patndoris TechnoGeek

Many antivirus programs and online scanners will locate malicious items in your system restore points.  It’s great that they find them - that means they are doing their job.  And most will kindly offer to clean that item for you. But, and this is a big but - if you allow them to remove anything from your system restore points, you risk corrupting the point itself rendering it unusable.

In the malware removal world, an infected restore point is better than no restore point at all.  Today, my Microsoft Security Essentials identified something in a system restore point it felt was malicious.  I wasn’t paying attention and tried to clean it.  Then, I was faced with a backup that wouldn’t complete.  Thankfully, I was able to allow the file the next time I tried the back up and my image completed with no problems at that point. 

I’m not terribly worries about a malicious item in a restore point, because unless you actually use that restore point to bring back your system to a previous state, it’s not active - it won’t be a problem to leave it there.  If you find a system restore point is infected, I’d suggest just creating a new point after you’ve cleaned up.  Then you can delete the old ones with no worries (or just leave them there and make a mental note not to use them unless absolutely necessary.)