If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
System Restore
Seem to notice that alot of spyware seems to attach themselves in this list
.... C:\_restore\temp. Is there a way to right protect this item and then complete a system restore manually. Would this reduce this type of behavior? |
#2
|
|||
|
|||
"You mention the problem of archived infected files. SR has no knowledge as
to the purpose of any archived file or whether it is "malware" (copyright CQuirke) or not and treats all files the same. This means that it is possible to restore to an infected state if the system was infected when the checkpoint being created. If however the system became infected or malware arrived after the last checkpoint was created and this infection was immediately deleted the infected files will not be restored on rolling back to the checkpoint even though copies of the infected files may be in the _restore\temp folder. If however the system was infected at the time the checkpoint was created, then yes, any subsequently deleted infected file will be restored. See MS KB Q263455 - "Anti-Virus Tools Cannot Clean Infected Files in the _Restore Folder" (http://support.microsoft.com/support.../Q263/4/55.ASP). Mike Maltby MS MVP ----- -- Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS Help us help you: http://www.dts-L.org/goodpost.htm http://www.microsoft.com/athome/secu...t/default.aspx In Memorium: Alex Nichol http://www.microsoft.com/windowsxp/e...ts/nichol.mspx Your cooperation is very appreciated. ------ "Sean" wrote in message ... Seem to notice that alot of spyware seems to attach themselves in this list ... C:\_restore\temp. Is there a way to right protect this item and then complete a system restore manually. Would this reduce this type of behavior? |
#3
|
|||
|
|||
So... rather than having this System Restore complete automatically.
Is there a procedure I can complete manually to ensure that this does not happen? |
#4
|
|||
|
|||
Sean,
A good place to start would be by reading and learning a bit about system restore. What you are talking about isn't a problem, doesn't cause problems and cannot be prevented. The solution is to flush the restore archive but this should only be done once the system is clean and after all traces of the malware have been removed other than for the restore archive. -- http://www.microsoft.com/windowsxp/e...ts/nichol.mspx In memory of a very dear friend, Windows MVP Alex Nichol Mike Maltby MS-MVP Sean wrote: So... rather than having this System Restore complete automatically. Is there a procedure I can complete manually to ensure that this does not happen? |
#5
|
|||
|
|||
Well heres my dilemma.
When I purchase McAfee Virus Scan. Im told that I have to run this in safe mode. Then it identifies and cleans two files that it located, however, the issue persists as now they have been loated in _restore\temp. When the scan located them there it couldnt delete, quarantine, or clean files. Be easier to flush the system if the system could be better protected, no? |
#6
|
|||
|
|||
Dilemma? What don't you understand in both Jack and my posts and the KB
article to which Jack referred you? May I repeat: "The solution is to flush the restore archive but this should only be done once the system is clean and after all traces of the malware have been removed other than for the restore archive." to which I should have added "and the system is working correctly including being able to connect to the net" Be easier to flush the system if the system could be better protected, no? I'm sorry but do have to ask, did you read the previous posts? -- http://www.microsoft.com/windowsxp/e...ts/nichol.mspx In memory of a very dear friend, Windows MVP Alex Nichol Mike Maltby MS-MVP Sean wrote: Well heres my dilemma. When I purchase McAfee Virus Scan. Im told that I have to run this in safe mode. Then it identifies and cleans two files that it located, however, the issue persists as now they have been loated in _restore\temp. When the scan located them there it couldnt delete, quarantine, or clean files. Be easier to flush the system if the system could be better protected, no? |
#7
|
|||
|
|||
This is what Im saying Mike, you shouldnt have to flush this archive if it
was better protected! |
#8
|
|||
|
|||
Once again may I suggest you read a little about system restore as it
should help you understand how it works. What exactly is it that you think should be protected and from what? That system restore should protect itself from accessing its own archive? The system restore archive structure is well protected and the entire contents harmless whilst in that location. -- http://www.microsoft.com/windowsxp/e...ts/nichol.mspx In memory of a very dear friend, Windows MVP Alex Nichol Mike Maltby MS-MVP Sean wrote: This is what Im saying Mike, you shouldnt have to flush this archive if it was better protected! |
#9
|
|||
|
|||
Mike, heres my position.
I complete a virus scan in safe mode with system restore disabled and no hidden files. The first attempt indicates that it cleaned the files, however, the problem still persisted and completed another scan. This time the path showed the two viruses in C:\_restore\temp.....cpy. Now, Ive scanned using McAfee, Panda, Ad-aware, Spybot, CW Shredder, Stinger, HiJack this, Symantecs online scan ......Ive gone through the registry. Having a little difficulty understanding how these files got into this area. I like System Restore, although, what I originally asked was if the restore can be write protected, "For Example, Mike", and manually complete a restore point. Then at a particular time complete scans and create a restore point. |
#10
|
|||
|
|||
If you've disabled System Restore and there's still .CPY files present, then
you disabled it in an incorrect manner. Note that you MUST reboot IMMEDIATELY after disabling System Restore if this is to work properly. You will now have to manually clear the Restore archive.... Boot to DOS, using your Startup Disk (if you don't have one and can't make one from Start | Add/Remove Programs, then download a diskmaker from www.bootdisk.com, and create the floppy by running the file) At the A:\ prompt, type the following commands (followed by [return]) ATTRIB -S -R -H C:\_RESTORE REN C:\_RESTORE OLDREST When the A:\ prompt returns, remove the floppy, and reboot the PC. The Control Files will be rebuilt, and a Restore point should be created. Then delete the C:\OLDREST folder, and reboot again. Finally adjust the space allocated to the restore folder -- Noel Paton (MS-MVP 2002-2005, Windows) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm In fond memory of one of life's Gentlemen - Alex Nichol http://www.aumha.org/alex.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "Sean" wrote in message ... Mike, heres my position. I complete a virus scan in safe mode with system restore disabled and no hidden files. The first attempt indicates that it cleaned the files, however, the problem still persisted and completed another scan. This time the path showed the two viruses in C:\_restore\temp.....cpy. Now, Ive scanned using McAfee, Panda, Ad-aware, Spybot, CW Shredder, Stinger, HiJack this, Symantecs online scan ......Ive gone through the registry. Having a little difficulty understanding how these files got into this area. I like System Restore, although, what I originally asked was if the restore can be write protected, "For Example, Mike", and manually complete a restore point. Then at a particular time complete scans and create a restore point. |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
System Restore | L M | General | 1 | March 8th 05 10:55 PM |
Boy am I screwed | Beau | New Users | 13 | December 12th 04 10:33 PM |
System Restore | [email protected] | New Users | 0 | June 19th 04 07:07 PM |
System Restore Dates | Jan | Software & Applications | 4 | June 13th 04 12:04 AM |
system restore | Sean | Software & Applications | 8 | June 3rd 04 04:32 AM |