reoccuring viruses

Thank you for your courteous response.

Please explain how malware is using WinME SR files to reinfect a machine.
I am aware of the use of hidden "tickler" files to do so, particularly
regarding spyware, and have had very difficult times myself removing such
from naive users' machines during service. I typically recommend to such
uncareful users that they install an "active" anti-spyware tool, eg.,
Webroot's Spy Sweeper, to help prevent reinfection.

But I have not heard of the SR files being used to do so. Please elaborate
in detail.

--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.
------
"oops!!" wrote in message
...

Jack,

Thank you for your comments but don’t misunderstand me.

I have no intention of taking back any of my previous comments and I will
not change my opinion on SR on or off before running AV/malware/spyware
scanners.

You will forgive me, but I think the different opinions are also based on
different parameters.

Mine is troubleshooting IRL, yours seems to be the defence of the theory and
design behind SR. Which, again, is great, but will work against you when
you want to cleanup an infected system.

What you seem to be unaware is that recent malware is being designed to use
SR to be quickly reinstalled (restored?).

And you will never get rid of it without disabling SR before cleansing.

I am not the only one thinking this way. Many people do, including other MVP
’s.

Rather than a cordial resolution, not at all possible given the different
opinions, time will tell which one is the correct one, if there is only one
100% correct.

As you say: We agree we disagree.

Take care.

Zee





"Jack E Martinelli" wrote in message
...
Zee, I like your response.
I differ from your judgement in some regards.
I have read the entire previous thread here.
I have no opinion or financial incentives regarding the new MS
anti-spyware
tool.
I am a MS MVP: I have no other contract with Microsoft. I am here to
help
the Millennium user community. And I think I am honorable and
uncorruptible. I genuinely think the others here are doing the same.


IMO, disabling SR can permit removing some infected SR files, but these
are
already "quarantined" if SR is running effectively. Only an inadvertent
or
ignorant reversion using SR by the user can reinfect the machine from
these
files.
IMO, this risk is far less than any from not having SR available in the
possible circumstance that the current session results in a serious
problem.
If I understand Mike M and Noel correctly, this is their point, with which
I
agree. Cleansing a SR file is trivial relative to being able to restore a
failing machine. It's the "parachute" thing.

OTH, disabling SR before running a AV scan is not nearly as effective as
running the AV in Safe Mode, if available, or DOS mode, to kill malactors
not yet loaded and executing.

I am most pleased with your reasonable response here and hope that we can
discuss (debate ?) these apparent differences of opinion to a cordial
resolution. It's not necessary that we finally agree on a best course of
action. It is preferable that we have a civil discourse to a point where
we
can agree to disagree, if that is the case. As I said earlier, it's the
"personal" in personal computer.

I congratulate you for this reasonable rejoinder. I look forward to your
response.

--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.
------
"oops!!" wrote in message
...

Jack,

If personal attacks are the issue here, I would suggest you to read the
sequence of events.

Regarding Symantec, I really find it weird that only mentioning a link
to
Symantec is seen/read as supporting Norton.

Is this really caused by the BS software they have been releasing these
last
couple of years?

Or maybe could it be related to the forthcoming MS AV...??

Just wondering...

Please be aware that I am a strong supporter of SR. You won't read any
comment of mine saying anything else.

Regarding SR off or on before malware/spyware cleansing, that is a
different
issue. I have mine, turn it off, and there are MVP's and non-MVP experts
supporting the same idea I have.

Even Noel Paton admits that different opinions exist.

My personal experience tells me that is wise, or you won't be able to
clean
some of the more recent malware.

And, yes, do turn on SR as soon as you have a clean system, making sure
you
have a safe restore point.

I will not comment anything else as I find it too biased to be
considered
debatable.

Thank you for caring to post.

Zee



"Jack E Martinelli" wrote in message
...
Disregarding for the moment this disagreement about the advisibility
of
disabling SR prior to running an AV scan, or for any other reason,
Zee,
I direct your attention to your particular words here to Mr. Mike
Maltby,
and to others elsewhere directed to Mr. Richard Harper.
IMO, these constitute a personal attack, unrelated to any technical
discussion about computer business.
This is not acceptible in this ng, nor really anywhere else. We are
civilized here. If you wish to troll, do so elsewhere.
If you continue in this vein, I suggest you will soon not be obtaining
any responses to any inquiries or posts here.

Like your choice in disabling SR on your personal computer, it's your
"personal" choice.

Neither Mike M, Noel Paton, Richard Harper, Mart, nor any one else
here
really needs my support since many users here understand the
importance
of SR to maintain the WinME computer. Readers can review years of our
comments to aid them. IMHO, you are the one willing to take an
unnecessary,
possibly catastrophic risk.
Hopefully, less informed readers of this thread will understand this
and
avoid your advice. Many already understand the inadvisibility of
using
Norton tools, or following Symantec advice, under WinME.

We pride ourselves in the Millennium ng's for being compassionate and
courteous, and expect the same from you despite how heated any
disagreement may become. There is no excuse for lack of grace under
pressure.

Thank you in advance for your serious, careful reconsideration, and
any
consideration of an apology to those personally attacked,
so we can return to a technical discussion avoiding personalities,
--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.
------
"oops!!" wrote in message
...

Mike,

LOL

I'm sure your *wisdom* is proportional to your lack of education and
good sense.

But, that's so typical of too many MVP's.

Enjoy your life, mate.

Zee



"Mike M" wrote in message
...

SNIP

Jack,

You'll notice when every scan shows clean, and you'll find it active =
again upon the first reboot.

Turn off SR, clean, reboot and the system comes up clean.

As I read somewhere else, on the same issue, but I am a dumb old =
dinosaur who likes results to be predictable.

Zee



"Jack E Martinelli" wrote in message =
...
Thank you for your courteous response.
=20
Please explain how malware is using WinME SR files to reinfect a =
machine.
I am aware of the use of hidden "tickler" files to do so, particularly
regarding spyware, and have had very difficult times myself removing =
such
from naive users' machines during service. I typically recommend to =
such
uncareful users that they install an "active" anti-spyware tool, eg.,
Webroot's Spy Sweeper, to help prevent reinfection.
=20
But I have not heard of the SR files being used to do so. Please =
elaborate
in detail.
=20
--=20
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm
=20
http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.
------
"oops!!" wrote in message
...
=20
Jack,
=20
Thank you for your comments but don=92t misunderstand me.
=20
I have no intention of taking back any of my previous comments and I =
will
not change my opinion on SR on or off before running =
AV/malware/spyware
scanners.
=20
You will forgive me, but I think the different opinions are also based =
on
different parameters.
=20
Mine is troubleshooting IRL, yours seems to be the defence of the =
theory and
design behind SR. Which, again, is great, but will work against you =
when
you want to cleanup an infected system.
=20
What you seem to be unaware is that recent malware is being designed =
to use
SR to be quickly reinstalled (restored?).
=20
And you will never get rid of it without disabling SR before =
cleansing.
=20
I am not the only one thinking this way. Many people do, including =
other MVP
=92s.
=20
Rather than a cordial resolution, not at all possible given the =
different
opinions, time will tell which one is the correct one, if there is =
only one
100% correct.
=20
As you say: We agree we disagree.
=20
Take care.
=20
Zee
=20
=20
=20
=20
=20
"Jack E Martinelli" wrote in message
...
Zee, I like your response.
I differ from your judgement in some regards.
I have read the entire previous thread here.
I have no opinion or financial incentives regarding the new MS
anti-spyware
tool.
I am a MS MVP: I have no other contract with Microsoft. I am here =
to
help
the Millennium user community. And I think I am honorable and
uncorruptible. I genuinely think the others here are doing the =
same.


IMO, disabling SR can permit removing some infected SR files, but =
these
are
already "quarantined" if SR is running effectively. Only an =
inadvertent
or
ignorant reversion using SR by the user can reinfect the machine =
from
these
files.
IMO, this risk is far less than any from not having SR available in =
the
possible circumstance that the current session results in a serious
problem.
If I understand Mike M and Noel correctly, this is their point, with =
which
I
agree. Cleansing a SR file is trivial relative to being able to =
restore a
failing machine. It's the "parachute" thing.

OTH, disabling SR before running a AV scan is not nearly as =
effective as
running the AV in Safe Mode, if available, or DOS mode, to kill =
malactors
not yet loaded and executing.

I am most pleased with your reasonable response here and hope that =
we can
discuss (debate ?) these apparent differences of opinion to a =
cordial
resolution. It's not necessary that we finally agree on a best =
course of
action. It is preferable that we have a civil discourse to a point =
where
we
can agree to disagree, if that is the case. As I said earlier, =
it's the
"personal" in personal computer.

I congratulate you for this reasonable rejoinder. I look forward to =
your
response.

--=20
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.
------
"oops!!" wrote in message
...

Jack,

If personal attacks are the issue here, I would suggest you to =
read the
sequence of events.

Regarding Symantec, I really find it weird that only mentioning a =
link
to
Symantec is seen/read as supporting Norton.

Is this really caused by the BS software they have been releasing =
these
last
couple of years?

Or maybe could it be related to the forthcoming MS AV...??

Just wondering...

Please be aware that I am a strong supporter of SR. You won't read =
any
comment of mine saying anything else.

Regarding SR off or on before malware/spyware cleansing, that is a
different
issue. I have mine, turn it off, and there are MVP's and non-MVP =
experts
supporting the same idea I have.

Even Noel Paton admits that different opinions exist.

My personal experience tells me that is wise, or you won't be able =
to
clean
some of the more recent malware.

And, yes, do turn on SR as soon as you have a clean system, making =
sure
you
have a safe restore point.

I will not comment anything else as I find it too biased to be
considered
debatable.

Thank you for caring to post.

Zee



"Jack E Martinelli" wrote in =
message
...
Disregarding for the moment this disagreement about the =
advisibility
of
disabling SR prior to running an AV scan, or for any other =
reason,
Zee,
I direct your attention to your particular words here to Mr. =
Mike
Maltby,
and to others elsewhere directed to Mr. Richard Harper.
IMO, these constitute a personal attack, unrelated to any =
technical
discussion about computer business.
This is not acceptible in this ng, nor really anywhere else. We =
are
civilized here. If you wish to troll, do so elsewhere.
If you continue in this vein, I suggest you will soon not be =
obtaining
any responses to any inquiries or posts here.

Like your choice in disabling SR on your personal computer, it's =
your
"personal" choice.

Neither Mike M, Noel Paton, Richard Harper, Mart, nor any one =
else
here
really needs my support since many users here understand the
importance
of SR to maintain the WinME computer. Readers can review years =
of our
comments to aid them. IMHO, you are the one willing to take an
unnecessary,
possibly catastrophic risk.
Hopefully, less informed readers of this thread will understand =
this
and
avoid your advice. Many already understand the inadvisibility =
of
using
Norton tools, or following Symantec advice, under WinME.

We pride ourselves in the Millennium ng's for being =
compassionate and
courteous, and expect the same from you despite how heated any
disagreement may become. There is no excuse for lack of grace =
under
pressure.

Thank you in advance for your serious, careful reconsideration, =
and
any
consideration of an apology to those personally attacked,
so we can return to a technical discussion avoiding =
personalities,
--=20
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.
------
"oops!!" wrote in message
...

Mike,

LOL

I'm sure your *wisdom* is proportional to your lack of education =
and
good sense.

But, that's so typical of too many MVP's.

Enjoy your life, mate.

Zee



"Mike M" wrote in message
...

SNIP

=20

There's a very good reason for the fact you haven't heard about it, Jack -
it CANNOT be done without user intervention!

--
Noel Paton (MS-MVP 2002-2005, Windows)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"Jack E Martinelli" wrote in message
...
..

But I have not heard of the SR files being used to do so. Please
elaborate
in detail.

--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.

That is pure bull - the fact is that there is a memory-resident checker
present, which reinstalls the infection on the shutdown/restart cycle - it
has NOTHING WHATEVER to do with System Restore, unless you actually use SR
to restore the system.


--
Noel Paton (MS-MVP 2002-2005, Windows)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"oops!!" wrote in message
...

Jack,

You'll notice when every scan shows clean, and you'll find it active again
upon the first reboot.

Turn off SR, clean, reboot and the system comes up clean.

As I read somewhere else, on the same issue, but I am a dumb old dinosaur
who likes results to be predictable.

Zee



"Jack E Martinelli" wrote in message
...
Thank you for your courteous response.

Please explain how malware is using WinME SR files to reinfect a machine.
I am aware of the use of hidden "tickler" files to do so, particularly
regarding spyware, and have had very difficult times myself removing such
from naive users' machines during service. I typically recommend to such
uncareful users that they install an "active" anti-spyware tool, eg.,
Webroot's Spy Sweeper, to help prevent reinfection.

But I have not heard of the SR files being used to do so. Please
elaborate
in detail.

--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.
------
"oops!!" wrote in message
...

Jack,

Thank you for your comments but don’t misunderstand me.

I have no intention of taking back any of my previous comments and I will
not change my opinion on SR on or off before running AV/malware/spyware
scanners.

You will forgive me, but I think the different opinions are also based on
different parameters.

Mine is troubleshooting IRL, yours seems to be the defence of the theory
and
design behind SR. Which, again, is great, but will work against you when
you want to cleanup an infected system.

What you seem to be unaware is that recent malware is being designed to
use
SR to be quickly reinstalled (restored?).

And you will never get rid of it without disabling SR before cleansing.

I am not the only one thinking this way. Many people do, including other
MVP
’s.

Rather than a cordial resolution, not at all possible given the different
opinions, time will tell which one is the correct one, if there is only
one
100% correct.

As you say: We agree we disagree.

Take care.

Zee





"Jack E Martinelli" wrote in message
...
Zee, I like your response.
I differ from your judgement in some regards.
I have read the entire previous thread here.
I have no opinion or financial incentives regarding the new MS
anti-spyware
tool.
I am a MS MVP: I have no other contract with Microsoft. I am here to
help
the Millennium user community. And I think I am honorable and
uncorruptible. I genuinely think the others here are doing the same.


IMO, disabling SR can permit removing some infected SR files, but these
are
already "quarantined" if SR is running effectively. Only an inadvertent
or
ignorant reversion using SR by the user can reinfect the machine from
these
files.
IMO, this risk is far less than any from not having SR available in the
possible circumstance that the current session results in a serious
problem.
If I understand Mike M and Noel correctly, this is their point, with
which
I
agree. Cleansing a SR file is trivial relative to being able to restore
a
failing machine. It's the "parachute" thing.

OTH, disabling SR before running a AV scan is not nearly as effective as
running the AV in Safe Mode, if available, or DOS mode, to kill
malactors
not yet loaded and executing.

I am most pleased with your reasonable response here and hope that we
can
discuss (debate ?) these apparent differences of opinion to a cordial
resolution. It's not necessary that we finally agree on a best course
of
action. It is preferable that we have a civil discourse to a point
where
we
can agree to disagree, if that is the case. As I said earlier, it's
the
"personal" in personal computer.

I congratulate you for this reasonable rejoinder. I look forward to
your
response.

--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.
------
"oops!!" wrote in message
...

Jack,

If personal attacks are the issue here, I would suggest you to read
the
sequence of events.

Regarding Symantec, I really find it weird that only mentioning a link
to
Symantec is seen/read as supporting Norton.

Is this really caused by the BS software they have been releasing
these
last
couple of years?

Or maybe could it be related to the forthcoming MS AV...??

Just wondering...

Please be aware that I am a strong supporter of SR. You won't read any
comment of mine saying anything else.

Regarding SR off or on before malware/spyware cleansing, that is a
different
issue. I have mine, turn it off, and there are MVP's and non-MVP
experts
supporting the same idea I have.

Even Noel Paton admits that different opinions exist.

My personal experience tells me that is wise, or you won't be able to
clean
some of the more recent malware.

And, yes, do turn on SR as soon as you have a clean system, making
sure
you
have a safe restore point.

I will not comment anything else as I find it too biased to be
considered
debatable.

Thank you for caring to post.

Zee



"Jack E Martinelli" wrote in message
...
Disregarding for the moment this disagreement about the advisibility
of
disabling SR prior to running an AV scan, or for any other reason,
Zee,
I direct your attention to your particular words here to Mr. Mike
Maltby,
and to others elsewhere directed to Mr. Richard Harper.
IMO, these constitute a personal attack, unrelated to any technical
discussion about computer business.
This is not acceptible in this ng, nor really anywhere else. We are
civilized here. If you wish to troll, do so elsewhere.
If you continue in this vein, I suggest you will soon not be
obtaining
any responses to any inquiries or posts here.

Like your choice in disabling SR on your personal computer, it's
your
"personal" choice.

Neither Mike M, Noel Paton, Richard Harper, Mart, nor any one else
here
really needs my support since many users here understand the
importance
of SR to maintain the WinME computer. Readers can review years of
our
comments to aid them. IMHO, you are the one willing to take an
unnecessary,
possibly catastrophic risk.
Hopefully, less informed readers of this thread will understand this
and
avoid your advice. Many already understand the inadvisibility of
using
Norton tools, or following Symantec advice, under WinME.

We pride ourselves in the Millennium ng's for being compassionate
and
courteous, and expect the same from you despite how heated any
disagreement may become. There is no excuse for lack of grace under
pressure.

Thank you in advance for your serious, careful reconsideration, and
any
consideration of an apology to those personally attacked,
so we can return to a technical discussion avoiding personalities,
--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.
------
"oops!!" wrote in message
...

Mike,

LOL

I'm sure your *wisdom* is proportional to your lack of education and
good sense.

But, that's so typical of too many MVP's.

Enjoy your life, mate.

Zee



"Mike M" wrote in message
...

SNIP

Clearly ignorance is showing its head here Noel. Before condemning system
restore Zee ought to learn a little about viruses and the mechanisms they
use. Until he looks at the problem logically, something he appears to
have failed to do to date, and carefully considers and understands the
consequences to the end user of disabling system restore and then
(accidentally) trashing their system whilst attempting to rid their system
of malware there is little point in continuing.
--
Mike Maltby MS-MVP



Noel Paton wrote:

That is pure bull - the fact is that there is a memory-resident
checker present, which reinstalls the infection on the
shutdown/restart cycle - it has NOTHING WHATEVER to do with System
Restore, unless you actually use SR to restore the system.

Whatever.

See you around and probably speaking of this again soon

Zee




"Noel Paton" wrote in message
...
That is pure bull - the fact is that there is a memory-resident checker
present, which reinstalls the infection on the shutdown/restart cycle - it
has NOTHING WHATEVER to do with System Restore, unless you actually use SR
to restore the system.


--
Noel Paton (MS-MVP 2002-2005, Windows)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"oops!!" wrote in message
...

Jack,

You'll notice when every scan shows clean, and you'll find it active again
upon the first reboot.

Turn off SR, clean, reboot and the system comes up clean.

As I read somewhere else, on the same issue, but I am a dumb old dinosaur
who likes results to be predictable.

Zee



"Jack E Martinelli" wrote in message
...
Thank you for your courteous response.

Please explain how malware is using WinME SR files to reinfect a
machine.
I am aware of the use of hidden "tickler" files to do so, particularly
regarding spyware, and have had very difficult times myself removing
such
from naive users' machines during service. I typically recommend to
such
uncareful users that they install an "active" anti-spyware tool, eg.,
Webroot's Spy Sweeper, to help prevent reinfection.

But I have not heard of the SR files being used to do so. Please
elaborate
in detail.

--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.
------
"oops!!" wrote in message
...

Jack,

Thank you for your comments but don’t misunderstand me.

I have no intention of taking back any of my previous comments and I
will
not change my opinion on SR on or off before running AV/malware/spyware
scanners.

You will forgive me, but I think the different opinions are also based
on
different parameters.

Mine is troubleshooting IRL, yours seems to be the defence of the theory
and
design behind SR. Which, again, is great, but will work against you
when
you want to cleanup an infected system.

What you seem to be unaware is that recent malware is being designed to
use
SR to be quickly reinstalled (restored?).

And you will never get rid of it without disabling SR before cleansing.

I am not the only one thinking this way. Many people do, including other
MVP
’s.

Rather than a cordial resolution, not at all possible given the
different
opinions, time will tell which one is the correct one, if there is only
one
100% correct.

As you say: We agree we disagree.

Take care.

Zee





"Jack E Martinelli" wrote in message
...
Zee, I like your response.
I differ from your judgement in some regards.
I have read the entire previous thread here.
I have no opinion or financial incentives regarding the new MS
anti-spyware
tool.
I am a MS MVP: I have no other contract with Microsoft. I am here to
help
the Millennium user community. And I think I am honorable and
uncorruptible. I genuinely think the others here are doing the same.


IMO, disabling SR can permit removing some infected SR files, but
these
are
already "quarantined" if SR is running effectively. Only an
inadvertent
or
ignorant reversion using SR by the user can reinfect the machine from
these
files.
IMO, this risk is far less than any from not having SR available in
the
possible circumstance that the current session results in a serious
problem.
If I understand Mike M and Noel correctly, this is their point, with
which
I
agree. Cleansing a SR file is trivial relative to being able to
restore
a
failing machine. It's the "parachute" thing.

OTH, disabling SR before running a AV scan is not nearly as effective
as
running the AV in Safe Mode, if available, or DOS mode, to kill
malactors
not yet loaded and executing.

I am most pleased with your reasonable response here and hope that we
can
discuss (debate ?) these apparent differences of opinion to a cordial
resolution. It's not necessary that we finally agree on a best course
of
action. It is preferable that we have a civil discourse to a point
where
we
can agree to disagree, if that is the case. As I said earlier, it's
the
"personal" in personal computer.

I congratulate you for this reasonable rejoinder. I look forward to
your
response.

--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.
------
"oops!!" wrote in message
...

Jack,

If personal attacks are the issue here, I would suggest you to read
the
sequence of events.

Regarding Symantec, I really find it weird that only mentioning a
link
to
Symantec is seen/read as supporting Norton.

Is this really caused by the BS software they have been releasing
these
last
couple of years?

Or maybe could it be related to the forthcoming MS AV...??

Just wondering...

Please be aware that I am a strong supporter of SR. You won't read
any
comment of mine saying anything else.

Regarding SR off or on before malware/spyware cleansing, that is a
different
issue. I have mine, turn it off, and there are MVP's and non-MVP
experts
supporting the same idea I have.

Even Noel Paton admits that different opinions exist.

My personal experience tells me that is wise, or you won't be able
to
clean
some of the more recent malware.

And, yes, do turn on SR as soon as you have a clean system, making
sure
you
have a safe restore point.

I will not comment anything else as I find it too biased to be
considered
debatable.

Thank you for caring to post.

Zee



"Jack E Martinelli" wrote in
message
...
Disregarding for the moment this disagreement about the
advisibility
of
disabling SR prior to running an AV scan, or for any other reason,
Zee,
I direct your attention to your particular words here to Mr. Mike
Maltby,
and to others elsewhere directed to Mr. Richard Harper.
IMO, these constitute a personal attack, unrelated to any
technical
discussion about computer business.
This is not acceptible in this ng, nor really anywhere else. We
are
civilized here. If you wish to troll, do so elsewhere.
If you continue in this vein, I suggest you will soon not be
obtaining
any responses to any inquiries or posts here.

Like your choice in disabling SR on your personal computer, it's
your
"personal" choice.

Neither Mike M, Noel Paton, Richard Harper, Mart, nor any one else
here
really needs my support since many users here understand the
importance
of SR to maintain the WinME computer. Readers can review years of
our
comments to aid them. IMHO, you are the one willing to take an
unnecessary,
possibly catastrophic risk.
Hopefully, less informed readers of this thread will understand
this
and
avoid your advice. Many already understand the inadvisibility of
using
Norton tools, or following Symantec advice, under WinME.

We pride ourselves in the Millennium ng's for being compassionate
and
courteous, and expect the same from you despite how heated any
disagreement may become. There is no excuse for lack of grace
under
pressure.

Thank you in advance for your serious, careful reconsideration,
and
any
consideration of an apology to those personally attacked,
so we can return to a technical discussion avoiding personalities,
--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.
------
"oops!!" wrote in message
...

Mike,

LOL

I'm sure your *wisdom* is proportional to your lack of education
and
good sense.

But, that's so typical of too many MVP's.

Enjoy your life, mate.

Zee



"Mike M" wrote in message
...

SNIP

It's also absolutely pointless. If you could restore from the SR archive
without user intervention, you wouldn't need to.


Shane


"Noel Paton" wrote in message
...
There's a very good reason for the fact you haven't heard about it, Jack -
it CANNOT be done without user intervention!

--
Noel Paton (MS-MVP 2002-2005, Windows)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"Jack E Martinelli" wrote in message
...
.

But I have not heard of the SR files being used to do so. Please
elaborate
in detail.

--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.

I have no problems admitting my ignorance of how that malware works.

However I do not ignore the steps necessary to reach the cure in an
effective and predictable way.

Something that many people consider slightly more important.

Zee




"Mike M" wrote in message
...
Clearly ignorance is showing its head here Noel. Before condemning system
restore Zee ought to learn a little about viruses and the mechanisms they
use. Until he looks at the problem logically, something he appears to
have failed to do to date, and carefully considers and understands the
consequences to the end user of disabling system restore and then
(accidentally) trashing their system whilst attempting to rid their system
of malware there is little point in continuing.
--
Mike Maltby MS-MVP



Noel Paton wrote:

That is pure bull - the fact is that there is a memory-resident
checker present, which reinstalls the infection on the
shutdown/restart cycle - it has NOTHING WHATEVER to do with System
Restore, unless you actually use SR to restore the system.

In this immediate case, I agree with Noel.
His "memory-resident checker" is what I called my "tickler file".
These possibly very hidden files, which restore the active mal-actor on
reboot, do not involve SR in any way.

This conversation raises an interesting issue, however.
I suspect only Mike M may know the answer:

Are there any non-MS, non-SR tools which could detect a potential virus in
one of the two SR file types, the *.CPY or the *.CAB files, and restore
(decompress) them to an active agent?
If so, I am not aware of any. That doesn't mean that some bad actor could
not invent or usurp some.

What about it, Mike?

However, Zee, your described situation does not necessarily implicate any SR
infected files in the virus restoration axis, IMO.
It is more likely consistent with my "tickler file", aka, Noel's
"memory-resident checker" file.
--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/secu...t/default.aspx
Your cooperation is very appreciated.
------
"oops!!" wrote in message
...

I have no problems admitting my ignorance of how that malware works.

However I do not ignore the steps necessary to reach the cure in an
effective and predictable way.

Something that many people consider slightly more important.

Zee




"Mike M" wrote in message
...
Clearly ignorance is showing its head here Noel. Before condemning
system
restore Zee ought to learn a little about viruses and the mechanisms
they
use. Until he looks at the problem logically, something he appears to
have failed to do to date, and carefully considers and understands the
consequences to the end user of disabling system restore and then
(accidentally) trashing their system whilst attempting to rid their
system
of malware there is little point in continuing.
--
Mike Maltby MS-MVP



Noel Paton wrote:

That is pure bull - the fact is that there is a memory-resident
checker present, which reinstalls the infection on the
shutdown/restart cycle - it has NOTHING WHATEVER to do with System
Restore, unless you actually use SR to restore the system.

Are there any non-MS, non-SR tools which could detect a potential
virus in one of the two SR file types, the *.CPY or the *.CAB files,
and restore (decompress) them to an active agent?

Tools, yes, there is nothing to stop one hunting through CAB and CPY files
to find a file you want and then copying it elsewhere and renaming it and
installing it. As for this being part of the actions of any current virus
no, but then again what would be the point? The system would already have
to be actively infected (that is the virus not dormant in the archive) for
the malicious file to be running to perform such an action.
--
Mike Maltby MS-MVP



Jack E Martinelli wrote:

In this immediate case, I agree with Noel.
His "memory-resident checker" is what I called my "tickler file".
These possibly very hidden files, which restore the active mal-actor
on reboot, do not involve SR in any way.

This conversation raises an interesting issue, however.
I suspect only Mike M may know the answer:

Are there any non-MS, non-SR tools which could detect a potential
virus in one of the two SR file types, the *.CPY or the *.CAB files,
and restore (decompress) them to an active agent?
If so, I am not aware of any. That doesn't mean that some bad actor
could not invent or usurp some.

What about it, Mike?

However, Zee, your described situation does not necessarily implicate
any SR infected files in the virus restoration axis, IMO.
It is more likely consistent with my "tickler file", aka, Noel's
"memory-resident checker" file.