If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
system restore & virus
Just a question in case it does happen. I have maybe 6-7 months of restore
points currently and perfectly happy with all of them. But something I've been reading here. If you get a virus there seems to be some sort of opinion to delete all previous restore points if the virus is found inside a protected restore point folder. Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? -- more pix @ http://members.toast.net/cbminfo/index.html |
Ads |
#2
|
|||
|
|||
XP does not keep restore points older than 90 days (and for good reason.)
Modem Ani "Husky" wrote in message ... Just a question in case it does happen. I have maybe 6-7 months of restore points currently and perfectly happy with all of them. But something I've been reading here. If you get a virus there seems to be some sort of opinion to delete all previous restore points if the virus is found inside a protected restore point folder. Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? -- more pix @ http://members.toast.net/cbminfo/index.html |
#3
|
|||
|
|||
On Wed, 6 Apr 2005 11:24:48 -0400, "Modem Ani"
wrote: XP does not keep restore points older than 90 days (and for good reason.) You'll have to take that up with M$. I have restore points all the way back to 6 November. 6 months back. Maybe it has more to do with available disc space, than dates. Modem Ani "Husky" wrote in message .. . Just a question in case it does happen. I have maybe 6-7 months of restore points currently and perfectly happy with all of them. But something I've been reading here. If you get a virus there seems to be some sort of opinion to delete all previous restore points if the virus is found inside a protected restore point folder. Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? -- more pix @ http://members.toast.net/cbminfo/index.html -- more pix @ http://members.toast.net/cbminfo/index.html |
#4
|
|||
|
|||
By default, System Restore purges restore points older than 90 days.
Depending on how much your system has changed, it would be unwise to restore a restore point as recent as one day. Could you be confusing System Restore with backing up? Modem Ani "Husky" wrote in message ... On Wed, 6 Apr 2005 11:24:48 -0400, "Modem Ani" wrote: XP does not keep restore points older than 90 days (and for good reason.) You'll have to take that up with M$. I have restore points all the way back to 6 November. 6 months back. Maybe it has more to do with available disc space, than dates. Modem Ani "Husky" wrote in message .. . Just a question in case it does happen. I have maybe 6-7 months of restore points currently and perfectly happy with all of them. But something I've been reading here. If you get a virus there seems to be some sort of opinion to delete all previous restore points if the virus is found inside a protected restore point folder. Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? -- more pix @ http://members.toast.net/cbminfo/index.html -- more pix @ http://members.toast.net/cbminfo/index.html |
#5
|
|||
|
|||
In ,
Husky typed: Just a question in case it does happen. I have maybe 6-7 months of restore points currently and perfectly happy with all of them. You're mistaken. Restore points can not go back further than 90 days. Where are you seeing these 6-7 months of Restore Points? But something I've been reading here. If you get a virus there seems to be some sort of opinion to delete all previous restore points if the virus is found inside a protected restore point folder. No, whether you have a virus or not, there's no option to selectively delete Restore Points. You can delete them all or you can delete them all but the last one. Those are your only choices. Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? As I said, that's not a option. Also realize that a virus inside a restore point is completely harmless. It can do no harm unless you restore that Restore Point. -- Ken Blake - Microsoft MVP Windows: Shell/User Please reply to the newsgroup |
#6
|
|||
|
|||
On Wed, 6 Apr 2005 10:52:28 -0700, "Ken Blake"
wrote: start/accessories/system tools/system restore welcome to system restore, would you like to create a restore point, restore to a previous date. etc.. Maybe it doesn't do that with XP home. In , Husky typed: Just a question in case it does happen. I have maybe 6-7 months of restore points currently and perfectly happy with all of them. You're mistaken. Restore points can not go back further than 90 days. Where are you seeing these 6-7 months of Restore Points? But something I've been reading here. If you get a virus there seems to be some sort of opinion to delete all previous restore points if the virus is found inside a protected restore point folder. No, whether you have a virus or not, there's no option to selectively delete Restore Points. You can delete them all or you can delete them all but the last one. Those are your only choices. Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? As I said, that's not a option. Also realize that a virus inside a restore point is completely harmless. It can do no harm unless you restore that Restore Point. -- more pix @ http://members.toast.net/cbminfo/index.html |
#7
|
|||
|
|||
On Wed, 06 Apr 2005 12:03:23 -0400, Husky wrote:
help : The actual number of saved restore points depends on how much activity there has been on your computer, the size of your hard disk help : (or the partition that contains your Windows XP Professional folder), and how much disk space has been allocated on your computer to help : store System Restore information. See To change System Restore settings. help : When it says one to three weeks of restore points, that might mean up to 90 restore points not 90 days. Actually I don't even see how you get 90 out of three weeks. That's 21 at best. then again it could also be based on drive space as I said earlier. I allowed it to use as much space as it wanted. If you aren't installing new software every single day, there's little need for the OS to create a restore point. Thus the 6 months back on my restore points. Now back to the subject. Is there any reason to dump all the restore points if you get a virus inside one of the protected folders ? And why does my virus program work and others don't ? On Wed, 6 Apr 2005 11:24:48 -0400, "Modem Ani" wrote: XP does not keep restore points older than 90 days (and for good reason.) You'll have to take that up with M$. I have restore points all the way back to 6 November. 6 months back. Maybe it has more to do with available disc space, than dates. Modem Ani "Husky" wrote in message . .. Just a question in case it does happen. I have maybe 6-7 months of restore points currently and perfectly happy with all of them. But something I've been reading here. If you get a virus there seems to be some sort of opinion to delete all previous restore points if the virus is found inside a protected restore point folder. Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? -- more pix @ http://members.toast.net/cbminfo/index.html -- more pix @ http://members.toast.net/cbminfo/index.html |
#8
|
|||
|
|||
On Wed, 6 Apr 2005 10:52:28 -0700, "Ken Blake"
wrote: Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? As I said, that's not a option. Of course it is. that's the reason it makes so many restore points. You can pick any restore point listed, and restore the machine to that point. It can be the 1st point ever made, or the one made last, or any one in between. Also realize that a virus inside a restore point is completely harmless. It can do no harm unless you restore that Restore Point. I would guess if a virus program can find it inside a restore point, that the program designed to use the virus can also find it to use it. The opinion I've seen on this says dump all the restore points if you get a virus in one of them. Makes no sense. If the scan shows a new virus and it's in one of the restore point folders, restoring the system at that point, should bring the virus out in the open where it can be deleted or cleaned. thus retaining all previous restore points. -- more pix @ http://members.toast.net/cbminfo/index.html |
#9
|
|||
|
|||
In ,
Husky typed: On Wed, 6 Apr 2005 10:52:28 -0700, "Ken Blake" wrote: Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? As I said, that's not a option. Of course it is. that's the reason it makes so many restore points. You can pick any restore point listed, and restore the machine to that point. Yes, you're right of course. Sorry, I somehow managed to misread that as thinking you wanted to selectively *delete* a Restore Point, not restore one. It can be the 1st point ever made, or the one made last, or any one in between. No, it can only be one of the restore points that still exist. If you've been using the system for a while, it's highly unlikely that the first Restore Point ever made still exists. Restore Points are kept subject to two limitations: 1. The amount of disk space allocated to them. When that space is used, older Restore Points are deleted to make room for newer ones. 2. By default, there's a maximum of 90 days for keeping any Restore Point. That default can be changed by modifying the registry entry RPLifeInterval Also realize that a virus inside a restore point is completely harmless. It can do no harm unless you restore that Restore Point. I would guess if a virus program can find it inside a restore point, that the program designed to use the virus can also find it to use it. The program designed to use the virus is the virus itself. If it's inside a restore point it can't execute, and can't do any harm unless, as I said, you restore that Resotore Point. The opinion I've seen on this says dump all the restore points if you get a virus in one of them. Not necessary, as I said, as long as you don't restore that restore point. Makes no sense. If the scan shows a new virus and it's in one of the restore point folders, restoring the system at that point, should bring the virus out in the open where it can be deleted or cleaned. thus retaining all previous restore points. No, you're mistaken. There's no need to restore the Restore Point containing the Virus. Even if you subsequently clean it, you accomplish nothing by doing this. If you have a Restore Point which includes a virus, you can at any time restore to an earlier Restore Point that doesn't include it. The only difficulty is knowing which Restore Points are infected and which are not. -- Ken Blake - Microsoft MVP Windows: Shell/User Please reply to the newsgroup |
#10
|
|||
|
|||
_________In response to________
"Husky" wrote in message = ... |=20 | And why does my virus program work and others don't ? |=20 How the 'ell is anyone supposed to answer that? =20 What virus program do (did) you write? --=20 Just my 2=A2 worth, Jeff |
#11
|
|||
|
|||
"Husky" wrote: Just a question in case it does happen. I have maybe 6-7 months of restore points currently and perfectly happy with all of them. But something I've been reading here. If you get a virus there seems to be some sort of opinion to delete all previous restore points if the virus is found inside a protected restore point folder. Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? -- more pix @ http://members.toast.net/cbminfo/index.html Ken Blake has answered your ? about restore points and viruses so I won't go there,but here is my 2 cents on system restore. There is no reason to have more than a few checkpoints saved, if you are having problems you would restore to the closest point like maybe yesterday,keeping 90 days worth is pointless and it wastes hard drive space. Another thing to remember and I see it all of the time in this newsgroup is that on occasion the folder that keeps these checkpoints gets corrupted and none of the restore points work,oh ya they are listed but a restore is a no go. It is best when you are doing your regular system maintenance(and have no problems) to shut off system restore and reboot then turn it back on and create a new checkpoint ,this will delete all restore points as well as any corruption. |
#12
|
|||
|
|||
Hi Husky,
By default System Restore stores 90 day worth of restore points. Download the XPSystemRestoreLife.vbs script and run it. It will show how many days it is set to (at the top of the dialog box) and allow it to be changed. System Restore Scripts http://home.earthlink.net/~mvp_bert/...srscripts.html If in fact the virus is hiding in one of the restore point folders it can be removed purging all the restore points. This can be done by disabling SR or by running Disk Cleanup. How to Disable and Enable System Restore http://home.earthlink.net/~mvp_bert/html/disablesr.html Restoring to a point prior to the virus probably will not work. All restore points are linked together and rely on each other. When a restore point is used all the restore points newer than it are required to perform the restore. So a date prior to the virus would have to use the restore point containing the virus to perform the restore.. Two thing could happen, the virus would be reactivated, or the restore point would fail do to corruption of the restore point by the virus. Hope this helps explain it. -- Regards, Bert Kinney MS-MVP Shell/User http://dts-l.org/ Husky wrote: Just a question in case it does happen. I have maybe 6-7 months of restore points currently and perfectly happy with all of them. But something I've been reading here. If you get a virus there seems to be some sort of opinion to delete all previous restore points if the virus is found inside a protected restore point folder. Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? |
#13
|
|||
|
|||
In ,
MAP typed: Ken Blake has answered your ? about restore points and viruses so I won't go there,but here is my 2 cents on system restore. There is no reason to have more than a few checkpoints saved, if you are having problems you would restore to the closest point like maybe yesterday,keeping 90 days worth is pointless and it wastes hard drive space. I completely agree. Limiting restore points to two weeks or so is normally sufficient. Another thing to remember and I see it all of the time in this newsgroup is that on occasion the folder that keeps these checkpoints gets corrupted and none of the restore points work, Unfortunately this sometimes happens. oh ya they are listed but a restore is a no go. It is best when you are doing your regular system maintenance(and have no problems) to shut off system restore and reboot then turn it back on and create a new checkpoint ,this will delete all restore points as well as any corruption. But I wouldn't do this unless there's a problem. Corruption does happen occasionally, but not often. -- Ken Blake - Microsoft MVP Windows: Shell/User Please reply to the newsgroup |
#14
|
|||
|
|||
It is best when you are doing your regular system maintenance(and have no problems) to shut off system restore and reboot then turn it back on and create a new checkpoint ,this will delete all restore points as well as any corruption. But I wouldn't do this unless there's a problem. Corruption does happen occasionally, but not often. But Ken,how do you know their is a problem unless you try to use SR and it doesn't work,but then it is too late. |
#15
|
|||
|
|||
On Wed, 6 Apr 2005 14:23:31 -0700, "Ken Blake"
wrote: The program designed to use the virus is the virus itself. If it's inside a restore point it can't execute, and can't do any harm unless, as I said, you restore that Resotore Point. I hate to tell you this, but virus are much more sophisticated than you want to believe. ie: One I cleaned weeks ago was nothing more than a html link to a web site. The payload was at the website. The worst offenders now don't do any damage or even let you know they're there. You're thinking kiddie scripts that screw with your OS and annoy at a minimum. It hasn't happened to me yet, but it has to others. Virus, Trojans I'm not going to debate the semantics. Are now opening up your drive space as download space for pirate software, and spam relays to divert the trail from the one using those virus/backdoors. And who knows what's in their bag of tricks now. Being dial up has it's options. Not on long enough or with a fast enough connection to make the backdoor worthwhile. The opinion I've seen on this says dump all the restore points if you get a virus in one of them. Not necessary, as I said, as long as you don't restore that restore point. Makes no sense. If the scan shows a new virus and it's in one of the restore point folders, restoring the system at that point, should bring the virus out in the open where it can be deleted or cleaned. thus retaining all previous restore points. No, you're mistaken. There's no need to restore the Restore Point containing the Virus. Even if you subsequently clean it, you accomplish nothing by doing this. If you have a Restore Point which includes a virus, you can at any time restore to an earlier Restore Point that doesn't include it. The only difficulty is knowing which Restore Points are infected and which are not. Again you miss my point. Restoring the point that includes in the virus would only be done for the purpose of cleaning of the virus. If you restore to a prior point, that'd be a different issue altogether. I'm just talking about points inside restore points. Maybe I'm different, I scan at a minimum weekly. If I were to find one and have it reported as included in a hidden restore point, the next step to me would be to restore that point, It couldn't be much older than a week. And it would seem that it might have actually been created by the virus to hide itself. Then with it accessible I'd run the scan again and delete it. Preserving any previous restore points and making sure any future restore points are clean. But as long as that virus lives inside a point, restoring to any point prior to it, would release it, and compromise the machine. I've restored all the way back to square one at one time. All points after it disappeared when I did that. Telling me that the points only update changed stuff. -- more pix @ http://members.toast.net/cbminfo/index.html |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
When does System Restore refuse to put Restore Point down? | Lev | Performance and Maintainance of XP | 31 | September 14th 05 03:08 PM |
System Restore Points not available | Esmeralda | General XP issues or comments | 26 | May 4th 05 04:23 AM |
File Sharing & Properties wizard will not display | Mr Mike | Windows XP Help and Support | 5 | March 30th 05 02:03 PM |
When does System Restore refuse to put Restore Point down? | Edward W. Thompson | Windows XP Help and Support | 0 | February 24th 05 06:46 AM |
About system restore | George | The Basics | 1 | July 26th 04 09:41 AM |