Yes, but if you are restoring only the data files it's not the same as
doing a full restore with the executables nor is it like how the
infected file got there in the 1st place. I've just posted the statement
that only wiping everything including data and starting from scratch is
known clean but the worse of 3 methods.
Look at it this way:
1. IE is exploited to both drop & execute an infected file on your system.
2. If you only restore the file on a clean system, it would stay inert
until you executed it yourself.
3. If you scanned the file now unfettered by it's payload actions, you
have a better chance of detecting & cleaning it.
Like I said a few posts back, it's the chain of events before the file
more than "user clicked on the file" causing infections these days.
Sam Franc wrote:
warpmedia wrote:
This is not surrender, it's the current state of things. Why go
through a process that you can't guaranty?
At least if you backup everything, reformat/reinstall & then restore
only what is "assumed" to be data you're narrowing down the field
quite a bit and also removing the potential for a cloaked active or
unknown virus.
If "viruses can hide in apparent data files" then using your method
there is even more untrusted files to scan & miss plus the potential
for active infection cloaking itself.
One way is now a hit-or-miss hack job, the other the proper solution.
It's not a academic exercise, it's a job, there is no reason to spend
time and still not be certain you've done the job right.
Aren't you liable to carry the virus with you into the backup?
Sam
