This post is for information for Security team members dealing with
Malwarebytes' Antimalware ( known simply as mbam ) .

While an anti virus program will not scan the hidden files of the Restore
Files which are shadow copies, i found out from a Staff Member of
Mbam that mbam will scan these files and remove the threat. Now, it should
be noted that as this will make that restore pt useless, he has recommended
that after the files are cleaned up for users to delete all the old restore
points and as files are clean, at this time, make a new restore pt to be
used if needed.

" It is by using the Full Scan option, but honestly, actually removing infections
from System Restore points is pointless as it will generally break those restore points,
rendering them useless. If an infection resides in one or more of your restore points,
the best option once you're system is otherwise clean and running normally, to create a
fresh restore point and then delete all of the older restore points,
thus removing the older restore points that contained the infection(s). "



Samuel E Lindsey
Product Manager

Posted Image ( the posted image is a Malwarebytes Staff Member banner )

Members of this forum, suggest that you dont use restore points that have been affected, . MBAM and any antivirus can not guarantee that a virus has been removed. In many cases, its not that easy. Our head security person suggests in some cases a reformat is the only sure cure.

When i work one on one with an individual, after i have had them remove all threats, the very last thing i have them do is to remove all the old restore pts. and create a new one.
System restore is useful for other reasons, but, if you are infected with a virus/malware, then agreed , that they should not be used .
I have noticed that since i have been at this forum with you great bunch of guys/gals, that it is sometimes recommended for users to check for virus/malware first before proceeding with an issue fix. But, i think the issue of removing the old restore pts is forgotten.

One thing to look for also with Malwarebytes, if the user has set any folders in the Ignore settings, they should remove them before scanning if they think they got it so that the whole disk is scanned.

Correct way to use Mbam posted at Bleeping Computer : How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer

Originally Posted by Yard Dog

Correct way to use Mbam posted at Bleeping Computer : How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer

That assumes you don't already have it on your system. I use it every day. I write small utilities that use AutoHotKey and AutoIt3 which will often show false positives. If anyone has excluded folders from the scan, they won't be scanned. That's why I mentioned it. People who use small scripted utilities may have folders where the programs run from excluded same as I.

But for the person who has discovered a problem and is downloading Malwarebytes for that reason, I go along with the procedure.