XP Avast has deleted all my Restore points

4.8 Home Edition
Windows XP Home Edition Service pack 2

Avast was doing a virus scan and it found a file it didn’t like in my restore folder. I wanted to see its name but, when the file path is long, the Avast window won’t stretch wide enough to show it. I tried to open the restore folder but couldn’t. It was like it was locked. I didn’t want to delete the file so I hit ‘Continue’, intending to have a look at the folder and check some restore points’ dates when Avast had finished its scan.

When it finished, Avast downloaded the latest update and told me it need to restart Windows. When Windows was back up I opened System Restore and found there were no restore points.

Where did they go?

PeeBee

If an anti-virus deletes a virus in System Restore, that restore point is no longer usable by Windows. Create a clean restore point.

First avast doesn’t delete anything automatically, it scan and alerts to infection, you the user choose what action avast should take.

Continue, does as it says on the tin, it continues with the scan and doesn’t take any other action, so the restore point should have remained in the system volume information folder.

So unfortunately I don’t know what happened, system restore is far from perfect (I have mine disabled, but I do have other options) and it is possible that this is just one such problem.

If I had any doubt of there being an infection in system restore (if I used it), I would disable and reboot as recommended by many when dealing with infections related to system restore. This has the consequence of deleting ‘all’ restore points not just infected ones, but you at least know that when you use system restore in the future you aren’t inadvertently infecting your system.

Is system restore currently enabled ?

Thanks for replying. (Sorry, BTW. I’m new to the forum and I think I think I’ve posted this in the wrong place.)

Avast has always worked beautifully, and I can’t understand what happened on this occasion. While the ‘Warning’ alert was still waiting for a response I located the folder (a hidden one, named ‘_restore’) but was unable to open it. The mouse pointer switched to ‘busy’, and the outline of the window appeared, but nothing more.

So. I have just created a Restore point. Yes - System Restore is enabled: it always has been. I can’t find a folder named _restore now, and yet System Restore does show my restore point as being available. So I’ve no idea where it’s storing the info.

An article in the Microsoft Knowledge Base, albeit referring to ME rather than XP, says:
‘When you run an antivirus program, you may receive a report that indicates that one or more files in the _Restore\Temp or the _Restore\Archive folders contain a virus or are infected with a virus.’

It goes on to say that these data stores are protected, and that anti-virus software can’t access them. I gather the only way they CAN be accessed is by first switching System Restore off, but that this deletes all the restore points.

If I did click on ‘Delete’ - and I’m wondering now if, panicking a bit, I might have - shouldn’t Avast at least warn you that ALL your restore points are going to be lost?

I wasn’t experiencing any problems till I ran the scan. So, hopefully I won’t be needing to restore my machine. I have found System Restore very useful over the years.

The System Volume Information folder is a part of the system restore function and as such is protected by windows, so much will be hidden and also protected from access. That area is where the _Restore points are stored.

Ensure that you have hidden files and folders enabled and disable hide system files in Windows Explorer, Tools, Folder Options, Hidden files and folders, see image.

That still won’t allow access but at least you should be able to see what is there.

avast is able to access them, that KB article is likely to be old and AVs have progressed, avast can certainly move or delete infected _Restore points is that is the action you choose.

Deletion of an infected _Restore point (if that was an action you chose) only deletes that restore point and not ‘all’ restore points, avast doesn’t disable system restore, consequently removing ‘all’ restore points. That is why I asked if it was still enabled, checking if you hadn’t inadvertently disabled it losing all restore points. So it would appear that this was nothing other than a hiccup with system restore.

You now have a clean restore point now which is available as you said, so this is your new start point and if things are working OK then it shouldn’t be an issue.

System Restore is far from perfect which is why I have taken steps (Drive Imaging software) to replace it so I can completely disable it, so I don’t have to rely on it.

There are many, many reasons why a System Restore may fail. For example, see “Why are previous restore points not working?” in the “Troubleshooting” section of this official Microsoft page:
http://www.microsoft.com/technet/prodtechnol/winxppro/plan/faqsrwxp.mspx

There’s lots more on that page that’s worth reading too. Note especially the sections on “Does System Restore protect personal data files?” (the short answer: no); “What should I do if System Restore does not work?”; “Why are my restore points missing or deleted?”; “Why does the System Restore Wizard lockup?”; and so on. Just a few minutes on that page ought to convince just about anyone that System Restore is not intended for heavy-duty system protection!

More info:
http://www.kellys-korner-xp.com/xp_restore.htm
http://www.google.com/search?q=system+restore+fail

There’s lots more on that page that’s worth reading too.

Thanks, David. Unfortunately there is nothing there that would account for what happened. I’ve just waded through it all!

Just a few minutes on that page ought to convince just about anyone that System Restore is not intended for heavy-duty system protection

I’ve used it for years and I know what it does and what it doesn’t do. I know what to expect of it and it has always worked fine. I already said that. I’ve no idea what you mean by ‘heavy duty’. If you mean it can’t protect its restore points from an Avast scan, no, it evidently can’t.

So it would appear that this was nothing other than a hiccup with system restore.

It would appear that before running the scan I had restore points. After running the scan I hadn’t.

I appreciate your help, but I still believe if Avast finds a problem in your restore folder it should at least warn you that ALL your restore points are going to be lost.

By heavy duty, some people thing that it is some sort of back-up that will resolve all problems and it simply doesn’t so that.

Why should it warn you “that ALL your restore points are going to be lost” when that isn’t what is it trying to do, it is only going to remove the _Restore point indicated in the alert, if assuming you selected the option to remove it (and you didn’t even do that).

I have no idea what happened but it isn’t something that avast is set-up to do.