Most PC users are familiar with the System Restore feature available in Windows OS versions ME, XP and Vista onward. Unfortunately when problems happen to their PCs it is usually not the first solution relied on to repair it. I am one of them and often rely on netizens help whenever I find my PC running very slow, corrupted or infected by malwares. And the solutions offered are usually to run some utilities programs to clean the registry or instal security softwares, if not already done, to heal the PC. In the difficult cases of malicious attacks by certain self mutating viruses that creep into the system surreptiously via the Internet or thumbdrives or SD cards, advices are usually to manually seek out offending registry entries and delete them. But this method is laborious and not very successful. And it require courage and technical knowledge to decide what can be safely deleted. Removing critical entries or system files can stop the Windows from operating when it is next restarted. I am writing from personal experience that mistakes cost me both time and embarrassment for being a novice trying to handle a man size job.
A few days ago a family member cried to me her laptop has been compromised by a vicious virus of the Trojan Horse family and multiple attempts to search and destroy failed to rid it. This particular strain is very intelligent and know how to duplicate the environment it works under. I happened to visit and thought I'd give it a go attempting the rescue and repair. Having identified the services.com file in the systems32 folder as the program exploited by the virus I moved it out onto the desktop thinking that without the file in the said folder the TH won't be able to run. I was wrong. When windows rebooted, it realized the services.com file was missing and requested it be repaired. I refused. After being prompted twice and ignored the laptop rebelliously decided to repair itself and lo and behold I found the services.com file disappeared from the desktop and back inside the systems32 folder! In short I believe the virus, or maybe Windows itself, know where the critical file reside. I'm more sure it is the work of the virus as I have not seen Windows to be this intelligent. It would state the missing file name and ask to be given the location to copy the file from instead.
Several attempts to heal the laptop using online tips failed. Security softwares detect the threat but were unable to remove them completely. It was then that I thought of System Restore. Getting the consent to 'go back in time' I chose the July 20 Restore Point which was the oldest and pray that it wasn't infected. The laptop took awhile to restore critical files saved. All programs installed after July 20 disappeared, and so does the Trojan Horse! A full system scan using the latest set of Norton Security program didn't detect any infections in more than 500,000 files scanned. It was a real relief that the laptop was brought back to health again this way without having to reformat and reinstall the Windows and the application softwares. A manually created Restore Point was made to mark where the laptop can be safely recovered from should it become attacked again.
The System Restore is among the most useful features of Windows and I personally recommend PC users to periodically force a manual restore point after unwanted softwares are uninstalled and thereafter the registry cleaned by program like CCleaner.