Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Why I’m not a fan of System Restore *discs*

Question:

My Acer laptop was running perfectly fine until one day I was infected with
Live Security Platinum “scareware“. So I
went through a lot trying to get rid of it. Everything from using anti-malware
programs to removing it manually, but it kept coming back. So, I finally decided
to “Restore system to factory defaults” (my laptop does this from a hidden
partition).

By the way, my OS is Windows 7 Home Premium.

Anyway, after everything was installed and the whole process finished, my
laptop went to the login screen (you know when you have to pick a user profile
if there is more than one). For some reason, the profile I created during the
restore process was disabled; it said something like “User profile disabled. Please see System Administrator.” And there was also another profile with no
picture (the box was there for the profile pic, but no pic) and there were boxes
to type in both a user name and password.

Nothing I tried worked and after not finding any answers online, I gave up
and restored my system once more. This time, after everything installed, I can
log on to my profile now, but there are still problems. Every now and then,
Windows Explorer crashes or sometimes, I see the desktop then the screen goes
completely black aside from the mouse pointer. Then, after a few minutes, the
desktop comes back with a bunch of error messages, but after dismissing them,
everything runs fine. Everything except for Internet Explorer, of course, which
is now slow and has trouble loading web pages and sometimes only loads half the
page or can’t load the page at all, even though I still have an internet
connection. Sometimes, I even get an iexplorer.dll error (I occasionally get
other .dll errors, but I can’t remember them).

And here is the final and weirdest problem. When I turn on the computer
after Windows loads up at the login, there is a circle with a line that looks
like it supposed to be a clock and under it says two min. No matter how many
times I reboot, it stays there but it wasn’t there before I restored.

Is it possible that something went wrong in the restore process or is there
some other problem or problems?

Wow.

It’s really difficult to say exactly what’s gone wrong here.

I have a couple of suspicions, one of which is probably evident by the title
of this article, but in reality, it could be many different things. It could be
anything from (as you say and I suspect) a bad restore to something that’s
causing malware to reappear, to even coincidental hardware problems.

For anything short of hardware, however, my recommended approach will be the
same.

Become a Patron of Ask Leo! and go ad-free!

System Restore is not System Restore

I have to start by clarifying something extremely important.

Restoring your system to manufacturer’s defaults using the System Restore
discs that were provided by the manufacturer is not the same as
using the System Restore feature in Windows.

They are completely unrelated.

The System Restore feature in Windows, which I don’t like
either
, is basically a glorified registry backup and restore that resets
certain files back to a prior point in time depending on when restore points
were taken. When it works, that is.

Restoring your system to factory defaults, on the other hand, basically
wipes out your system completely and replaces it with the copy of Windows and
applications that were originally installed on the machine the day it was
delivered from the factory.

Typically, all of your data and subsequently installed applications are lost
in the process.

When it works, that is.

“Take and save an image backup as soon as you get a new machine and that becomes your System Restore media.”

How restoring your system to factory settings probably works

In an effort to save money (and perhaps licensing costs), most computer
manufacturers don’t actually provide a copy of Windows on installation media
like CDs or DVDs when you purchase your machine. Instead, they pre-install Windows
for you.

In case you ever need to start over, they also provide a copy of Windows in
an often hidden partition on the computer’s hard disk. The theory is that a
“restore to factory settings” is nothing more than erasing the primary
partition and copying the recovery partition into the primary partition. (In
practice, it’s not that simple but conceptually at least, it is.)

So what’s with that “System Recovery disc” that came with your system? Well,
it doesn’t have Windows on it, that’s almost certain. What is does have is a
small program, unique to your computer’s manufacturer, that does what I just
described. After warning you about the consequences, it copies the System
Restore partition over the main partition, handling all the pesky details
relating to booting properly and what not along the way.

That’s how a CD with only a small amount of data actually on it can restore
a system that’s typically so large, it needs to be distributed on DVDs these days.

And of course, I have to say that this is how it “probably” works, as of
course, there is no standard. Each computer manufacturer decides how they want
to handle this situation and each provides its own tools and techniques to do
so.

Why restoring your system to factory settings might fail

The most common failure that renders this hidden-partition approach useless
is a hard drive failure. If the hard drive goes bad, it takes all of the partitions
with it. Your primary partition is lost as is your recovery partition. There is
nothing for the system recovery disc to recover and it fails.

Some manufacturers will only send you a complete Windows installation disc
if in fact your hard drive has failed and they provide you with a
replacement.

Another, less common scenario involves malware.

If your machine is infected, it is possible that the malware could
infect or damage the hidden system recovery partition. In fact, sufficiently
aggressive malware would try to do just that so as to keep your machine
infected even after you’ve attempted to restore to factory settings.

While the process of restoring your machine to its factory default settings
might appear to work, it’s very possible that the net result will not be
factory default at all.

I’m honestly not saying that this is what’s happened to you. There’s no way
for me to know, but I have to say that it sure does feel that way.

Fixing it after the fact

If your recovery partition is lost or damaged, either actually (hard disk
replacement or clear failure) or empirically (things don’t work right after a
reset to factory settings), there’s really only one solution:

Reformat and reinstall from scratch.

That means you’ll need actual Windows installation media, not system
recovery media, that can be used to install Windows onto a completely empty
hard disk.

If all you have is a System Restore disc provided by the manufacturer, you
may not have what you need. You’ll need to either contact the manufacturer for
an installation disc, or go out and purchase one.

There is a better way

Recovery partitions, as you can hopefully see by now, are not something to
be relied on. Even if you believe your chances of contracting malware that
would damage it are small (and they are), the simple fact that a hard drive
failure could render it useless should be an important realization.

The solution?

Regular image backups kept on an external drive and/or elsewhere.

Take and save an image backup as soon as you get a new machine, and that
becomes your System Restore media. If you ever need to restore your
system to its factory default settings, simply restore to that backup and you’re
done.

Take periodic image backups and there’s a good chance you won’t need to take
that drastic a step.

In a situation where you’ve encountered malware that refuses to be removed,
simply restore your system to an image backup that was taken before the
infection, and you’re done. No complicated removal instructions to follow, no
questioning whether or not, it’s really gone, just a restore from a backup
image.

And of course, if your hard disk dies, replacing and restoring to the most
recent backup image has you up and running again quickly.

There’s a reason I frequently say, “Nothing can save you from almost any
problem like a proper and recent backup.”

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

23 comments on “Why I’m not a fan of System Restore *discs*”

  1. There are 2 ways to create factory backup’s on Acer Comp’s. 1 is to create backup disc’s when ya first get comp. and second is actually built in. In this case I suspect that Factory Restore discs were not created early enough. If that not the case then it is important to know how to boot from the disc’s created. Sounds easy but many do not know !!

    Reply
  2. I had a similar problem some time back… my system was hit with some malware/virus that really messed up my PC. After several attempts to ‘Clean’ it up and several ‘ReFormats and Fresh Installs’ of the OS… I finally came across the answer that fixed my ‘Persistantly ReOccuring Infestation’ ! I had to ‘Power Down’ the PC, ‘Unplug it from the Power Supply’… and ‘Pull the Button Cell Battery’ off the Motherboard, ‘Powered Up the PC without the battery’ to force it to load the ‘Actual Factory BIOS’, ‘Power Down’ again, reinstall the Battery and finally ‘ReBoot’ and ‘Manually make changes to the BIOS Settings in order to ‘clear the ‘CMOS MEMORY’ where the VIRUS was stored ! ! ! Every time the PC booted up the first thing that it did was ‘LOAD THE VIRUS’ then load everything else ! It was very frustrating ! ! !

    Reply
  3. Well (best read with northern Michigan rural nasal accent) before even plugging my new Dell in I had a tech guy set it up, transfer all docs &c. He also made disks (took 2) for Recovery. Internal System Restore does work when other untoward freakish things occur, just go back a few days before problem and Voila! (that means Dummies Arise, our day has come, sort of) Backup seems to be the key if preempted, not the other way.

    Reply
  4. This mess can be easily sorted out. Remember that when you invest in Windows 7 in reality you are buying the Product Key. Therefore the procedure described below is perfectly legal.

    Go to http://www.mydigitallife.info/official-windows-7-sp1-iso-from-digital-river/ and download an ISO Image of Windows 7 Home Premium 32-bit or 64-bit depending on the one you have. Make an installation DVD or Pen-Drive from this ISO Image.

    After that install Windows 7 Home Premium and activate it with the existing Product Key that you have already purchased and are presently using. In the unlikely event of the On-line activation failing, you can phone Microsoft and get the OS activated.

    Reply
  5. I had the same situation (running XP Pro), and was using the a good freebie virus/spyware program but something got by and sent me to the BSOD.

    Luckily, I was backing up my image monthly with a good free backup program and All Went Well.

    Backup– backup– backup I say!!

    Reply
  6. I ALWAYS create the system recovery/restore disks for a new computer. I’ve bought HPs lately. They have a one-time use program that creates the disks, which usually consume 3 DVDs, so this seems like an image backup. I don’t change a thing until these disks are made. This has worked perfectly when I need to restore a computer to factory condition, since I tend to give them away. Granted, if I’m restoring for myself, all my backed up files and software added since purchase have to be reinstalled and loaded. I always select the option to restore from the backup DVDs rather than the recovery partition. Fortunately I don’t mind doing this if needed. It’s a good way to reorganize. After factory restore, I also have to run HP update and Windows updates. One time it took about 360 files for Windows to clean up an older laptop that I had restored.

    Reply
  7. @Amarnath
    That would work only if the version of Windows was installed from Windows installation disks. In the case of a preinstalled OS, (which is the case discussed in this article) that key is not valid for activating a commercial version of Windows.

    Reply
  8. One time I had to run the restore to factory state disk before I was able to restore from my backup. I had deleted a partition which was necessary to run Windows even after restoring from my backup, So my recovery process went 1. Recover from backup – fail , get frustrated, 2. Run recovery disks. 3. Restore from backup. Lesson: Even if you back up regularly, System Restore disks may save your backside in some situations.
    Like the old joke: When a man was told his mother-in-law died but the ground was too frozen to bury her. He was asked, “should we cremate her or freeze her and wait till the ground thaws.” He responded, “Do both we can’t take any chances.”

    Reply
  9. the person can always buy a second copy of Windows, unless Microsoft really did stop selling full version of Windows. If the rumors are true, that leaves contacting the manufacturer for a $20 replacement DVD(Compaq does this, I do not know about ACER). If not, you have to get ampther OS, such as Linux or even a new laptop and make those recovery DVD’s on day one.

    Reply
  10. Another instance of one slipshod group (the PC manufacturers) coordinating with another bunch of cheat-the-suckers (Microsoft) to achieve happiness for all (excepting, of course, the poor saps who are stuck with putting up with this larceny).

    Reply
  11. The question made no mention of discs, Leo. Perhaps it was in a section you edited out?

    One step not mentioned in this particular article, is using a (Linux) LiveCD to back up any data before doing a system restore.

    I made the recovery CDs for my HP G62 laptop (four discs) and then deleted the recovery partition. After shrinking C:, I had lots of space to install Linux Mint.

    Reply
  12. Your advice to make regular backups is obvious.

    Please how do I do it though.

    Many thanks

    This site has many, many, MANY articles on backing up and how to – search for “how to backup” for starters.

    Leo
    25-Sep-2012

    Reply
  13. Compaq actually burned a complete copy of Windows XP for my computer and Vista for my mother’s computer. Both things were formatted and re-partitioned when that dreaded fake security virus hit us. Then she got a Mac. Hopefully they supply the disks for her, I do not know.

    Reply
  14. I recently configured two Asus K53E laptops for family members. Much to my surprise, they now come with two labeled partitions (C: OS and D: DATA). There is a utility that creates a bootable DVD containing the image from the recovery partition to allow restoring to factory if the drive fails. Also, the recovery utility allows restoring the entire system to factory or just the C drive.

    Reply
  15. A factory system restore would be my last option, I’ve had great success using the Win 7 repair disk, every one should download a copy or even make your own, The good news is that it has System Restore on it as one of the tools.
    Check it out and good luck.

    Reply
  16. Thank you for this information. I have just ordered a new laptop and this is very timely.

    Instead of burning the image backup to a CD, am just wondering if it would be at all possible to burn it to my external hard drive and in restoring, set the bios to boot from the hard drive and go from there.

    Also, am wondering if it would be possible to just copy the restore partition to my external hard drive.

    Am extremely glad someone has finally come out and talked in more detail about the limitations of restore partitions and OEM restore disks. When I had to reinstall my Dell OS, the OEM disk worked but had to have tech support walk me through many steps that were not intuitive and not posted online.

    You can absolutely backup your images of anything – system and/or recovery partition – to an external hard drive. In fact, I recommend it as being much more practical.

    Leo
    26-Sep-2012

    Reply
  17. Some malware can come from your previous backup
    Do a factory install but do not restore old back up data until you are certain all is running well.
    Jp

    Reply
  18. Check hard drive for faults using for example eg Spinrite or free HD Tune plus many others.Snapfiles.com is a good site to get these.

    If ok check rest of PC systems by running a bootable Linux based disc {eg Ultimate Boot CD} Most have Firefox included so you can go on line an give the computer a good work out independent of your Windows Operating system & hard drive.
    Jp

    Reply
  19. As a PC repair technician, I’ve had many customer PCs infected with Live Security Platinum. Most of the time the infection is accompanied with a rootkit that will re-infect Windows on each reboot. Even formatting the HD will not remove the rootkit, it must be removed (usually manually) or the MBR rebuilt. If the rootkit is not removed, even a complete reinstall will not solve the problem.

    If the above is beyond your technical capability, take it to a professional repair shop (not one of the big-box stores) and have it fixed.

    Reply
  20. When I bought my new Dell Inspiron notebook computer it did not come with the system disks. I read somewhere that if you contact Dell and ask for the disks they will send them. I went to Dell’s site and looked around and found a link to request the system disks. Dell sent me the disks for all the software that came on the computer, Windows 7 and everything, free, including free shipping!
    I make monthly image backups to a Segate external drive, so I probably will never need the disks, but it is good to know I have them. A Segate GoFlex USB external 1Terabyte drive is only $89.99 at Best Buy.

    Reply
  21. Hi Leo
    I have been following your web site now for a few months and find it very informative, thanks. my problem is that I took your advice and purchased macrium reflect as a baskup software after my maxtor one touch external backup failed without notice. I purchased a internal western digital and now I have a problem learning all the technical terms that reflex uses. it is not beginner user friendly. Is there a basic tutorial?

    I’d start you with my video series, here: Backup and Restore with Macrium Reflect 5.0

    Leo
    02-Oct-2012
    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.