If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
On Wed, 6 Apr 2005 15:41:02 -0700, MAP wrote:
Another thing to remember and I see it all of the time in this newsgroup is that on occasion the folder that keeps these checkpoints gets corrupted and none of the restore points work,oh ya they are listed but a restore is a no go. It is best when you are doing your regular system maintenance(and have no problems) to shut off system restore and reboot then turn it back on and create a new checkpoint ,this will delete all restore points as well as any corruption. That's worth keeping in mind, but so far whenever I've had to restore, I've had no trouble. Maybe luck, or maybe just learned to avoid the majority of troubles. Like this restore stuff. Lots of what I've heard in this thread is worth keeping. -- more pix @ http://members.toast.net/cbminfo/index.html |
Ads |
#17
|
|||
|
|||
On Wed, 6 Apr 2005 16:27:03 -0700, MAP wrote:
It is best when you are doing your regular system maintenance(and have no problems) to shut off system restore and reboot then turn it back on and create a new checkpoint ,this will delete all restore points as well as any corruption. But I wouldn't do this unless there's a problem. Corruption does happen occasionally, but not often. But Ken,how do you know their is a problem unless you try to use SR and it doesn't work,but then it is too late. If you have as many points [system managed] as I do, you can do like I did when I 1st started with XP and keep restoring all the way back to the 1st one until you hit one that isn't corrupted. Course once you've gone all the way back to the last restore point accessible, you could have saved time by just reinstalling the OS. -- more pix @ http://members.toast.net/cbminfo/index.html |
#18
|
|||
|
|||
Unfortunately you don't know when the corruption occurs, unless or
course a virus scan shows an infection within the System Volume Information folder. One could also suspect restore point corruption on a system found to contain malware/spyware. To test system restore, create a restore point and immediately restore to it. -- Regards, Bert Kinney MS-MVP Shell/User http://dts-l.org/ MAP wrote: It is best when you are doing your regular system maintenance(and have no problems) to shut off system restore and reboot then turn it back on and create a new checkpoint ,this will delete all restore points as well as any corruption. But I wouldn't do this unless there's a problem. Corruption does happen occasionally, but not often. But Ken,how do you know their is a problem unless you try to use SR and it doesn't work,but then it is too late. |
#19
|
|||
|
|||
On Wed, 6 Apr 2005 18:48:37 -0400, "Bert Kinney" wrote:
Restoring to a point prior to the virus probably will not work. All restore points are linked together and rely on each other. When a restore point is used all the restore points newer than it are required to perform the restore. So a date prior to the virus would have to use the restore point containing the virus to perform the restore.. Two thing could happen, the virus would be reactivated, or the restore point would fail do to corruption of the restore point by the virus. See a prior reply about this. -- more pix @ http://members.toast.net/cbminfo/index.html |
#20
|
|||
|
|||
"Bert Kinney" wrote: Hi Husky, By default System Restore stores 90 day worth of restore points. Download the XPSystemRestoreLife.vbs script and run it. It will show how many days it is set to (at the top of the dialog box) and allow it to be changed. System Restore Scripts http://home.earthlink.net/~mvp_bert/...srscripts.html If in fact the virus is hiding in one of the restore point folders it can be removed purging all the restore points. This can be done by disabling SR or by running Disk Cleanup. How to Disable and Enable System Restore http://home.earthlink.net/~mvp_bert/html/disablesr.html Restoring to a point prior to the virus probably will not work. All restore points are linked together and rely on each other. When a restore point is used all the restore points newer than it are required to perform the restore. So a date prior to the virus would have to use the restore point containing the virus to perform the restore.. Two thing could happen, the virus would be reactivated, or the restore point would fail do to corruption of the restore point by the virus. Hope this helps explain it. -- Regards, Bert Kinney MS-MVP Shell/User http://dts-l.org/ Hi Bert, I learned something new today :-) I didn't know that the restore points were linked together with the newer ones, Thank's |
#21
|
|||
|
|||
In ,
MAP typed: It is best when you are doing your regular system maintenance(and have no problems) to shut off system restore and reboot then turn it back on and create a new checkpoint ,this will delete all restore points as well as any corruption. But I wouldn't do this unless there's a problem. Corruption does happen occasionally, but not often. But Ken,how do you know their is a problem unless you try to use SR and it doesn't work,but then it is too late. Yes, but on the other hand if you do it preemptively when you don't need to, you may delete a restore point that it later turns out you needed. Since corruption is relatively rare (although it *does* occur too often) I'd much rather keep the restore points that exist, so they are there *if* you need them. If you do it your way, you're substantially increasing the risk that you won't have the restore point you need. -- Ken Blake - Microsoft MVP Windows: Shell/User Please reply to the newsgroup |
#22
|
|||
|
|||
In ,
Husky typed: On Wed, 6 Apr 2005 14:23:31 -0700, "Ken Blake" wrote: The program designed to use the virus is the virus itself. If it's inside a restore point it can't execute, and can't do any harm unless, as I said, you restore that Resotore Point. I hate to tell you this, but virus are much more sophisticated than you want to believe. ie: One I cleaned weeks ago was nothing more than a html link to a web site. The payload was at the website. The worst offenders now don't do any damage or even let you know they're there. You're thinking kiddie scripts that screw with your OS and annoy at a minimum. It hasn't happened to me yet, but it has to others. Virus, Trojans I'm not going to debate the semantics. Are now opening up your drive space as download space for pirate software, and spam relays to divert the trail from the one using those virus/backdoors. And who knows what's in their bag of tricks now. Being dial up has it's options. Not on long enough or with a fast enough connection to make the backdoor worthwhile. The opinion I've seen on this says dump all the restore points if you get a virus in one of them. Not necessary, as I said, as long as you don't restore that restore point. Makes no sense. If the scan shows a new virus and it's in one of the restore point folders, restoring the system at that point, should bring the virus out in the open where it can be deleted or cleaned. thus retaining all previous restore points. No, you're mistaken. There's no need to restore the Restore Point containing the Virus. Even if you subsequently clean it, you accomplish nothing by doing this. If you have a Restore Point which includes a virus, you can at any time restore to an earlier Restore Point that doesn't include it. The only difficulty is knowing which Restore Points are infected and which are not. Again you miss my point. Restoring the point that includes in the virus would only be done for the purpose of cleaning of the virus. If you restore to a prior point, that'd be a different issue altogether. I'm just talking about points inside restore points. Maybe I'm different, I scan at a minimum weekly. If I were to find one and have it reported as included in a hidden restore point, the next step to me would be to restore that point, It couldn't be much older than a week. And it would seem that it might have actually been created by the virus to hide itself. I'm not going to argue with you any further. I've made my points and you may believe me or not, as you choose. But you have a very mistaken view of what a restore point is. -- Ken Blake - Microsoft MVP Windows: Shell/User Please reply to the newsgroup |
#23
|
|||
|
|||
In ,
MAP typed: Hi Bert, I learned something new today :-) I didn't know that the restore points were linked together with the newer ones, Just as an addition to Bert's excellent advice, that's precisely the reason why you can't selectively delete Restore Points. -- Ken Blake - Microsoft MVP Windows: Shell/User Please reply to the newsgroup |
#24
|
|||
|
|||
"Husky" wrote in message ... Just a question in case it does happen. I have maybe 6-7 months of restore points currently and perfectly happy with all of them. But something I've been reading here. If you get a virus there seems to be some sort of opinion to delete all previous restore points if the virus is found inside a protected restore point folder. Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? -- more pix @ http://members.toast.net/cbminfo/index.html If you are curious as to what the restore points actually have in them then go to the System Volume Information folder which store the restore points, I once had to go in and open a restore point to get rid of ALTNET, and a few other executables that were garbage. The best way to do this is in safe mode. I got this info from http://www.theeldergeek.com/system_v...on_folder1.htm Good Luck Jim |
#25
|
|||
|
|||
Hi Jim,
I suspect messing with the files within folders in the System Volume Information folder would cause that restore point to become corrupt, which in turn would cause any prior restore points to become corrupt also. Did you experience different results after making modifications within these folders? -- Regards, Bert Kinney MS-MVP Shell/User http://dts-l.org/ Jim Donovan wrote: "Husky" wrote Just a question in case it does happen. I have maybe 6-7 months of restore points currently and perfectly happy with all of them. But something I've been reading here. If you get a virus there seems to be some sort of opinion to delete all previous restore points if the virus is found inside a protected restore point folder. Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? -- more pix @ http://members.toast.net/cbminfo/index.html If you are curious as to what the restore points actually have in them then go to the System Volume Information folder which store the restore points, I once had to go in and open a restore point to get rid of ALTNET, and a few other executables that were garbage. The best way to do this is in safe mode. I got this info from http://www.theeldergeek.com/system_v...on_folder1.htm Good Luck Jim |
#26
|
|||
|
|||
"Bert Kinney" wrote in message ... Hi Jim, I suspect messing with the files within folders in the System Volume Information folder would cause that restore point to become corrupt, which in turn would cause any prior restore points to become corrupt also. Did you experience different results after making modifications within these folders? -- Regards, Bert Kinney MS-MVP Shell/User http://dts-l.org/ Jim Donovan wrote: "Husky" wrote Just a question in case it does happen. I have maybe 6-7 months of restore points currently and perfectly happy with all of them. But something I've been reading here. If you get a virus there seems to be some sort of opinion to delete all previous restore points if the virus is found inside a protected restore point folder. Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? -- more pix @ http://members.toast.net/cbminfo/index.html If you are curious as to what the restore points actually have in them then go to the System Volume Information folder which store the restore points, I once had to go in and open a restore point to get rid of ALTNET, and a few other executables that were garbage. The best way to do this is in safe mode. I got this info from http://www.theeldergeek.com/system_v...on_folder1.htm Good Luck Jim Hello Bert This all started out because SpyBot S & D and Microsoft Beta could not remove the ALTNET registry key, and each time I tried an earlier restore point I would still get this problem, because it was resident in the restore points, so to clean this I had to delete the restore points(through the System Restore function) go into safe mode and reclaim the permissions for the registry and manually delete the keys, but to answer your question I am not sure if deleting an .exe file in the restore point would corrupt the file, I am not familiar with restore points being linked with each other, so to me a simple deletion of the .exe should be okay or so I think, it would be an interesting experiment though to activley delete files in the restore point and then do a restore to that point, you can always reverse the restore I guess if some of the files deleted interferred with the operation of an application. Jim |
#27
|
|||
|
|||
On Wed, 6 Apr 2005 20:16:32 -0400, "Bert Kinney" wrote:
Unfortunately you don't know when the corruption occurs, unless or course a virus scan shows an infection within the System Volume Information folder. One could also suspect restore point corruption on a system found to contain malware/spyware. To test system restore, create a restore point and immediately restore to it. That wouldn't tell you a thing. I'm under the impression corruption being referred to here is data corruption on the HD. That's happened several times with instant power failures while writing to the HD. Stuff like that can't be planned for or avoided without a battery power supply. And then it might corrupt the restore points, only if that were the process being written. -- more pix @ http://members.toast.net/cbminfo/index.html |
#28
|
|||
|
|||
Ken Blake wrote:
In , Husky typed: On Wed, 6 Apr 2005 14:23:31 -0700, "Ken Blake" wrote: The program designed to use the virus is the virus itself. If it's inside a restore point it can't execute, and can't do any harm unless, as I said, you restore that Resotore Point. I hate to tell you this, but virus are much more sophisticated than you want to believe. ie: One I cleaned weeks ago was nothing more than a html link to a web site. The payload was at the website. The worst offenders now don't do any damage or even let you know they're there. You're thinking kiddie scripts that screw with your OS and annoy at a minimum. It hasn't happened to me yet, but it has to others. Virus, Trojans I'm not going to debate the semantics. Are now opening up your drive space as download space for pirate software, and spam relays to divert the trail from the one using those virus/backdoors. And who knows what's in their bag of tricks now. Being dial up has it's options. Not on long enough or with a fast enough connection to make the backdoor worthwhile. The opinion I've seen on this says dump all the restore points if you get a virus in one of them. Not necessary, as I said, as long as you don't restore that restore point. Makes no sense. If the scan shows a new virus and it's in one of the restore point folders, restoring the system at that point, should bring the virus out in the open where it can be deleted or cleaned. thus retaining all previous restore points. No, you're mistaken. There's no need to restore the Restore Point containing the Virus. Even if you subsequently clean it, you accomplish nothing by doing this. If you have a Restore Point which includes a virus, you can at any time restore to an earlier Restore Point that doesn't include it. The only difficulty is knowing which Restore Points are infected and which are not. Again you miss my point. Restoring the point that includes in the virus would only be done for the purpose of cleaning of the virus. If you restore to a prior point, that'd be a different issue altogether. I'm just talking about points inside restore points. Maybe I'm different, I scan at a minimum weekly. If I were to find one and have it reported as included in a hidden restore point, the next step to me would be to restore that point, It couldn't be much older than a week. And it would seem that it might have actually been created by the virus to hide itself. I'm not going to argue with you any further. I've made my points and you may believe me or not, as you choose. But you have a very mistaken view of what a restore point is. Ken, Never argue with an idiot. They bring you down to their level then beat you with experience... ;o) eg -- In memory of MS MVP Alex Nichol: http://www.dts-l.org/ |
#29
|
|||
|
|||
Thanks for the information Jim.
-- Regards, Bert Kinney MS-MVP Shell/User http://dts-l.org/ Jim Donovan wrote: "Bert Kinney" wrote Hi Jim, I suspect messing with the files within folders in the System Volume Information folder would cause that restore point to become corrupt, which in turn would cause any prior restore points to become corrupt also. Did you experience different results after making modifications within these folders? -- Regards, Bert Kinney MS-MVP Shell/User http://dts-l.org/ Jim Donovan wrote: "Husky" wrote Just a question in case it does happen. I have maybe 6-7 months of restore points currently and perfectly happy with all of them. But something I've been reading here. If you get a virus there seems to be some sort of opinion to delete all previous restore points if the virus is found inside a protected restore point folder. Wouldn't it make more sense that when you find a virus, if there's any doubt to whether it was cleaned or not, to restore the system one restore point prior to the virus ? -- more pix @ http://members.toast.net/cbminfo/index.html If you are curious as to what the restore points actually have in them then go to the System Volume Information folder which store the restore points, I once had to go in and open a restore point to get rid of ALTNET, and a few other executables that were garbage. The best way to do this is in safe mode. I got this info from http://www.theeldergeek.com/system_v...on_folder1.htm Good Luck Jim Hello Bert This all started out because SpyBot S & D and Microsoft Beta could not remove the ALTNET registry key, and each time I tried an earlier restore point I would still get this problem, because it was resident in the restore points, so to clean this I had to delete the restore points(through the System Restore function) go into safe mode and reclaim the permissions for the registry and manually delete the keys, but to answer your question I am not sure if deleting an .exe file in the restore point would corrupt the file, I am not familiar with restore points being linked with each other, so to me a simple deletion of the .exe should be okay or so I think, it would be an interesting experiment though to activley delete files in the restore point and then do a restore to that point, you can always reverse the restore I guess if some of the files deleted interferred with the operation of an application. Jim |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
When does System Restore refuse to put Restore Point down? | Lev | Performance and Maintainance of XP | 31 | September 14th 05 03:08 PM |
System Restore Points not available | Esmeralda | General XP issues or comments | 26 | May 4th 05 04:23 AM |
File Sharing & Properties wizard will not display | Mr Mike | Windows XP Help and Support | 5 | March 30th 05 02:03 PM |
When does System Restore refuse to put Restore Point down? | Edward W. Thompson | Windows XP Help and Support | 0 | February 24th 05 06:46 AM |
About system restore | George | The Basics | 1 | July 26th 04 09:41 AM |