have decided to migrate from Exchange 2010 to Exchange 2016. The Exchange 2016 server have been installed into your current Exchange Organization. The Mailbox role have been installed on the Exchange 2016 server and you are ready to start moving mailboxes from the Exchange 2010 server to the Exchange 2016 server.

Migrating a Mailbox from Exchange 2010 to Exchange 2016

Using New-MoveRequest

Migrating a single mailbox involves invoking the cmdlet New-MoveRequest from the Exchange Management Shell on the Exchange 2016 server. Make sure that your user account that you have logged into the server with have the Organization Management role.

The common parameters that I use for the New-MoveRequest cmdlet is :

New-MoveRequest -Identity '' -TargetDatabase "DB02" -BadItemLimit 10

The -Identity parameter identifies the mailbox to be migrated. I usually use the e-mail address of the mailbox for the identity since it's uniqu…

How to Schedule an Exchange PowerShell Script in Task Scheduler

Exchange Management Shell
Since Exchange 2007, Microsoft has provided the Exchange Management Shell so administrators can manage all aspects of the Exchange server from the command line.

The Exchange Management Shell has Exchange specific PowerShell cmdlets. These Exchange cmdlets are not normally available in an ordinary PowerShell command environment.

An example of what can be done in the Exchange Management Shell is to run a PowerShell script to list all the mailboxes on the Exchange server to a file. You can output columns based on display name, size of the mailbox, last logon, and other available mailbox attributes.

You can also schedule a batch migration of mailboxes from one database to another such as the migration of mailboxes from Exchange 2010 to Exchange 2013.

Scheduling the PowerShell Script

Once you have written a PowerShell script and utilised the Exchange cmdlets, you can run it with no problems inside the Exchange Management Shell. If you were to try to run it under a …

Getting a List of Installed Applications on Local and Remote Computers


A few months ago, I was asked to have a look at a PowerShell script which was supposed to be able to list installed applications on the local and remote Windows computers on the network.

The script was from the Microsoft Gallery site.

Here is the original script, with explanations of what it's supposed to do.

Unfortunately if you run the script, it will only list the applications installed on the local PC but outputs the same results for all the computers that you are trying to inventory.

I found that the program was very well structured so perhaps the author did this on purpose. Anyhow, I modified the Function FindInstalledApplicationInfo($ComputerName)
and used .NET's remote registry functions in place of the original PowerShell registry functions which looks at the local registry only. In this way, the .NET's remote registry functions can look at the local re…